[dconf-editor/maintainer-only-3-30] Fix bugs allowing to open bad paths.



commit 46c6fb201a220e8f97c36f58a85b29f76599f0e6
Author: Arnaud Bonatti <arnaud bonatti gmail com>
Date:   Mon Sep 24 11:51:22 2018 +0200

    Fix bugs allowing to open bad paths.

 editor/bookmarks.vala       |  8 ++++++++
 editor/dconf-editor.vala    | 12 ++++++++++++
 editor/dconf-window.vala    |  5 +++++
 editor/registry-search.vala |  3 ++-
 4 files changed, 27 insertions(+), 1 deletion(-)
---
diff --git a/editor/bookmarks.vala b/editor/bookmarks.vala
index bce9cfd..ca82515 100644
--- a/editor/bookmarks.vala
+++ b/editor/bookmarks.vala
@@ -76,6 +76,10 @@ private class Bookmarks : MenuButton
         string [] unduplicated_bookmarks = {};
         foreach (string bookmark in all_bookmarks)
         {
+            if (!bookmark.has_prefix ("/"))
+                continue;
+            if (DConfWindow.is_path_invalid (bookmark))
+                continue;
             if (bookmark in unduplicated_bookmarks)
                 continue;
             unduplicated_bookmarks += bookmark;
@@ -166,6 +170,10 @@ private class Bookmarks : MenuButton
         string [] unduplicated_bookmarks = new string [0];
         foreach (string bookmark in bookmarks)
         {
+            if (!bookmark.has_prefix ("/"))
+                continue;
+            if (DConfWindow.is_path_invalid (bookmark))
+                continue;
             if (bookmark in unduplicated_bookmarks)
                 continue;
             unduplicated_bookmarks += bookmark;
diff --git a/editor/dconf-editor.vala b/editor/dconf-editor.vala
index 43fb690..46a2512 100644
--- a/editor/dconf-editor.vala
+++ b/editor/dconf-editor.vala
@@ -354,6 +354,9 @@ private class ConfigurationEditor : Gtk.Application
 
         if (arg0.has_prefix ("/"))
         {
+            if (arg0.contains ("//"))
+                return failure_double_slash (commands);
+
             Gtk.Window window = get_new_window (null, arg0, null);
             if (args.length == 2)
             {
@@ -395,6 +398,8 @@ private class ConfigurationEditor : Gtk.Application
                 simple_activation ();
                 return Posix.EXIT_FAILURE;
             }
+            if (((!) path).contains ("//"))
+                return failure_double_slash (commands);
         }
 
         Gtk.Window window = get_new_window (test_format [0], path, key_name);
@@ -402,6 +407,13 @@ private class ConfigurationEditor : Gtk.Application
         return Posix.EXIT_SUCCESS;
     }
 
+    private int failure_double_slash (ApplicationCommandLine commands)
+    {
+        commands.print ("Cannot understand: given path contains “//”.\n");  // should be translated, but 
nobody cares, so let's not lose time for a freeze break here
+        simple_activation ();
+        return Posix.EXIT_FAILURE;
+    }
+
     private int failure_space (ApplicationCommandLine commands)
     {
         commands.print (_("Cannot understand: space character in argument.\n"));
diff --git a/editor/dconf-window.vala b/editor/dconf-window.vala
index 2984479..8fc2da3 100644
--- a/editor/dconf-window.vala
+++ b/editor/dconf-window.vala
@@ -566,6 +566,11 @@ private class DConfWindow : ApplicationWindow
     * * Path requests
     \*/
 
+    public static bool is_path_invalid (string path)
+    {
+        return path.has_prefix ("/") && path.contains ("//");
+    }
+
     private void request_folder (string full_name, string selected_or_empty = "", bool notify_missing = true)
     {
         string fallback_path = model.get_fallback_path (full_name);
diff --git a/editor/registry-search.vala b/editor/registry-search.vala
index c892705..72d1858 100644
--- a/editor/registry-search.vala
+++ b/editor/registry-search.vala
@@ -147,7 +147,8 @@ private class RegistrySearch : RegistryList
     internal void start_search (string term)
         requires (current_path_if_search_mode != null)
     {
-        if (old_term != null && term == (!) old_term)
+        if ((old_term != null && term == (!) old_term)
+         || DConfWindow.is_path_invalid (term))
         {
             ensure_selection (key_list_box);
             return;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]