From 74129cabefae3eb4775125bfb0e2002b37c14279 Mon Sep 17 00:00:00 2001 From: Green Sky Date: Tue, 9 Jan 2024 02:26:50 +0100 Subject: [PATCH] fix url open with unsanitized strings --- src/chat_gui4.cpp | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/src/chat_gui4.cpp b/src/chat_gui4.cpp index 7c6e8076..12416d2d 100644 --- a/src/chat_gui4.cpp +++ b/src/chat_gui4.cpp @@ -18,17 +18,19 @@ #include "./media_meta_info_loader.hpp" #include "./sdl_clipboard_utils.hpp" +#include #include +#include +#include +#include +#include +#include +#include +#include #include #include #include -#include -#include -#include -#include -#include -#include -#include + namespace Components { @@ -43,6 +45,32 @@ static float lerp(float a, float b, float t) { return a + t * (b - a); } +static std::string file_url_escape(const std::string&& value) { + std::ostringstream escaped; + + escaped << std::hex; + escaped.fill('0'); + + for (const char c : value) { + if ( + c == '-' || c == '_' || c == '.' || c == '~' || // normal allowed url chars + std::isalnum(static_cast(c)) || // more normal + c == '/' // special bc its a file:// + ) { + escaped << c; + } else { + escaped + << std::uppercase + << '%' << + std::setw(2) << static_cast((static_cast(c))) + << std::nouppercase + ; + } + } + + return escaped.str(); +} + ChatGui4::ChatGui4( ConfigModelI& conf, RegistryMessageModel& rmm, @@ -618,9 +646,8 @@ void ChatGui4::renderMessageBodyFile(Message3Registry& reg, const Message3 e) { const auto& local_info = reg.get(e); if (local_info.file_list.size() > i && ImGui::BeginPopupContextItem("##file_c")) { if (ImGui::MenuItem("open")) { - std::string url{"file://" + std::filesystem::canonical(local_info.file_list.at(i)).u8string()}; + std::string url{"file://" + file_url_escape(std::filesystem::canonical(local_info.file_list.at(i)).u8string())}; std::cout << "opening file '" << url << "'\n"; - SDL_OpenURL(url.c_str()); } ImGui::EndPopup();