From a8dffc63fbe3926498ecb905428f454d0afbe526 Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Mon, 12 Nov 2018 12:32:41 +0100
Subject: [PATCH] Add warning to OpenURL()

See https://github.com/raysan5/raylib/issues/686
---
 src/core.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/core.c b/src/core.c
index 1f4707c8..88b41935 100644
--- a/src/core.c
+++ b/src/core.c
@@ -1820,6 +1820,12 @@ int StorageLoadValue(int position)
 }
 
 // Open URL with default system browser (if available)
+// Note:
+// This function is onlyl safe to use if you control the URL given.
+// A user could craft a malicious string performing another action.
+// Only call this function yourself not with user input or make sure to check the
+// string yourself.
+// See https://github.com/raysan5/raylib/issues/686
 void OpenURL(const char *url)
 {
     char *cmd = calloc(strlen(url) + 10, sizeof(char));