Mercurial > hg > release > icedtea6-1.7
changeset 2008:d87447eb1600
PR592: Sanitize user-entered values used in desktop entries.
2010-11-12 Omair Majid <omajid@redhat.com>
PR592
* NEWS: Updated.
* rt/net/sourceforge/jnlp/util/XDesktopEntry.java:
(getContentsAsReader()): Call sanitize on user-inputted values.
(sanitize(String)): Sanitize values used in desktop
entries.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Wed, 17 Nov 2010 14:24:45 +0000 |
parents | 89ccf12401c2 |
children | f5667b14ce7e |
files | ChangeLog NEWS rt/net/sourceforge/jnlp/util/XDesktopEntry.java |
diffstat | 3 files changed, 29 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Nov 18 13:25:29 2010 +0000 +++ b/ChangeLog Wed Nov 17 14:24:45 2010 +0000 @@ -1,3 +1,12 @@ +2010-11-12 Omair Majid <omajid@redhat.com> + + PR592 + * NEWS: Updated. + * netx/net/sourceforge/jnlp/util/XDesktopEntry.java: + (getContentsAsReader()): Call sanitize on user-inputted values. + (sanitize(String)): Sanitize values used in desktop + entries. + 2010-11-18 Andrew John Hughes <ahughes@redhat.com> * NEWS: Updated.
--- a/NEWS Thu Nov 18 13:25:29 2010 +0000 +++ b/NEWS Wed Nov 17 14:24:45 2010 +0000 @@ -18,6 +18,7 @@ inconsistently. * NetX - Do not prompt user multiple times for the same certificate. + - PR592: NetX can create invalid desktop entry files New in release 1.7.5 (2010-10-13):
--- a/rt/net/sourceforge/jnlp/util/XDesktopEntry.java Thu Nov 18 13:25:29 2010 +0000 +++ b/rt/net/sourceforge/jnlp/util/XDesktopEntry.java Wed Nov 17 14:24:45 2010 +0000 @@ -77,9 +77,9 @@ String fileContents = "[Desktop Entry]\n"; fileContents += "Version=1.0\n"; - fileContents += "Name=" + file.getTitle() + "\n"; + fileContents += "Name=" + sanitize(file.getTitle()) + "\n"; fileContents += "GenericName=Java Web Start Application\n"; - fileContents += "Comment=" + file.getInformation().getDescription() + "\n"; + fileContents += "Comment=" + sanitize(file.getInformation().getDescription()) + "\n"; fileContents += "Type=Application\n"; if (iconLocation != null) { fileContents += "Icon=" + iconLocation + "\n"; @@ -88,7 +88,7 @@ } if (file.getInformation().getVendor() != null) { - fileContents += "Vendor=" + file.getInformation().getVendor() + "\n"; + fileContents += "Vendor=" + sanitize(file.getInformation().getVendor()) + "\n"; } //Shortcut executes the jnlp from cache and system preferred java.. @@ -99,6 +99,22 @@ } /** + * Sanitizes a string so that it can be used safely in a key=value pair in a + * desktop entry file. + * + * @param input a String to sanitize + * @return a string safe to use as either the key or the value in the + * key=value pair in a desktop entry file + */ + private static String sanitize(String input) { + if (input == null) { + return ""; + } + /* key=value pairs must be a single line */ + return input.split("\n")[0]; + } + + /** * Get the size of the icon (in pixels) for the desktop shortcut */ public int getIconSize() {