media: only popup known media types through special escape codes. Closes T7504

Those media files are opened within Terminology and not through an external component, thus reducing the attack surface. It is still possible to disable Terminology's escape codes in the settings panel.
4 years ago · 1ac204da91
parent 64b58bb094
commit 1ac204da91
3 changed files with 1 additions and 24 deletions
--- a/src/bin/media.c
+++ b/src/bin/media.c
@ -1531,22 +1531,3 @@ media_control_get(const Evas_Object *obj)
   if (!sd) return NULL;
   return sd->o_ctrl;
 }
-
-void
-media_unknown_handle(const char *handler, const char *src)
-{
-   const char *cmd;
-   char buf[PATH_MAX];
-   char *escaped;
-
-   cmd = "xdg-open";
-   escaped = ecore_file_escape_name(src);
-   if (!escaped)
-     return;
-   if (handler && *handler)
-     cmd = handler;
-   snprintf(buf, sizeof(buf), "%s %s", cmd, escaped);
-   free(escaped);
-
-   ecore_exe_run(buf, NULL);
-}
--- a/src/bin/media.h
+++ b/src/bin/media.h
@ -38,6 +38,5 @@ void media_stop(Evas_Object *obj);
 const char *media_get(const Evas_Object *obj);
 Media_Type media_src_type_get(const char *src);
 Evas_Object *media_control_get(const Evas_Object *obj);
-void media_unknown_handle(const char *handler, const char *src);

 #endif
--- a/src/bin/win.c
+++ b/src/bin/win.c
@ -4082,7 +4082,7 @@ static Eina_Bool
 _media_http_head_timeout(void *data)
 {
   Ty_Http_Head *ty_head = data;
-   media_unknown_handle(ty_head->handler, ty_head->src);
+
   ty_head->timeout = NULL;
   _ty_http_head_delete(ty_head);
   return ECORE_CALLBACK_CANCEL;
@ -4151,7 +4151,6 @@ _media_http_head_complete(void *data,
   _ty_http_head_delete(ty_head);
   return EINA_TRUE;
 error:
-   media_unknown_handle(ty_head->handler, ty_head->src);
   _ty_http_head_delete(ty_head);
   return EINA_TRUE;
 }
@ -4192,8 +4191,6 @@ _popmedia(Term *term, const char *src)
 error:
        _ty_http_head_delete(ty_head);
 #endif
-
-        media_unknown_handle(config->helper.local.general, src);
     }
   else
     {