From 1f5c95d9e92360bb72ad415aca6698af8774b094 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Thu, 17 Jun 2021 15:22:40 -0500 Subject: Always pass a valid URI to gtk_show_uri() This can fix issues like a crash when invalid characters get passed through. --- src/fe-gtk/fe-gtk.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/fe-gtk/fe-gtk.c') diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index ee3e847c..b9945002 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -1071,7 +1071,9 @@ fe_open_url_inner (const char *url) #elif defined(__APPLE__) osx_show_uri (url); #else - gtk_show_uri (NULL, url, GDK_CURRENT_TIME, NULL); + char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS, FALSE); + gtk_show_uri (NULL, escaped_url, GDK_CURRENT_TIME, NULL); + g_free (escaped_url); #endif } -- cgit 1.4.1 From 869a8d7ab335cf785e06450e4ab1ca02a9f5005f Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Sat, 10 Jul 2021 11:35:35 -0500 Subject: Fix allowed characters when escaping URIs Closes #2608 --- src/fe-gtk/fe-gtk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/fe-gtk/fe-gtk.c') diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index b9945002..4ed4aac9 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -1071,7 +1071,8 @@ fe_open_url_inner (const char *url) #elif defined(__APPLE__) osx_show_uri (url); #else - char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS, FALSE); + char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, + FALSE); gtk_show_uri (NULL, escaped_url, GDK_CURRENT_TIME, NULL); g_free (escaped_url); #endif -- cgit 1.4.1 From 9039a5d75ba854d00bfbd9bb5235ec547eeffbe1 Mon Sep 17 00:00:00 2001 From: Nolan Lum Date: Thu, 14 Oct 2021 07:44:11 -0700 Subject: Add -NOOVERRIDE flag to GUI COLOR. (#2644) --- src/common/fe.h | 11 ++++++++++- src/common/outbound.c | 12 +++++++++--- src/fe-gtk/fe-gtk.c | 8 ++++---- src/fe-gtk/maingui.c | 22 +++++++++++++++------- src/fe-text/fe-text.c | 2 +- 5 files changed, 39 insertions(+), 16 deletions(-) (limited to 'src/fe-gtk/fe-gtk.c') diff --git a/src/common/fe.h b/src/common/fe.h index 6614055b..9da4e230 100644 --- a/src/common/fe.h +++ b/src/common/fe.h @@ -69,7 +69,16 @@ int fe_input_add (int sok, int flags, void *func, void *data); void fe_input_remove (int tag); void fe_idle_add (void *func, void *data); void fe_set_topic (struct session *sess, char *topic, char *stripped_topic); -void fe_set_tab_color (struct session *sess, int col); +typedef enum +{ + FE_COLOR_NONE = 0, + FE_COLOR_NEW_DATA = 1, + FE_COLOR_NEW_MSG = 2, + FE_COLOR_NEW_HILIGHT = 3, + FE_COLOR_FLAG_NOOVERRIDE = 8, +} tabcolor; +#define FE_COLOR_ALLFLAGS (FE_COLOR_FLAG_NOOVERRIDE) +void fe_set_tab_color (struct session *sess, tabcolor col); void fe_flash_window (struct session *sess); void fe_update_mode_buttons (struct session *sess, char mode, char sign); void fe_update_channel_key (struct session *sess); diff --git a/src/common/outbound.c b/src/common/outbound.c index 70fcd436..fcc731e2 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -2152,7 +2152,6 @@ cmd_gui (struct session *sess, char *tbuf, char *word[], char *word_eol[]) { case 0x058b836e: fe_ctrl_gui (sess, 8, 0); break; /* APPLY */ case 0xac1eee45: fe_ctrl_gui (sess, 7, 2); break; /* ATTACH */ - case 0x05a72f63: fe_ctrl_gui (sess, 4, atoi (word[3])); break; /* COLOR */ case 0xb06a1793: fe_ctrl_gui (sess, 7, 1); break; /* DETACH */ case 0x05cfeff0: fe_ctrl_gui (sess, 3, 0); break; /* FLASH */ case 0x05d154d8: fe_ctrl_gui (sess, 2, 0); break; /* FOCUS */ @@ -2166,6 +2165,12 @@ cmd_gui (struct session *sess, char *tbuf, char *word[], char *word_eol[]) else return FALSE; break; + case 0x05a72f63: /* COLOR */ + if (!g_ascii_strcasecmp (word[4], "-NOOVERRIDE")) + fe_ctrl_gui (sess, 4, FE_COLOR_FLAG_NOOVERRIDE | atoi (word[3])); + else + fe_ctrl_gui (sess, 4, atoi (word[3])); + break; default: return FALSE; } @@ -4015,8 +4020,9 @@ const struct commands xc_cmds[] = { {"GETINT", cmd_getint, 0, 0, 1, "GETINT "}, {"GETSTR", cmd_getstr, 0, 0, 1, "GETSTR "}, {"GHOST", cmd_ghost, 1, 0, 1, N_("GHOST [password], Kills a ghosted nickname")}, - {"GUI", cmd_gui, 0, 0, 1, "GUI [APPLY|ATTACH|DETACH|SHOW|HIDE|FOCUS|FLASH|ICONIFY|COLOR ]\n" - " GUI [MSGBOX |MENU TOGGLE]"}, + {"GUI", cmd_gui, 0, 0, 1, "GUI [APPLY|ATTACH|DETACH|SHOW|HIDE|FOCUS|FLASH|ICONIFY]\n" + " GUI [MSGBOX |MENU TOGGLE]\n" + " GUI COLOR [-NOOVERRIDE]"}, {"HELP", cmd_help, 0, 0, 1, 0}, {"HOP", cmd_hop, 1, 1, 1, N_("HOP , gives chanhalf-op status to the nick (needs chanop)")}, diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index 4ed4aac9..3d3c8052 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -664,13 +664,13 @@ fe_print_text (struct session *sess, char *text, time_t stamp, return; if (sess == current_tab) - fe_set_tab_color (sess, 0); + fe_set_tab_color (sess, FE_COLOR_NONE); else if (sess->tab_state & TAB_STATE_NEW_HILIGHT) - fe_set_tab_color (sess, 3); + fe_set_tab_color (sess, FE_COLOR_NEW_HILIGHT); else if (sess->tab_state & TAB_STATE_NEW_MSG) - fe_set_tab_color (sess, 2); + fe_set_tab_color (sess, FE_COLOR_NEW_MSG); else - fe_set_tab_color (sess, 1); + fe_set_tab_color (sess, FE_COLOR_NEW_DATA); } void diff --git a/src/fe-gtk/maingui.c b/src/fe-gtk/maingui.c index b77da59b..61f59856 100644 --- a/src/fe-gtk/maingui.c +++ b/src/fe-gtk/maingui.c @@ -175,20 +175,26 @@ fe_flash_window (session *sess) /* set a tab plain, red, light-red, or blue */ void -fe_set_tab_color (struct session *sess, int col) +fe_set_tab_color (struct session *sess, tabcolor col) { struct session *server_sess = sess->server->server_session; + int col_noflags = (col & ~FE_COLOR_ALLFLAGS); + int col_shouldoverride = !(col & FE_COLOR_FLAG_NOOVERRIDE); + if (sess->res->tab && sess->gui->is_tab && (col == 0 || sess != current_tab)) { - switch (col) + switch (col_noflags) { case 0: /* no particular color (theme default) */ sess->tab_state = TAB_STATE_NONE; chan_set_color (sess->res->tab, plain_list); break; case 1: /* new data has been displayed (dark red) */ - sess->tab_state = TAB_STATE_NEW_DATA; - chan_set_color (sess->res->tab, newdata_list); + if (col_shouldoverride || !((sess->tab_state & TAB_STATE_NEW_MSG) + || (sess->tab_state & TAB_STATE_NEW_HILIGHT))) { + sess->tab_state = TAB_STATE_NEW_DATA; + chan_set_color (sess->res->tab, newdata_list); + } if (chan_is_collapsed (sess->res->tab) && !((server_sess->tab_state & TAB_STATE_NEW_MSG) @@ -201,8 +207,10 @@ fe_set_tab_color (struct session *sess, int col) break; case 2: /* new message arrived in channel (light red) */ - sess->tab_state = TAB_STATE_NEW_MSG; - chan_set_color (sess->res->tab, newmsg_list); + if (col_shouldoverride || !(sess->tab_state & TAB_STATE_NEW_HILIGHT)) { + sess->tab_state = TAB_STATE_NEW_MSG; + chan_set_color (sess->res->tab, newmsg_list); + } if (chan_is_collapsed (sess->res->tab) && !(server_sess->tab_state & TAB_STATE_NEW_HILIGHT) @@ -540,7 +548,7 @@ mg_focus (session *sess) /* when called via mg_changui_new, is_tab might be true, but sess->res->tab is still NULL. */ if (sess->res->tab) - fe_set_tab_color (sess, 0); + fe_set_tab_color (sess, FE_COLOR_NONE); } static int diff --git a/src/fe-text/fe-text.c b/src/fe-text/fe-text.c index 1d411ddf..3673a81f 100644 --- a/src/fe-text/fe-text.c +++ b/src/fe-text/fe-text.c @@ -623,7 +623,7 @@ fe_cleanup (void) { } void -fe_set_tab_color (struct session *sess, int col) +fe_set_tab_color (struct session *sess, tabcolor col) { } void -- cgit 1.4.1 From ba5d79b496d0f7d2c01626a90c2de934eb918a10 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Wed, 22 Dec 2021 11:50:36 -0600 Subject: Be smarter about conditionally escaping URIs that are opened Fixes #2659 --- src/fe-gtk/fe-gtk.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) (limited to 'src/fe-gtk/fe-gtk.c') diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index 3d3c8052..285ba42b 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -1054,6 +1054,46 @@ osx_show_uri (const char *url) #endif +static inline char * +escape_uri (const char *uri) +{ + return g_uri_escape_string(uri, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, FALSE); +} + +static inline gboolean +uri_contains_forbidden_characters (const char *uri) +{ + while (*uri) + { + /* This is not an exhaustive list, the full URI has segments that allow characters like "[]:" for example. */ + if (strchr ("`<> ${}\"+", *uri) != NULL || (*uri & 0x80) /* non-ascii */) + return TRUE; + uri++; + } + + return FALSE; +} + +static char * +maybe_escape_uri (const char *uri) +{ + /* There isn't an exact way to know if a string has already been escaped or not + * so we can try some heuristics. */ + + /* If we find characters that should clearly be escaped. */ + if (uri_contains_forbidden_characters (uri)) + return escape_uri (uri); + + /* If it fails to be unescaped then it was not escaped. */ + char *unescaped = g_uri_unescape_string (uri, NULL); + if (!unescaped) + return escape_uri (uri); + g_free (unescaped); + + /* At this point it is probably safe to pass through as-is. */ + return g_strdup (uri); +} + static void fe_open_url_inner (const char *url) { @@ -1071,8 +1111,8 @@ fe_open_url_inner (const char *url) #elif defined(__APPLE__) osx_show_uri (url); #else - char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, - FALSE); + char *escaped_url = maybe_escape_uri (url); + g_debug ("Opening URL \"%s\" (%s)", escaped_url, url); gtk_show_uri (NULL, escaped_url, GDK_CURRENT_TIME, NULL); g_free (escaped_url); #endif -- cgit 1.4.1 From 66f596822509c0d2adb3b90caba1edd09dd61d65 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Wed, 22 Dec 2021 12:04:48 -0600 Subject: Update comment --- src/fe-gtk/fe-gtk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/fe-gtk/fe-gtk.c') diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index 285ba42b..7eca0710 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -1077,8 +1077,8 @@ uri_contains_forbidden_characters (const char *uri) static char * maybe_escape_uri (const char *uri) { - /* There isn't an exact way to know if a string has already been escaped or not - * so we can try some heuristics. */ + /* The only way to know if a string has already been escaped or not + * is by fulling parsing each segement but we can try some more simple heuristics. */ /* If we find characters that should clearly be escaped. */ if (uri_contains_forbidden_characters (uri)) -- cgit 1.4.1