forked from enlightenment/efl
edje_entry: Make a result of retrieve_surrounding_cb secure
Summary: Regardless of the password mode of Entry, _edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text to any callers who register that callback. This commit replace plain text with '*' because current behavior could be a security hole in some case. Reviewers: woohyun, id213sin, jihoon Reviewed By: jihoon Subscribers: cedric, jsuya, z-wony, jpeg Differential Revision: https://phab.enlightenment.org/D4238
This commit is contained in:
parent
16986ffc7a
commit
0e35f8454e
|
@ -4411,6 +4411,13 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_
|
|||
|
||||
if (plain_text)
|
||||
{
|
||||
if (ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA)
|
||||
{
|
||||
char *itr = NULL;
|
||||
for (itr = plain_text; itr && *itr; ++itr)
|
||||
*itr = '*';
|
||||
}
|
||||
|
||||
*text = strdup(plain_text);
|
||||
|
||||
free(plain_text);
|
||||
|
|
Loading…
Reference in New Issue