Commit Graph

12231 Commits

Author SHA1 Message Date
Slava Zanko
6bdf50c5a5 Ticket #2913: CVE-2012-4463 mc-4.8.5: Does not sanitize MC_EXT_SELECTED variable properly
Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla:

https://bugs.gentoo.org/show_bug.cgi?id=436518

When multiple files are selected and F3 / Enter key is pressed on some of the files,
MC_EXT_SELECTED variable does not sanitize the whitespace characters properly
(leading into situation when first file is used as the actual value of MC_EXT_SELECTED
variable and the remaining files from the list are used as arguments passed to the
temporary script, created to handle F3 / Enter action on the first file).

A remote attacker could provide a specially-crafted archive and trick the local
Midnight Commander user into expanding and viewing it, which under certain
circumstances could lead to arbitrary code execution with the privileges of
the user running the mc executable.

Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-29 13:20:47 +03:00
Andrew Borodin
bf475ce339 Ticket #2934: highlight OGV files as media.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-23 14:20:04 +04:00
Andrew Borodin
7b8e790de0 src/*/*.[ch]: fix indentation.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-20 13:44:14 +04:00
Andrew Borodin
281209c79d lib/widget/*.[ch]: fix indentation.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-20 13:27:10 +04:00
Andrew Borodin
47fc9f669f Merge branch '2919_dlg_as_widget'
* 2919_dlg_as_widget: (57 commits)
  Update po/*.po and po/mc.pot files.
  Internal menu structures are opaque now.
  Add useful macros for widget type cast.
  Unify widget and dialog message handling.
  Remove DLG_WANT_IDLE. Use W_WANT_IDLE instead.
  Rename Dlg_head to WDialog.
  Rename default callbacks of widget and dialog.
  Unify some hotkeys.
  (editcmd_dialog_raw_key_query): adjust sizes and look'n'feel.
  (real_query_recursive): refactoring of dialog.
  "Directory scanning" dialog: adjust look'n'feel.
  Center text in query owerwrite and delete dialogs.
  (query_dialog): center label horizontally.
  Horizontal centering of multi-line label: center each line independently.
  (file_mask_dialog): adjust width calculation.
  (query_dialog): add horizontal line.
  Remove DLG_REVERSE flag.
  Build file operation dialogs in normal order.
  Build find file dialogs in normal order.
  Build "Background jobs" dialog in normal order.
  ...
2012-11-20 13:07:03 +04:00
Andrew Borodin
8c59d2be4b Update po/*.po and po/mc.pot files.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:49:38 +04:00
Andrew Borodin
4e90c1a229 Internal menu structures are opaque now.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
2ec122bc05 Add useful macros for widget type cast.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
665d238ffa Unify widget and dialog message handling.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
497b69c106 Remove DLG_WANT_IDLE. Use W_WANT_IDLE instead.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:13 +04:00
Andrew Borodin
843dcd104e Rename Dlg_head to WDialog.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
0078874613 Rename default callbacks of widget and dialog.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
0ccbe2c547 Unify some hotkeys.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
57d17c994b (editcmd_dialog_raw_key_query): adjust sizes and look'n'feel.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
b24b5dd479 (real_query_recursive): refactoring of dialog.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
3fed65e358 "Directory scanning" dialog: adjust look'n'feel.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
45179f48e6 Center text in query owerwrite and delete dialogs.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
cab525049f (query_dialog): center label horizontally.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
bafc778ee7 Horizontal centering of multi-line label: center each line independently.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a91682a079 (file_mask_dialog): adjust width calculation.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
96795565f5 (query_dialog): add horizontal line.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
f14cee4e18 Remove DLG_REVERSE flag.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
40ce25603e Build file operation dialogs in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
d139aa1de2 Build find file dialogs in normal order.
Adjust resize handling.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a710591b4b Build "Background jobs" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
9845afe083 Build hotlist dialogs in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
c40b5475f5 src/filemanager/hotlist.[ch]: cleanup.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
b406fdceb9 Build "External panelize" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
ce922ea7df Build "Layout" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
d514d186dc Build "Advanced chown command" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
da98101f20 src/filemanager/achown.c: cleanup.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
3f10e7937a Build "Chown command" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
bf38bce6d9 Build "Chmod command" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
51eac41558 Build "Learn keys" dialog in normal order.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
7b16dbf41f src/learch.c: cleanup.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
9348f70003 (tree_box): don't apply DLG_REVERSE flag.
Adjust resize handling.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
03829a7e6e Don't apply DLG_REVERSE flag to the listbox window
...since this dialog contains single widget.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a39e3fe682 (spell_dialog_spell_suggest_show): fixed widget order in the dialog.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
211a3ec502 (edit_about): reimplement using QuickDialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
612c32349d (quick_widget_t): add pos_flags member.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
322bf132d7 (QUICK_BUTTONS_OK_CANCEL): new macro for often-used dialog buttons.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
ff2d827300 Refactoring of panel format dialog.
(display_box): rename to panel_listing_box. Use QuickDialog engine.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
dfb793ddf3 Reimplement "SMB authentication" dialog using QuckDialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
298201d305 Drop old QuickWidget engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
dca06a6786 mcfilemanager: use new quick dialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
779f111f6d mcedit: use new quick dialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
2fee821a3e mcdiffviewer: use new quick dialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
083e02be31 mcviewer: use new quick dialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
581cb4b38e (fg_input_dialog_help): use new quick dialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
e97ac7507a New QuickDialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-19 21:42:45 +04:00