[gnome-desktop/wip/hadess/revert-filename-leak] Revert "thumbnails: keep the orignal file name"

[Bastien Nocera <hadess src gnome org>]

commit 6bb71e26df3860c4cf9d26e101627b2b970927af
Author: Bastien Nocera <hadess hadess net>
Date:   Wed Oct 27 17:10:45 2021 +0200

    Revert "thumbnails: keep the orignal file name"
    
    This reverts commit e7006be27b4a5048470a20079a6762ad4a0d2e18.
    
    Passing the filename to an untrusted thumbnailer is a potential
    information leak, or a possible method to get that thumbnailer
    to crash.
    
    The Flatpak sandboxing codepaths unfortunately cannot remap files, so
    that's the reason why the original filename is passed.

 libgnome-desktop/gnome-desktop-thumbnail-script.c | 27 ++++++++++++++++++-----
 1 file changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c 
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index ddcc1511..0cb4fa86 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -155,6 +155,21 @@ create_gst_cache_dir (void)
   return out;
 }
 
+static char *
+get_extension (const char *path)
+{
+  g_autofree char *basename = NULL;
+  char *p;
+
+  basename = g_path_get_basename (path);
+  p = strrchr (basename, '.');
+  if (g_file_test (path, G_FILE_TEST_IS_DIR) ||
+      !p ||
+      p == basename) /* Leading periods on the basename are ignored. */
+    return NULL;
+  return g_strdup (p + 1);
+}
+
 #ifdef ENABLE_SECCOMP
 static gboolean
 flatpak_fail (GError     **error,
@@ -951,8 +966,8 @@ script_exec_new (const char  *uri,
   if (exec->sandbox == SANDBOX_TYPE_BWRAP)
     {
       char *tmpl;
-      const char *infile;
-      g_autofree char *basename = NULL;
+      g_autofree char *ext = NULL;
+      g_autofree char *infile = NULL;
 
       exec->fd_array = g_array_new (FALSE, TRUE, sizeof (int));
       g_array_set_clear_func (exec->fd_array, clear_fd);
@@ -966,12 +981,12 @@ script_exec_new (const char  *uri,
           goto bail;
         }
       exec->outfile = g_build_filename (exec->outdir, "gnome-desktop-thumbnailer.png", NULL);
-      basename = g_file_get_basename (file);
+      ext = get_extension (exec->infile);
 
-      if (basename)
-        infile = basename;
+      if (ext)
+        infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail.%s", ext);
       else
-        infile = "gnome-desktop-file-to-thumbnail";
+        infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail");
 
       exec->infile_tmp = g_build_filename (exec->outdir, infile, NULL);