pidgin: 5749f919: Open an explorer.exe window at the locat...

markdoliner at pidgin.im markdoliner at pidgin.im
Sat Aug 20 13:05:57 EDT 2011 

----------------------------------------------------------------------
Revision: 5749f9193063800d27bef75c2388f6f9cc2f7f37
Parent:   29484df15413fe3bbd21bbfcef26a55362055a81
Author:   markdoliner at pidgin.im
Date:     08/18/11 04:38:23
Branch:   im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37

Changelog: 

Open an explorer.exe window at the location of the file when clicking
on a file link instead of executing the file, because executing a file
can be potentially dangerous.  Problem discovered by James Burton of
Insomnia Security.  Fixed by Eion Robb.

Changes against parent 29484df15413fe3bbd21bbfcef26a55362055a81

  patched  ChangeLog
  patched  pidgin/gtkutils.c

-------------- next part --------------
============================================================
--- ChangeLog	69ad72a81047fbd61ea3badcc024488a54169611
+++ ChangeLog	cfd4ee7497fe2661c7a270bf672faae943eeac0e
@@ -53,6 +53,12 @@ version 2.10.0 (08/18/2011):
 	* Fix coming out of idle while in an unavailable state
 	* Fix logging into Yahoo! JAPAN.  (#14259)
 
+	Windows-Specific Changes:
+	* Open an explorer.exe window at the location of the file when clicking
+	  on a file link instead of executing the file, because executing a file
+	  can be potentially dangerous.  Problem discovered by James Burton of
+	  Insomnia Security.  Fixed by Eion Robb.
+
 version 2.9.0 (06/23/2011):
 	Pidgin:
 	* Fix a potential remote denial-of-service bug related to displaying
============================================================
--- pidgin/gtkutils.c	1786e81a63d0ab5a59a2b7549c3772f732c9fe73
+++ pidgin/gtkutils.c	ddbb37297ab32b153a1aca4b28787e1c883ad907
@@ -3282,14 +3282,27 @@ file_open_uri(GtkIMHtml *imhtml, const c
 #ifdef _WIN32
 	/* If using Win32... */
 	int code;
-	wchar_t *wc_filename = g_utf8_to_utf16(
-			uri, -1, NULL, NULL, NULL);
+	if (purple_str_has_prefix(uri, "file://"))
+	{
+		gchar *escaped = g_shell_quote(uri);
+		gchar *param = g_strconcat("/select,\"", uri, "\"", NULL);
+		gchar *wc_param = g_utf8_to_utf16(param, -1, NULL, NULL, NULL);
 
-	code = (int)ShellExecuteW(NULL, NULL, wc_filename, NULL, NULL,
-			SW_SHOW);
+		code = (int)ShellExecuteW(NULL, "OPEN", L"explorer.exe", wc_param, NULL, SW_NORMAL);
 
-	g_free(wc_filename);
+		g_free(wc_param);
+		g_free(param);
+		g_free(escaped);
+	} else {
+		wchar_t *wc_filename = g_utf8_to_utf16(
+				uri, -1, NULL, NULL, NULL);
 
+		code = (int)ShellExecuteW(NULL, NULL, wc_filename, NULL, NULL,
+				SW_SHOW);
+
+		g_free(wc_filename);
+	}
+
 	if (code == SE_ERR_ASSOCINCOMPLETE || code == SE_ERR_NOASSOC)
 	{
 		purple_notify_error(imhtml, NULL,

More information about the Commits mailing list