From 1ac204da9148e7bccb1b5f34b523e2094dfc39e2 Mon Sep 17 00:00:00 2001 From: Boris Faure Date: Sun, 16 Dec 2018 11:13:20 +0100 Subject: [PATCH 1/2] media: only popup known media types through special escape codes. Closes T7504 Those media files are opened within Terminology and not through an external component, thus reducing the attack surface. It is still possible to disable Terminology's escape codes in the settings panel. --- src/bin/media.c | 19 ------------------- src/bin/media.h | 1 - src/bin/win.c | 5 +---- 3 files changed, 1 insertion(+), 24 deletions(-) diff --git a/src/bin/media.c b/src/bin/media.c index 29381a08..d715519c 100644 --- a/src/bin/media.c +++ b/src/bin/media.c @@ -1531,22 +1531,3 @@ media_control_get(const Evas_Object *obj) if (!sd) return NULL; return sd->o_ctrl; } - -void -media_unknown_handle(const char *handler, const char *src) -{ - const char *cmd; - char buf[PATH_MAX]; - char *escaped; - - cmd = "xdg-open"; - escaped = ecore_file_escape_name(src); - if (!escaped) - return; - if (handler && *handler) - cmd = handler; - snprintf(buf, sizeof(buf), "%s %s", cmd, escaped); - free(escaped); - - ecore_exe_run(buf, NULL); -} diff --git a/src/bin/media.h b/src/bin/media.h index 5f33cd47..014ed8f9 100644 --- a/src/bin/media.h +++ b/src/bin/media.h @@ -38,6 +38,5 @@ void media_stop(Evas_Object *obj); const char *media_get(const Evas_Object *obj); Media_Type media_src_type_get(const char *src); Evas_Object *media_control_get(const Evas_Object *obj); -void media_unknown_handle(const char *handler, const char *src); #endif diff --git a/src/bin/win.c b/src/bin/win.c index 5b3dd013..75c7cd84 100644 --- a/src/bin/win.c +++ b/src/bin/win.c @@ -4082,7 +4082,7 @@ static Eina_Bool _media_http_head_timeout(void *data) { Ty_Http_Head *ty_head = data; - media_unknown_handle(ty_head->handler, ty_head->src); + ty_head->timeout = NULL; _ty_http_head_delete(ty_head); return ECORE_CALLBACK_CANCEL; @@ -4151,7 +4151,6 @@ _media_http_head_complete(void *data, _ty_http_head_delete(ty_head); return EINA_TRUE; error: - media_unknown_handle(ty_head->handler, ty_head->src); _ty_http_head_delete(ty_head); return EINA_TRUE; } @@ -4192,8 +4191,6 @@ _popmedia(Term *term, const char *src) error: _ty_http_head_delete(ty_head); #endif - - media_unknown_handle(config->helper.local.general, src); } else { From a01f9ba65beeced76062f6174bda3236784c0ab7 Mon Sep 17 00:00:00 2001 From: Boris Faure Date: Sun, 16 Dec 2018 11:35:55 +0100 Subject: [PATCH 2/2] Terminology release 1.3.1 --- ChangeLog | 8 ++++++++ NEWS | 13 ++++++++++++- README.md | 2 +- man/terminology.1 | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 07182b2c..a56f5eff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2018-12-16 + + * Release v1.3.1 + * Add manpages on Terminology's helpers + * Do not popup unknown media types (security issue) + * Right-click on hyperlinks no longer crashes + + 2018-11-23 * Release v1.3.0 diff --git a/NEWS b/NEWS index 07c0f8a1..39b7a198 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,18 @@ ================= -Terminology 1.3.0 +Terminology 1.3.1 ================= +Changes since 1.3.0: +-------------------- + +Addition: + * Add manpages on Terminology's helpers + +Fixes: + * Do not popup unknown media types (security issue) + * Right-click on hyperlinks no longer crashes + + Changes since 1.2.1: -------------------- diff --git a/README.md b/README.md index 1733d09e..c9246540 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Terminology 1.2.1 +Terminology 1.3.1 ================= This is an EFL terminal emulator with some extra bells and whistles. diff --git a/man/terminology.1 b/man/terminology.1 index 9e025da5..7dc4772b 100644 --- a/man/terminology.1 +++ b/man/terminology.1 @@ -1,5 +1,5 @@ .\" Manpage for Terminology -.TH TERMINOLOGY 1 "23 Nov 2018" "1.3.0" "Terminology man page" +.TH TERMINOLOGY 1 "16 Dec 2018" "1.3.1" "Terminology man page" .SH NAME Terminology \- Terminal Emulator written with EFL (Enlightenment Foundation Libraries). .SH SYNOPSIS