diff options
| author | Josh Rickmar <jrick@devio.us> | 2012-06-02 09:19:18 -0400 |
|---|---|---|
| committer | Josh Rickmar <jrick@devio.us> | 2012-06-06 11:53:15 -0400 |
| commit | 3298d9a24118b28173f3b606d7aed8fd8fee44f7 (patch) | |
| tree | bb5e927809fca58b60900377297dbec27525b32b | |
| parent | 1c7e8125fad4f52d6db3a9d61b5b625ca73a57ad (diff) | |
| download | xombrero-3298d9a24118b28173f3b606d7aed8fd8fee44f7.tar.gz | |
This fixes a bunch of things that probably should have gone in my last
push. Make the set_ssl_ca_file pointer logic not suck. 'M' isn't a valid key modifier, use 'M1' in the manpage. Add a function to escape an html string and use this for displaying settings. Now things like <file> and <uri> are not interpreted as html tags. Kill a system() when running a custom uri script. Tildes are now also expanded instead of being interpreted by the no-longer-being-called system shell. Plug a leak Replace the system() call for external_editor with an execvp and while here, kill a dangerous sprintf. Remove an unused variable
| -rw-r--r-- | about.c | 14 | ||||
| -rw-r--r-- | externaleditor.c | 49 | ||||
| -rw-r--r-- | settings.c | 13 | ||||
| -rw-r--r-- | xombrero.1 | 4 | ||||
| -rw-r--r-- | xombrero.c | 60 | ||||
| -rw-r--r-- | xombrero.h | 4 |
6 files changed, 81 insertions, 63 deletions
diff --git a/about.c b/about.c index 64e6804..012e52e 100644 --- a/about.c +++ b/about.c @@ -732,11 +732,6 @@ xtp_handle_ab(struct tab *t, uint8_t cmd, int arg) show_oops(t, "external_editor is unset"); break; } - snprintf(config, sizeof config, "%s" PS ".%s", pwd->pw_dir, - XT_CONF_FILE); - sv = g_strsplit(external_editor, "<file>", -1); - cmdstr = g_strjoinv(config, sv); - g_strfreev(sv); switch (pid = fork()) { case -1: /* no process created */ @@ -744,9 +739,18 @@ xtp_handle_ab(struct tab *t, uint8_t cmd, int arg) break; case 0: /* child */ + snprintf(config, sizeof config, "%s" PS ".%s", + pwd->pw_dir, XT_CONF_FILE); + + sv = g_strsplit(external_editor, "<file>", -1); + cmdstr = g_strjoinv(config, sv); + g_strfreev(sv); + sv = g_strsplit_set(cmdstr, " \t", -1); + execvp(sv[0], sv); g_strfreev(sv); + g_free(cmdstr); _exit(0); default: /* parent */ diff --git a/externaleditor.c b/externaleditor.c index 7d8d090..f3ebeb6 100644 --- a/externaleditor.c +++ b/externaleditor.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2012 Elias Norberg <xyzzy@kudzu.se> + * Copyright (c) 2012 Josh Rickmar <jrick@devio.us> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -133,9 +134,9 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, int (*callback)(const char *, gpointer), gpointer cb_data) { struct open_external_editor_cb_args *a; - char command[PATH_MAX]; - char *filename; - char *ptr; + char *cmdstr; + char filename[PATH_MAX]; + char **sv; int fd; int nb, rv; int cnt; @@ -148,9 +149,8 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, if (suffix == NULL) suffix = ""; - filename = g_malloc(strlen(temp_dir) + strlen(PS "xombreroXXXXXX") + - strlen(suffix) + 1); - sprintf(filename, "%s" PS "xombreroXXXXXX%s", temp_dir, suffix); + snprintf(filename, sizeof filename, "%s" PS "xombreroXXXXXX%s", + temp_dir, suffix); /* Create a temporary file */ fd = mkstemps(filename, strlen(suffix)); @@ -168,7 +168,6 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, rv = write(fd, contents+nb, cnt); if (rv < 0) { - g_free(filename); close(fd); show_oops(t,strerror(errno)); return (1); @@ -178,8 +177,7 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, } rv = fstat(fd, &st); - if (rv == -1){ - g_free(filename); + if (rv == -1) { close(fd); show_oops(t,"Cannot stat file: %s\n", strerror(errno)); return (1); @@ -188,23 +186,6 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, DPRINTF("edit_src: external_editor: %s\n", external_editor); - nb = 0; - for (ptr = external_editor; nb < sizeof(command) - 1 && *ptr; ptr++) { - - if (*ptr == '<') { - if (strncasecmp(ptr, "<file>", 6) == 0) { - strlcpy(command+nb, filename, - sizeof(command) - nb); - ptr += 5; - nb += strlen(filename); - } - } else - command[nb++] = *ptr; - } - command[nb] = '\0'; - - DPRINTF("edit_src: Launching program %s\n", command); - /* Launch editor */ pid = fork(); switch (pid) { @@ -214,10 +195,10 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, case 0: break; default: - + /* parent */ a = g_malloc(sizeof(struct open_external_editor_cb_args)); a->child_pid = pid; - a->path = filename; + a->path = g_strdup(filename); a->tab = t; a->mtime = st.st_mtime; a->callback = callback; @@ -230,9 +211,17 @@ open_external_editor(struct tab *t, const char *contents, const char *suffix, } /* child */ - /* XXX KILL system PLEASE */ - rv = system(command); + sv = g_strsplit(external_editor, "<file>", -1); + cmdstr = g_strjoinv(filename, sv); + g_strfreev(sv); + + sv = g_strsplit_set(cmdstr, " \t", -1); + + DPRINTF("edit_src: Launching program %s\n", cmdstr); + execvp(sv[0], sv); + g_strfreev(sv); + g_free(cmdstr); _exit(0); /* NOTREACHED */ return (0); diff --git a/settings.c b/settings.c index 0dc6476..e158ba5 100644 --- a/settings.c +++ b/settings.c @@ -73,7 +73,7 @@ int enable_js_whitelist = XT_DS_ENABLE_JS_WHITELIST; int enable_localstorage = XT_DS_ENABLE_LOCALSTORAGE; int session_timeout = XT_DS_SESSION_TIMEOUT; /* cookie session timeout */ int cookie_policy = XT_DS_COOKIE_POLICY; -char *ssl_ca_file = XT_DS_SSL_CA_FILE; +char *ssl_ca_file = NULL; gboolean ssl_strict_certs = XT_DS_SSL_STRICT_CERTS; gboolean enable_strict_transport = XT_DS_ENABLE_STRICT_TRANSPORT; int append_next = XT_DS_APPEND_NEXT; /* append tab after current tab */ @@ -1289,7 +1289,7 @@ custom_uri_add(char *uri, char *cmd) u = g_malloc(sizeof (struct custom_uri)); u->uri = g_strdup(uri); - u->cmd = g_strdup(cmd); + expand_tilde(u->cmd, sizeof u->cmd, cmd); DNPRINTF(XT_D_CUSTOM_URI, "custom_uri_add: %s %s\n", u->uri, u->cmd); @@ -1974,7 +1974,7 @@ set_ssl_ca_file_rt(char *value) if (value == NULL || strlen(value) == 0) { if (ssl_ca_file != NULL) g_free(ssl_ca_file); - ssl_ca_file = XT_DS_SSL_CA_FILE; + ssl_ca_file = NULL; g_object_set(session, SOUP_SESSION_SSL_CA_FILE, "", NULL); return (0); } else @@ -2398,7 +2398,7 @@ struct settings_args { void print_setting(struct settings *s, char *val, void *cb_args) { - char *tmp, *color; + char *enc_val, *tmp, *color; struct settings_args *sa = cb_args; if (sa == NULL) @@ -2409,6 +2409,7 @@ print_setting(struct settings *s, char *val, void *cb_args) else color = "#cccccc"; + enc_val = html_escape(val); tmp = *sa->body; *sa->body = g_strdup_printf( "%s\n<tr>" @@ -2418,9 +2419,11 @@ print_setting(struct settings *s, char *val, void *cb_args) color, s->name, color, - val + enc_val == NULL ? "" : enc_val ); g_free(tmp); + if (enc_val) + g_free(enc_val); sa->i++; } diff --git a/xombrero.1 b/xombrero.1 index 7543d72..6c5e5fb 100644 --- a/xombrero.1 +++ b/xombrero.1 @@ -146,8 +146,8 @@ the keystrokes. .Pp If the action begins with a colon, the action will be entered into the command prompt instead of being executed. -For example, "keybinding = :session open ,M-s" will open the command -prompt with ":open session " entered when using the M-s keybinding. +For example, "keybinding = :session open ,M1-s" will open the command +prompt with ":open session " entered when using the M1-s keybinding. .Pp Keybindings which open the command prompt may also include the string <uri>, which will be replaced by the current tab's URI. diff --git a/xombrero.c b/xombrero.c index b534f5b..3dcae0f 100644 --- a/xombrero.c +++ b/xombrero.c @@ -463,17 +463,11 @@ set_ssl_ca_file(char *file) return (-1); if (stat(file, &sb)) { warnx("no CA file: %s", file); - if (ssl_ca_file == file) { /* check and fix */ - g_free(ssl_ca_file); - ssl_ca_file = NULL; - } return (-1); } - if (ssl_ca_file != file) { /* set dynamically */ - if (ssl_ca_file) - g_free(ssl_ca_file); - ssl_ca_file = g_strdup(file); - } + if (ssl_ca_file) + g_free(ssl_ca_file); + ssl_ca_file = g_strdup(file); g_object_set(session, SOUP_SESSION_SSL_CA_FILE, ssl_ca_file, SOUP_SESSION_SSL_STRICT, ssl_strict_certs, @@ -924,6 +918,30 @@ find_mime_type(char *mime_type) return (rv); } +/* + * This only escapes the & and < characters, as per the discussion found here: + * http://lists.apple.com/archives/Webkitsdk-dev/2007/May/msg00056.html + */ +char * +html_escape(const char *val) +{ + char *s, *sp; + char **sv; + + if (val == NULL) + return NULL; + + sv = g_strsplit(val, "&", -1); + s = g_strjoinv("&", sv); + g_strfreev(sv); + sp = s; + sv = g_strsplit(val, "<", -1); + s = g_strjoinv("<", sv); + g_strfreev(sv); + g_free(sp); + return (s); +} + struct domain * wl_find_uri(const gchar *s, struct domain_list *wl) { @@ -3325,20 +3343,26 @@ parse_custom_uri(struct tab *t, const char *uri) { struct custom_uri *u; int handled = 0; - char *cmd, *esc_uri; TAILQ_FOREACH(u, &cul, entry) { if (strncmp(uri, u->uri, strlen(u->uri))) continue; handled = 1; - esc_uri = g_strescape(uri, ""); - cmd = g_strdup_printf("%s \"%s\"", u->cmd, esc_uri); - if (system(cmd)) - show_oops(t, "custom uri command failed: %s", - cmd); - g_free(esc_uri); - g_free(cmd); + switch (fork()) { + case -1: + show_oops(t, "%s: unable to fork", __func__); + break; + case 0: + /* child */ + printf("cmd: %s\n", u->cmd); + execlp(u->cmd, u->cmd, uri, (char *)0); + _exit(0); + /* NOTREACHED */ + default: + /* parent */ + break; + } } return (handled); @@ -5894,13 +5918,11 @@ parse_prefix_and_alias(const char *str, int *prefix) { struct cmd_alias *c; char *s = g_strdup(str), *sc; - char hasprefix = 0; g_strstrip(s); sc = s; if (isdigit(s[0])) { - hasprefix = 1; sscanf(s, "%d", prefix); while (isdigit(s[0]) || isspace(s[0])) ++s; diff --git a/xombrero.h b/xombrero.h index d5c04c8..78812ed 100644 --- a/xombrero.h +++ b/xombrero.h @@ -337,6 +337,7 @@ void load_uri(struct tab *t, gchar *uri); gboolean match_uri(const gchar *uri, const gchar *key); int valid_url_type(char *); void expand_tilde(char *, size_t, const char *); +char *html_escape(const char *val); void load_webkit_string(struct tab *, const char *, gchar *); void button_set_stockid(GtkWidget *, char *); @@ -564,7 +565,6 @@ int fork_exec(struct tab *, char *, const gchar *, char *, int); #define XT_DS_ENABLE_LOCALSTORAGE (1) #define XT_DS_SESSION_TIMEOUT (3600) #define XT_DS_COOKIE_POLICY SOUP_COOKIE_JAR_ACCEPT_ALWAYS -#define XT_DS_SSL_CA_FILE NULL #define XT_DS_SSL_STRICT_CERTS FALSE #define XT_DS_ENABLE_STRICT_TRANSPORT TRUE #define XT_DS_APPEND_NEXT (1) @@ -629,7 +629,7 @@ TAILQ_HEAD(keybinding_list, key_binding); struct custom_uri { char *uri; - char *cmd; + char cmd[PATH_MAX]; TAILQ_ENTRY(custom_uri) entry; }; TAILQ_HEAD(custom_uri_list, custom_uri); |