# HG changeset patch
# User Andrew John Hughes <ahughes@redhat.com>
# Date 1290003885 0
# Node ID d87447eb160055e4bc716d73fcf5f3fa2276041a
# Parent  89ccf12401c29b4b59c431120f2d4a5254b95fe4
PR592: Sanitize user-entered values used in desktop entries.

2010-11-12  Omair Majid  <omajid@redhat.com>

	PR592
	* NEWS: Updated.
	* rt/net/sourceforge/jnlp/util/XDesktopEntry.java:
	(getContentsAsReader()): Call sanitize on user-inputted values.
	(sanitize(String)): Sanitize values used in desktop
	entries.

diff -r 89ccf12401c2 -r d87447eb1600 ChangeLog
--- a/ChangeLog	Thu Nov 18 13:25:29 2010 +0000
+++ b/ChangeLog	Wed Nov 17 14:24:45 2010 +0000
@@ -1,3 +1,12 @@
+2010-11-12  Omair Majid  <omajid@redhat.com>
+
+	PR592
+	* NEWS: Updated.
+	* netx/net/sourceforge/jnlp/util/XDesktopEntry.java:
+	(getContentsAsReader()): Call sanitize on user-inputted values.
+	(sanitize(String)): Sanitize values used in desktop
+	entries.
+
 2010-11-18  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Updated.
diff -r 89ccf12401c2 -r d87447eb1600 NEWS
--- a/NEWS	Thu Nov 18 13:25:29 2010 +0000
+++ b/NEWS	Wed Nov 17 14:24:45 2010 +0000
@@ -18,6 +18,7 @@
     inconsistently.
 * NetX
   - Do not prompt user multiple times for the same certificate.
+  - PR592: NetX can create invalid desktop entry files
 
 New in release 1.7.5 (2010-10-13):
 
diff -r 89ccf12401c2 -r d87447eb1600 rt/net/sourceforge/jnlp/util/XDesktopEntry.java
--- a/rt/net/sourceforge/jnlp/util/XDesktopEntry.java	Thu Nov 18 13:25:29 2010 +0000
+++ b/rt/net/sourceforge/jnlp/util/XDesktopEntry.java	Wed Nov 17 14:24:45 2010 +0000
@@ -77,9 +77,9 @@
 
         String fileContents = "[Desktop Entry]\n";
         fileContents += "Version=1.0\n";
-        fileContents += "Name=" + file.getTitle() + "\n";
+        fileContents += "Name=" + sanitize(file.getTitle()) + "\n";
         fileContents += "GenericName=Java Web Start Application\n";
-        fileContents += "Comment=" + file.getInformation().getDescription() + "\n";
+        fileContents += "Comment=" + sanitize(file.getInformation().getDescription()) + "\n";
         fileContents += "Type=Application\n";
         if (iconLocation != null) {
             fileContents += "Icon=" + iconLocation + "\n";
@@ -88,7 +88,7 @@
             
         }
         if (file.getInformation().getVendor() != null) {
-            fileContents += "Vendor=" + file.getInformation().getVendor() + "\n";
+            fileContents += "Vendor=" + sanitize(file.getInformation().getVendor()) + "\n";
         }
         
         //Shortcut executes the jnlp from cache and system preferred java..
@@ -99,6 +99,22 @@
     }
 
     /**
+     * Sanitizes a string so that it can be used safely in a key=value pair in a
+     * desktop entry file.
+     *
+     * @param input a String to sanitize
+     * @return a string safe to use as either the key or the value in the
+     * key=value pair in a desktop entry file
+     */
+    private static String sanitize(String input) {
+        if (input == null) {
+            return "";
+        }
+        /* key=value pairs must be a single line */
+        return input.split("\n")[0];
+    }
+
+    /**
      * Get the size of the icon (in pixels) for the desktop shortcut
      */
     public int getIconSize() {