pidgin: c083ec57: Restrict buddy icon downloads from arbit...
datallah at pidgin.im
datallah at pidgin.im
Fri Aug 8 22:30:43 EDT 2008
-----------------------------------------------------------------
Revision: c083ec5718de3aa45ff6a04fa1a62acde9650520
Ancestor: 434563a4b8fadb9593c241db4bb5ffd0bf2c0627
Author: datallah at pidgin.im
Date: 2008-08-09T01:58:27
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/c083ec5718de3aa45ff6a04fa1a62acde9650520
Modified files:
libpurple/protocols/jabber/buddy.c
libpurple/protocols/jabber/jabber.c
libpurple/protocols/jabber/jabber.h
ChangeLog:
Restrict buddy icon downloads from arbitrary urls to 200kB.
Also, cancel buddy icon downloads when disconnecting.
-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/buddy.c 1bab8cce3c89bfba6f258e6fcb1cda9c64e0efb8
+++ libpurple/protocols/jabber/buddy.c 0764e412d2fad47344ddfc23304678fd61817c3d
@@ -37,6 +37,8 @@
#include "pep.h"
#include "adhoccommands.h"
+#define MAX_HTTP_BUDDYICON_BYTES (200 * 1024)
+
typedef struct {
long idle_seconds;
} JabberBuddyInfoResource;
@@ -1535,18 +1537,27 @@ void jabber_buddy_avatar_update_metadata
}
}
if(goodinfo) {
- const char *url = xmlnode_get_attrib(goodinfo,"url");
+ const char *url = xmlnode_get_attrib(goodinfo, "url");
const char *id = xmlnode_get_attrib(goodinfo,"id");
/* the avatar might either be stored in a pep node, or on a HTTP/HTTPS URL */
if(!url)
jabber_pep_request_item(js, from, AVATARNAMESPACEDATA, id, do_buddy_avatar_update_data);
else {
+ PurpleUtilFetchUrlData *url_data;
JabberBuddyAvatarUpdateURLInfo *info = g_new0(JabberBuddyAvatarUpdateURLInfo, 1);
info->js = js;
- info->from = g_strdup(from);
- info->id = g_strdup(id);
- purple_util_fetch_url(url, TRUE, NULL, TRUE, do_buddy_avatar_update_fromurl, info);
+
+ url_data = purple_util_fetch_url_len(url, TRUE, NULL, TRUE,
+ MAX_HTTP_BUDDYICON_BYTES,
+ do_buddy_avatar_update_fromurl, info);
+ if (url_data) {
+ info->from = g_strdup(from);
+ info->id = g_strdup(id);
+ js->url_datas = g_slist_prepend(js->url_datas, url_data);
+ } else
+ g_free(info);
+
}
}
}
============================================================
--- libpurple/protocols/jabber/jabber.c e356e87928f7a97c9239f0177d451c6b860d3502
+++ libpurple/protocols/jabber/jabber.c 01f719d67f7acaac4fb8ed7e92bb760a2af3f0d3
@@ -1322,6 +1322,11 @@ void jabber_close(PurpleConnection *gc)
js->bs_proxies = g_list_delete_link(js->bs_proxies, js->bs_proxies);
}
+ while(js->url_datas) {
+ purple_util_fetch_url_cancel(js->url_datas->data);
+ js->url_datas = g_slist_delete_link(js->url_datas, js->url_datas);
+ }
+
g_free(js->stream_id);
if(js->user)
jabber_id_free(js->user);
============================================================
--- libpurple/protocols/jabber/jabber.h 88ac28243798c76a2cc7fa2f08051e77869d0167
+++ libpurple/protocols/jabber/jabber.h 278f09ab8a8ec522143d1a89519a628427847ed7
@@ -236,6 +236,11 @@ struct _JabberStream
PurpleSrvResponse *srv_rec;
guint srv_rec_idx;
guint max_srv_rec_idx;
+ /**
+ * This linked list contains PurpleUtilFetchUrlData structs
+ * for when we lookup buddy icons from a url
+ */
+ GSList *url_datas;
};
typedef gboolean (JabberFeatureEnabled)(JabberStream *js, const gchar *shortname, const gchar *namespace);
More information about the Commits
mailing list