From 0717e42458925333e181d1c429be0a1f3e618788 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jean-Fran=C3=A7ois=20Guchens?= Date: Fri, 15 May 2009 23:49:01 +0200 Subject: [PATCH] Protect speed dial against quoting in titles --- midori/midori-browser.c | 33 +++++++++++++++++++++++++++++++-- midori/midori-view.c | 17 +++++++---------- 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/midori/midori-browser.c b/midori/midori-browser.c index d9467a9d..dfc5cca2 100644 --- a/midori/midori-browser.c +++ b/midori/midori-browser.c @@ -948,6 +948,18 @@ midori_browser_add_speed_dial (MidoriBrowser* browser) gchar* title = g_strdup (midori_view_get_display_title (MIDORI_VIEW (view))); gchar* slot_id = midori_browser_speed_dial_get_next_free_slot (); + GRegex* reg_quotes = g_regex_new ("'", 0, 0, NULL); + GRegex* reg_others = g_regex_new ("[\\\"\\\\]", 0, 0, NULL); + gchar* temp_title = g_regex_replace_literal (reg_others, title, + -1, 0, " ", 0, NULL); + g_free (title); + title = g_regex_replace_literal (reg_quotes, temp_title, -1, 0, + "\\\\'", 0, NULL); + + g_free (temp_title); + g_regex_unref (reg_quotes); + g_regex_unref (reg_others); + if (slot_id == NULL) { g_free (uri); @@ -957,11 +969,27 @@ midori_browser_add_speed_dial (MidoriBrowser* browser) if ((len = g_utf8_strlen (title, -1)) > 15) { - gchar* ellipsized = g_malloc0 (len + 1); + /** + * The case when a quote was escaped with a backslash and the + * backslash becomes the last character of the ellipsized string. + * This causes JSON parsing to fail. + * For example: "My Foo Bar \'b\..." + **/ + GRegex* reg_unsafe = g_regex_new ("([\\\\]+\\.)", 0, 0, NULL); + + gchar* temp; + gchar* ellipsized = g_malloc0 ( len + 1); + g_utf8_strncpy (ellipsized, title, 15); g_free (title); - title = g_strdup_printf ("%s...", ellipsized); + + temp = g_strdup_printf ("%s...", ellipsized); g_free (ellipsized); + + title = g_regex_replace_literal (reg_unsafe, temp, -1, 0, ".", 0, NULL); + g_free (temp); + + g_regex_unref (reg_unsafe); } folder = g_build_filename (g_get_user_cache_dir (), PACKAGE_NAME, "thumbs", NULL); @@ -999,6 +1027,7 @@ midori_browser_add_speed_dial (MidoriBrowser* browser) regex = g_regex_new (replace_from, G_REGEX_MULTILINE, 0, NULL); replace = g_regex_replace (regex, speed_dial_body, -1, 1, replace_by, 0, NULL); + g_file_set_contents (body_fname, replace, -1, NULL); g_object_unref (img); diff --git a/midori/midori-view.c b/midori/midori-view.c index 4a44632e..79cd2eb7 100644 --- a/midori/midori-view.c +++ b/midori/midori-view.c @@ -2021,7 +2021,6 @@ midori_view_set_uri (MidoriView* view, gchar* speed_dial_head; gchar* speed_dial_body; gchar* body_fname; - gchar* location_entry_search; gchar* stock_root; katze_assign (view->uri, g_strdup ("")); @@ -2047,18 +2046,11 @@ midori_view_set_uri (MidoriView* view, else g_file_get_contents (body_fname, &speed_dial_body, NULL, NULL); - - g_object_get (view->settings, "location-entry-search", - &location_entry_search, NULL); - data = sokoke_replace_variables (speed_dial_head, "{res}", res_root, "{stock}", stock_root, "{json_data}", speed_dial_body, "{title}", _("Speed dial"), - "{search_uri}", location_entry_search, - "{search_title}", _("Search"), - "{search}", _("Search"), "{click_to_add}", _("Click to add a shortcut"), "{enter_shortcut_address}", _("Enter shortcut address"), "{enter_shortcut_name}", _("Enter shortcut title"), @@ -2080,7 +2072,6 @@ midori_view_set_uri (MidoriView* view, g_free (speed_dial_head); g_free (speed_dial_body); g_free (body_fname); - g_free (location_entry_search); } /* This is not prefectly elegant, but creating an error page inline is the simplest solution. */ @@ -3061,7 +3052,13 @@ midori_view_speed_dial_save (GtkWidget* web_view, gchar* json = g_strdup (message + 15); gchar* fname = g_build_filename (sokoke_set_config_dir (NULL), "speeddial.json", NULL); - g_file_set_contents (fname, json, -1, NULL); + + GRegex* reg_double = g_regex_new ("\\\\\"", 0, 0, NULL); + gchar* safe = g_regex_replace_literal (reg_double, json, -1, 0, "\\\\\"", 0, NULL); + g_file_set_contents (fname, safe, -1, NULL); + g_free (fname); g_free (json); + g_free (safe); + g_regex_unref (reg_double); } -- 2.39.5