1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
$NetBSD: patch-cg,v 1.2 2007/04/02 01:25:49 hira Exp $
Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
--- shell/source/unix/exec/shellexec.cxx.orig 2006-12-02 02:57:03.000000000 +0900
+++ shell/source/unix/exec/shellexec.cxx 2007-04-02 10:07:28.000000000 +0900
@@ -52,10 +52,6 @@
#include <osl/file.hxx>
#endif
-#ifndef _RTL_STRBUF_HXX_
-#include <rtl/strbuf.hxx>
-#endif
-
#ifndef _RTL_USTRBUF_HXX_
#include <rtl/ustrbuf.hxx>
#endif
@@ -124,6 +120,20 @@
}
}
+void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL)
+{
+ sal_Int32 nmax = rURL.getLength();
+ for(sal_Int32 n=0; n < nmax; ++n)
+ {
+ // escape every non alpha numeric characters (excluding a few "known good") by prepending a '\'
+ sal_Char c = rURL[n];
+ if( ( c < 'A' || c > 'Z' ) && ( c < 'a' || c > 'z' ) && ( c < '0' || c > '9' ) && c != '/' && c != '.' )
+ rBuffer.append( '\\' );
+
+ rBuffer.append( c );
+ }
+}
+
//-----------------------------------------------------------------------------------------
//
//-----------------------------------------------------------------------------------------
@@ -208,7 +218,7 @@
OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding());
nIndex = aTmp.lastIndexOf('/');
if (nIndex > 0)
- aBuffer.append(aTmp.copy(0, nIndex+1));
+ escapeForShell(aBuffer, aTmp.copy(0, nIndex+1));
// Respect the desktop environment - if there is an executable named
// <desktop-environement-is>-open-url, pass the url to this one instead
@@ -236,21 +246,19 @@
aBuffer.append("open-url");
#endif
- aBuffer.append(" \'");
- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
- aBuffer.append("\'");
+ aBuffer.append(" ");
+ escapeForShell(aBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding()));
if ( pDesktopLaunch && *pDesktopLaunch )
{
aLaunchBuffer.append( pDesktopLaunch );
- aLaunchBuffer.append( " \'" );
- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
- aLaunchBuffer.append( "\'" );
+ aLaunchBuffer.append(" ");
+ escapeForShell(aLaunchBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding()));
}
} else {
- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding()));
+ escapeForShell(aBuffer, OUStringToOString(aCommand, osl_getThreadTextEncoding()));
aBuffer.append(" ");
- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding()));
+ escapeForShell(aBuffer, OUStringToOString(aParameter, osl_getThreadTextEncoding()));
}
// Prefer DESKTOP_LAUNCH when available
|