[evince/mcatanzaro/#1333] Remove ability to launch actions

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 4ed184ec0bce68713e216d1d859528bc65c43f6e
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Mon Sep 21 10:05:46 2020 -0500

    Remove ability to launch actions
    
    This is basically only ever used by malware. Like PDF JavaScript, it's
    more dangerous than useful. Fixes #1333
    
    Note: this commit assumes that it is OK to break API in libev. This
    currently seems to be true because evince's toplevel meson.build sets
    ev_ap_version to the first component of its version number. That's
    currently 3, but for the next release with the new version scheme it
    will be 40. If having a new API version every release is not desired,
    then that should be changed and this commit reworked to not remove
    public libev APIs.

 backend/pdf/ev-poppler.cc                          |  4 +-
 .../libdocument/libevdocument-sections.txt         |  2 -
 libdocument/ev-link-action.c                       | 47 ----------------
 libdocument/ev-link-action.h                       |  7 +--
 libview/ev-view-presentation.c                     |  2 -
 libview/ev-view.c                                  |  5 --
 shell/ev-window.c                                  | 65 ----------------------
 7 files changed, 4 insertions(+), 128 deletions(-)
---
diff --git a/backend/pdf/ev-poppler.cc b/backend/pdf/ev-poppler.cc
index 551b37a0..6ffc011c 100644
--- a/backend/pdf/ev-poppler.cc
+++ b/backend/pdf/ev-poppler.cc
@@ -1661,8 +1661,8 @@ ev_link_from_action (PdfDocument   *pdf_document,
                }
                        break;
                case POPPLER_ACTION_LAUNCH:
-                       ev_action = ev_link_action_new_launch (action->launch.file_name,
-                                                              action->launch.params);
+                        /* https://gitlab.gnome.org/GNOME/evince/-/issues/1333 */
+                       unimplemented_action = "POPPLER_ACTION_LAUNCH";
                        break;
                case POPPLER_ACTION_URI:
                        ev_action = ev_link_action_new_external_uri (action->uri.uri);
diff --git a/help/reference/libdocument/libevdocument-sections.txt 
b/help/reference/libdocument/libevdocument-sections.txt
index 95b0104c..a382db8f 100644
--- a/help/reference/libdocument/libevdocument-sections.txt
+++ b/help/reference/libdocument/libevdocument-sections.txt
@@ -463,7 +463,6 @@ ev_link_action_get_action_type
 ev_link_action_get_dest
 ev_link_action_get_uri
 ev_link_action_get_filename
-ev_link_action_get_params
 ev_link_action_get_name
 ev_link_action_get_hide_list
 ev_link_action_get_show_list
@@ -472,7 +471,6 @@ ev_link_action_new_layers_state
 ev_link_action_new_dest
 ev_link_action_new_remote
 ev_link_action_new_external_uri
-ev_link_action_new_launch
 ev_link_action_new_named
 <SUBSECTION Standard>
 EV_LINK_ACTION
diff --git a/libdocument/ev-link-action.c b/libdocument/ev-link-action.c
index cbc5d620..d86591ce 100644
--- a/libdocument/ev-link-action.c
+++ b/libdocument/ev-link-action.c
@@ -28,7 +28,6 @@ enum {
        PROP_DEST,
        PROP_URI,
        PROP_FILENAME,
-       PROP_PARAMS,
        PROP_NAME,
        PROP_SHOW_LIST,
        PROP_HIDE_LIST,
@@ -52,7 +51,6 @@ struct _EvLinkActionPrivate {
        EvLinkDest       *dest;
        gchar            *uri;
        gchar            *filename;
-       gchar            *params;
        gchar            *name;
        GList            *show_list;
        GList            *hide_list;
@@ -101,14 +99,6 @@ ev_link_action_get_filename (EvLinkAction *self)
        return self->priv->filename;
 }
 
-const gchar *
-ev_link_action_get_params (EvLinkAction *self)
-{
-       g_return_val_if_fail (EV_IS_LINK_ACTION (self), NULL);
-
-       return self->priv->params;
-}
-
 const gchar *
 ev_link_action_get_name (EvLinkAction *self)
 {
@@ -210,9 +200,6 @@ ev_link_action_get_property (GObject    *object,
                case PROP_FILENAME:
                        g_value_set_string (value, self->priv->filename);
                        break;
-               case PROP_PARAMS:
-                       g_value_set_string (value, self->priv->params);
-                       break;
                case PROP_NAME:
                        g_value_set_string (value, self->priv->name);
                        break;
@@ -262,10 +249,6 @@ ev_link_action_set_property (GObject      *object,
                        g_free (self->priv->filename);
                        self->priv->filename = g_value_dup_string (value);
                        break;
-               case PROP_PARAMS:
-                       g_free (self->priv->params);
-                       self->priv->params = g_value_dup_string (value);
-                       break;
                case PROP_NAME:
                        g_free (self->priv->name);
                        self->priv->name = g_value_dup_string (value);
@@ -312,11 +295,6 @@ ev_link_action_finalize (GObject *object)
                priv->filename = NULL;
        }
 
-       if (priv->params) {
-               g_free (priv->params);
-               priv->params = NULL;
-       }
-
        if (priv->name) {
                g_free (priv->name);
                priv->name = NULL;
@@ -356,7 +334,6 @@ ev_link_action_init (EvLinkAction *ev_link_action)
        ev_link_action->priv->dest = NULL;
        ev_link_action->priv->uri = NULL;
        ev_link_action->priv->filename = NULL;
-       ev_link_action->priv->params = NULL;
        ev_link_action->priv->name = NULL;
        ev_link_action->priv->reset_fields = NULL;
        ev_link_action->priv->exclude_reset_fields = FALSE;
@@ -411,15 +388,6 @@ ev_link_action_class_init (EvLinkActionClass *ev_link_action_class)
                                                              G_PARAM_READWRITE |
                                                              G_PARAM_CONSTRUCT_ONLY |
                                                               G_PARAM_STATIC_STRINGS));
-       g_object_class_install_property (g_object_class,
-                                        PROP_PARAMS,
-                                        g_param_spec_string ("params",
-                                                             "Params",
-                                                             "The link action params",
-                                                             NULL,
-                                                             G_PARAM_READWRITE |
-                                                             G_PARAM_CONSTRUCT_ONLY |
-                                                              G_PARAM_STATIC_STRINGS));
        g_object_class_install_property (g_object_class,
                                         PROP_NAME,
                                         g_param_spec_string ("name",
@@ -501,17 +469,6 @@ ev_link_action_new_external_uri (const gchar *uri)
                                             NULL));
 }
 
-EvLinkAction *
-ev_link_action_new_launch (const gchar *filename,
-                          const gchar *params)
-{
-       return EV_LINK_ACTION (g_object_new (EV_TYPE_LINK_ACTION,
-                                            "filename", filename,
-                                            "params", params,
-                                            "type", EV_LINK_ACTION_TYPE_LAUNCH,
-                                            NULL));
-}
-
 EvLinkAction *
 ev_link_action_new_named (const gchar *name)
 {
@@ -588,10 +545,6 @@ ev_link_action_equal (EvLinkAction *a,
         case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
                 return !g_strcmp0 (a->priv->uri, b->priv->uri);
 
-        case EV_LINK_ACTION_TYPE_LAUNCH:
-                return !g_strcmp0 (a->priv->filename, b->priv->filename) &&
-                        !g_strcmp0 (a->priv->params, b->priv->params);
-
         case EV_LINK_ACTION_TYPE_NAMED:
                 return !g_strcmp0 (a->priv->name, b->priv->name);
 
diff --git a/libdocument/ev-link-action.h b/libdocument/ev-link-action.h
index 4dffeb74..dbe82a54 100644
--- a/libdocument/ev-link-action.h
+++ b/libdocument/ev-link-action.h
@@ -45,12 +45,12 @@ typedef enum {
        EV_LINK_ACTION_TYPE_GOTO_DEST,
        EV_LINK_ACTION_TYPE_GOTO_REMOTE,
        EV_LINK_ACTION_TYPE_EXTERNAL_URI,
-       EV_LINK_ACTION_TYPE_LAUNCH,
        EV_LINK_ACTION_TYPE_NAMED,
        EV_LINK_ACTION_TYPE_LAYERS_STATE,
        EV_LINK_ACTION_TYPE_RESET_FORM
        /* We'll probably fill this in more as we support the other types of
-        * actions */
+        * actions. Note that EV_LINK_ACTION_TYPE_LAUNCH has been removed
+        * as it could be abused and has almost no legitimate uses. */
 } EvLinkActionType;
 
 GType            ev_link_action_get_type                 (void) G_GNUC_CONST;
@@ -59,7 +59,6 @@ EvLinkActionType ev_link_action_get_action_type          (EvLinkAction *self);
 EvLinkDest      *ev_link_action_get_dest                 (EvLinkAction *self);
 const gchar     *ev_link_action_get_uri                  (EvLinkAction *self);
 const gchar     *ev_link_action_get_filename             (EvLinkAction *self);
-const gchar     *ev_link_action_get_params               (EvLinkAction *self);
 const gchar     *ev_link_action_get_name                 (EvLinkAction *self);
 GList           *ev_link_action_get_show_list            (EvLinkAction *self);
 GList           *ev_link_action_get_hide_list            (EvLinkAction *self);
@@ -71,8 +70,6 @@ EvLinkAction    *ev_link_action_new_dest                 (EvLinkDest   *dest);
 EvLinkAction    *ev_link_action_new_remote               (EvLinkDest   *dest,
                                                          const gchar  *filename);
 EvLinkAction    *ev_link_action_new_external_uri         (const gchar  *uri);
-EvLinkAction    *ev_link_action_new_launch               (const gchar  *filename,
-                                                         const gchar  *params);
 EvLinkAction    *ev_link_action_new_named                (const gchar  *name);
 EvLinkAction    *ev_link_action_new_layers_state         (GList        *show_list,
                                                          GList        *hide_list,
diff --git a/libview/ev-view-presentation.c b/libview/ev-view-presentation.c
index 95963592..12c42969 100644
--- a/libview/ev-view-presentation.c
+++ b/libview/ev-view-presentation.c
@@ -809,7 +809,6 @@ ev_view_presentation_link_is_supported (EvViewPresentation *pview,
        case EV_LINK_ACTION_TYPE_NAMED:
         case EV_LINK_ACTION_TYPE_GOTO_REMOTE:
         case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
-        case EV_LINK_ACTION_TYPE_LAUNCH:
                return TRUE;
        default:
                return FALSE;
@@ -903,7 +902,6 @@ ev_vew_presentation_handle_link (EvViewPresentation *pview,
                 break;
         case EV_LINK_ACTION_TYPE_GOTO_REMOTE:
         case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
-        case EV_LINK_ACTION_TYPE_LAUNCH:
                 g_signal_emit (pview, signals[SIGNAL_EXTERNAL_LINK], 0, action);
                 break;
         default:
diff --git a/libview/ev-view.c b/libview/ev-view.c
index e2ca6b5a..a6420af7 100644
--- a/libview/ev-view.c
+++ b/libview/ev-view.c
@@ -2093,7 +2093,6 @@ ev_view_handle_link (EvView *view, EvLink *link)
                        break;
                case EV_LINK_ACTION_TYPE_GOTO_REMOTE:
                case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
-               case EV_LINK_ACTION_TYPE_LAUNCH:
                case EV_LINK_ACTION_TYPE_NAMED:
                case EV_LINK_ACTION_TYPE_RESET_FORM:
                        g_signal_emit (view, signals[SIGNAL_EXTERNAL_LINK], 0, action);
@@ -2161,10 +2160,6 @@ tip_from_link (EvView *view, EvLink *link)
                case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
                        msg = g_strdup (ev_link_action_get_uri (action));
                        break;
-               case EV_LINK_ACTION_TYPE_LAUNCH:
-                       msg = g_strdup_printf (_("Launch %s"),
-                                              ev_link_action_get_filename (action));
-                       break;
                case EV_LINK_ACTION_TYPE_NAMED:
                        msg = tip_from_action_named (action);
                        break;
diff --git a/shell/ev-window.c b/shell/ev-window.c
index 81a6ede1..ea1a2a28 100644
--- a/shell/ev-window.c
+++ b/shell/ev-window.c
@@ -5594,7 +5594,6 @@ view_menu_link_popup (EvWindow *ev_window,
                                        show_internal = TRUE;
                                        break;
                                case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
-                               case EV_LINK_ACTION_TYPE_LAUNCH:
                                        show_external = TRUE;
                                        break;
                                default:
@@ -6694,67 +6693,6 @@ window_configure_event_cb (EvWindow *window, GdkEventConfigure *event, gpointer
        return FALSE;
 }
 
-static void
-launch_action (EvWindow *window, EvLinkAction *action)
-{
-       EvWindowPrivate *priv = GET_PRIVATE (window);
-       const char *filename = ev_link_action_get_filename (action);
-       GAppInfo *app_info;
-       GFile *file;
-       GList file_list = {NULL};
-       GdkAppLaunchContext *context;
-       GdkScreen *screen;
-       GError *error = NULL;
-
-       if (filename == NULL)
-               return;
-
-       if (g_path_is_absolute (filename)) {
-               file = g_file_new_for_path (filename);
-       } else {
-               GFile *base_file;
-               gchar *dir;
-
-               dir = g_path_get_dirname (priv->uri);
-               base_file = g_file_new_for_uri (dir);
-               g_free (dir);
-               
-               file = g_file_resolve_relative_path (base_file, filename);
-               g_object_unref (base_file);
-       }
-
-       app_info = g_file_query_default_handler (file, NULL, &error);
-       if (!app_info) {
-               ev_window_error_message (window, error,
-                                        "%s",
-                                        _("Unable to launch external application."));
-               g_object_unref (file);
-               g_error_free (error);
-
-               return;
-       }
-
-       screen = gtk_window_get_screen (GTK_WINDOW (window));
-       context = gdk_display_get_app_launch_context (gdk_screen_get_display (screen));
-       gdk_app_launch_context_set_screen (context, screen);
-       gdk_app_launch_context_set_timestamp (context, gtk_get_current_event_time ());
-
-       file_list.data = file;
-       if (!g_app_info_launch (app_info, &file_list, G_APP_LAUNCH_CONTEXT (context), &error)) {
-               ev_window_error_message (window, error,
-                                        "%s",
-                                        _("Unable to launch external application."));
-               g_error_free (error);
-       }
-
-       g_object_unref (app_info);
-       g_object_unref (file);
-        /* FIXMEchpe: unref launch context? */
-
-       /* According to the PDF spec filename can be an executable. I'm not sure
-          allowing to launch executables is a good idea though. -- marco */
-}
-
 static void
 launch_external_uri (EvWindow *window, EvLinkAction *action)
 {
@@ -6896,9 +6834,6 @@ view_external_link_cb (EvWindow *window, EvLinkAction *action)
                case EV_LINK_ACTION_TYPE_EXTERNAL_URI:
                        launch_external_uri (window, action);
                        break;
-               case EV_LINK_ACTION_TYPE_LAUNCH:
-                       launch_action (window, action);
-                       break;
                case EV_LINK_ACTION_TYPE_GOTO_REMOTE:
                        open_remote_link (window, action);
                        break;