Escape potentially problematic characters in ${url}

git-svn-id: https://shellinabox.googlecode.com/svn/trunk@179 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-08-24 02:19:43 +00:00 · 2009-08-24 02:19:43 +00:00 · e8ef411627
commit e8ef411627
parent 69cfac0161
7 changed files with 21 additions and 9 deletions
--- a/config.h
+++ b/config.h
@ -138,7 +138,7 @@
 #define STDC_HEADERS 1
 /* Most recent revision number in the version control system */
-#define VCS_REVISION "178"
+#define VCS_REVISION "179"
 /* Version number of package */
 #define VERSION "2.9"
--- a/2
+++ b/2
@ -2319,7 +2319,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
-VCS_REVISION=178
+VCS_REVISION=179
 cat >>confdefs.h <<_ACEOF
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@ AC_PREREQ(2.57)
 dnl This is the one location where the authoritative version number is stored
 AC_INIT(shellinabox, 2.9, markus@shellinabox.com)
-VCS_REVISION=178
+VCS_REVISION=179
 AC_SUBST(VCS_REVISION)
 AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
                   [Most recent revision number in the version control system])
--- a/demo/vt100.js
+++ b/demo/vt100.js
@ -1901,7 +1901,7 @@ VT100.prototype.toggleBell = function() {
 };
 VT100.prototype.about = function() {
-  alert("VT100 Terminal Emulator " + "2.9 (revision 178)" +
+  alert("VT100 Terminal Emulator " + "2.9 (revision 179)" +
        "\nCopyright 2008-2009 by Markus Gutschke\n" +
        "For more information check http://shellinabox.com");
 };
--- a/shellinabox/launcher.c
+++ b/shellinabox/launcher.c
@ -407,16 +407,28 @@ int launchChild(int service, struct Session *session, const char *url) {
    return -1;
  }
  char *u;
  check(u              = strdup(url));
  for (int i; u[i = strcspn(u, "\\\"'`${};() \r\n\t\v\f")]; ) {
    static const char hex[] = "0123456789ABCDEF";
    check(u            = realloc(u, strlen(u) + 4));
    memmove(u + i + 3, u + i + 1, strlen(u + i));
    u[i + 2]           = hex[ u[i]       & 0xF];
    u[i + 1]           = hex[(u[i] >> 4) & 0xF];
    u[i]               = '%';
  }
  struct LaunchRequest *request;
-  size_t len           = sizeof(struct LaunchRequest) + strlen(url) + 1;
+  size_t len           = sizeof(struct LaunchRequest) + strlen(u) + 1;
  check(request        = calloc(len, 1));
  request->service     = service;
  request->width       = session->width;
  request->height      = session->height;
  strncat(request->peerName, httpGetPeerName(session->http),
          sizeof(request->peerName) - 1);
-  request->urlLength   = strlen(url);
+  request->urlLength   = strlen(u);
-  memcpy(&request->url, url, request->urlLength);
+  memcpy(&request->url, u, request->urlLength);
  free(u);
  if (NOINTR(write(launcher, request, len)) != len) {
    free(request);
    return -1;
--- a/shellinabox/shell_in_a_box.js
+++ b/shellinabox/shell_in_a_box.js
@ -358,7 +358,7 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) {
 };
 ShellInABox.prototype.about = function() {
-  alert("Shell In A Box version " + "2.9 (revision 178)" +
+  alert("Shell In A Box version " + "2.9 (revision 179)" +
        "\nCopyright 2008-2009 by Markus Gutschke\n" +
        "For more information check http://shellinabox.com" +
        (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ?
--- a/shellinabox/vt100.js
+++ b/shellinabox/vt100.js
@ -1901,7 +1901,7 @@ VT100.prototype.toggleBell = function() {
 };
 VT100.prototype.about = function() {
-  alert("VT100 Terminal Emulator " + "2.9 (revision 178)" +
+  alert("VT100 Terminal Emulator " + "2.9 (revision 179)" +
        "\nCopyright 2008-2009 by Markus Gutschke\n" +
        "For more information check http://shellinabox.com");
 };