mirrors/raylib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for single apostrophe in OpenURL()

Browse Source 
When doing a8dffc63fb I was not aware that
printing a warning and not executing the code would be an option. I only
learned that through 618f220851.

So I propose that we allow all URLs except if the string contains a `'`.
Which could end the URL and call another command via `system()`.

Related to https://github.com/raysan5/raylib/issues/686
This commit is contained in:
Michael Vetter 2018-11-13 10:53:49 +01:00
parent 618f220851
commit 8f70c3baed
1 changed files with 4 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/core.c
View File

@ -1828,24 +1828,10 @@ void OpenURL(const char *url)
{ {
// Small security check trying to avoid (partially) malicious code... // Small security check trying to avoid (partially) malicious code...
// sorry for the inconvenience when you hit this point... // sorry for the inconvenience when you hit this point...
bool validUrl = true; if (strchr(url, '\'') != NULL)
int len = strlen(url);
for (int i = 0; i < len; i++)
{
if ((url[i] == ';') ||
(url[i] == '?') ||
(url[i] == ':') ||
(url[i] == '=') ||
(url[i] == '&'))
{
validUrl = false;
break;
}
}
if (validUrl)
{ {
TraceLog(LOG_WARNING, "Provided URL does not seem to be valid.");
} else {
char *cmd = calloc(strlen(url) + 10, sizeof(char)); char *cmd = calloc(strlen(url) + 10, sizeof(char));
#if defined(_WIN32) #if defined(_WIN32)
@ -1856,10 +1842,9 @@ void OpenURL(const char *url)
sprintf(cmd, "open '%s'", url); sprintf(cmd, "open '%s'", url);
#endif #endif
system(cmd); system(cmd);
free(cmd); free(cmd);
} }
else TraceLog(LOG_WARNING, "Provided URL does not seem to be valid.");
} }
//---------------------------------------------------------------------------------- //----------------------------------------------------------------------------------