Slava Zanko
4ee4959cea
Merge branch '2913_sanitize'
...
* 2913_sanitize:
Added parameter quotation
Added tests for name_quote function.
exec_get_export_variables(): reproduce bug in test
Ticket #2913 : CVE-2012-4463 mc-4.8.5: Does not sanitize MC_EXT_SELECTED variable properly
2012-11-29 13:22:00 +03:00
Slava Zanko
a51df499cd
Added parameter quotation
...
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-29 13:21:09 +03:00
Slava Zanko
467677ee6a
Added tests for name_quote function.
...
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-29 13:20:47 +03:00
Slava Zanko
f115ac627f
exec_get_export_variables(): reproduce bug in test
...
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-29 13:20:47 +03:00
Slava Zanko
6bdf50c5a5
Ticket #2913 : CVE-2012-4463 mc-4.8.5: Does not sanitize MC_EXT_SELECTED variable properly
...
Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=436518
When multiple files are selected and F3 / Enter key is pressed on some of the files,
MC_EXT_SELECTED variable does not sanitize the whitespace characters properly
(leading into situation when first file is used as the actual value of MC_EXT_SELECTED
variable and the remaining files from the list are used as arguments passed to the
temporary script, created to handle F3 / Enter action on the first file).
A remote attacker could provide a specially-crafted archive and trick the local
Midnight Commander user into expanding and viewing it, which under certain
circumstances could lead to arbitrary code execution with the privileges of
the user running the mc executable.
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2012-11-29 13:20:47 +03:00
Andrew Borodin
bf475ce339
Ticket #2934 : highlight OGV files as media.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-23 14:20:04 +04:00
Andrew Borodin
7b8e790de0
src/*/*.[ch]: fix indentation.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-20 13:44:14 +04:00
Andrew Borodin
281209c79d
lib/widget/*.[ch]: fix indentation.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-20 13:27:10 +04:00
Andrew Borodin
47fc9f669f
Merge branch '2919_dlg_as_widget'
...
* 2919_dlg_as_widget: (57 commits)
Update po/*.po and po/mc.pot files.
Internal menu structures are opaque now.
Add useful macros for widget type cast.
Unify widget and dialog message handling.
Remove DLG_WANT_IDLE. Use W_WANT_IDLE instead.
Rename Dlg_head to WDialog.
Rename default callbacks of widget and dialog.
Unify some hotkeys.
(editcmd_dialog_raw_key_query): adjust sizes and look'n'feel.
(real_query_recursive): refactoring of dialog.
"Directory scanning" dialog: adjust look'n'feel.
Center text in query owerwrite and delete dialogs.
(query_dialog): center label horizontally.
Horizontal centering of multi-line label: center each line independently.
(file_mask_dialog): adjust width calculation.
(query_dialog): add horizontal line.
Remove DLG_REVERSE flag.
Build file operation dialogs in normal order.
Build find file dialogs in normal order.
Build "Background jobs" dialog in normal order.
...
2012-11-20 13:07:03 +04:00
Andrew Borodin
8c59d2be4b
Update po/*.po and po/mc.pot files.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:49:38 +04:00
Andrew Borodin
4e90c1a229
Internal menu structures are opaque now.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
2ec122bc05
Add useful macros for widget type cast.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
665d238ffa
Unify widget and dialog message handling.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:14 +04:00
Andrew Borodin
497b69c106
Remove DLG_WANT_IDLE. Use W_WANT_IDLE instead.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:44:13 +04:00
Andrew Borodin
843dcd104e
Rename Dlg_head to WDialog.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
0078874613
Rename default callbacks of widget and dialog.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
0ccbe2c547
Unify some hotkeys.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
57d17c994b
(editcmd_dialog_raw_key_query): adjust sizes and look'n'feel.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
b24b5dd479
(real_query_recursive): refactoring of dialog.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
3fed65e358
"Directory scanning" dialog: adjust look'n'feel.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
45179f48e6
Center text in query owerwrite and delete dialogs.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
cab525049f
(query_dialog): center label horizontally.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:47 +04:00
Andrew Borodin
bafc778ee7
Horizontal centering of multi-line label: center each line independently.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a91682a079
(file_mask_dialog): adjust width calculation.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
96795565f5
(query_dialog): add horizontal line.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
f14cee4e18
Remove DLG_REVERSE flag.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
40ce25603e
Build file operation dialogs in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
d139aa1de2
Build find file dialogs in normal order.
...
Adjust resize handling.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a710591b4b
Build "Background jobs" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
9845afe083
Build hotlist dialogs in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
c40b5475f5
src/filemanager/hotlist.[ch]: cleanup.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
b406fdceb9
Build "External panelize" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
ce922ea7df
Build "Layout" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
d514d186dc
Build "Advanced chown command" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
da98101f20
src/filemanager/achown.c: cleanup.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
3f10e7937a
Build "Chown command" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
bf38bce6d9
Build "Chmod command" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
51eac41558
Build "Learn keys" dialog in normal order.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
7b16dbf41f
src/learch.c: cleanup.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
9348f70003
(tree_box): don't apply DLG_REVERSE flag.
...
Adjust resize handling.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
03829a7e6e
Don't apply DLG_REVERSE flag to the listbox window
...
...since this dialog contains single widget.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
a39e3fe682
(spell_dialog_spell_suggest_show): fixed widget order in the dialog.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
211a3ec502
(edit_about): reimplement using QuickDialog engine.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
612c32349d
(quick_widget_t): add pos_flags member.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
322bf132d7
(QUICK_BUTTONS_OK_CANCEL): new macro for often-used dialog buttons.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:46 +04:00
Andrew Borodin
ff2d827300
Refactoring of panel format dialog.
...
(display_box): rename to panel_listing_box. Use QuickDialog engine.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
dfb793ddf3
Reimplement "SMB authentication" dialog using QuckDialog engine.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
298201d305
Drop old QuickWidget engine.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
dca06a6786
mcfilemanager: use new quick dialog engine.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00
Andrew Borodin
779f111f6d
mcedit: use new quick dialog engine.
...
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2012-11-19 21:42:45 +04:00