Mercurial > hg > release > icedtea6-1.7

changeset 2008:d87447eb1600

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR592: Sanitize user-entered values used in desktop entries. 2010-11-12 Omair Majid <omajid@redhat.com> PR592 * NEWS: Updated. * rt/net/sourceforge/jnlp/util/XDesktopEntry.java: (getContentsAsReader()): Call sanitize on user-inputted values. (sanitize(String)): Sanitize values used in desktop entries.
author Andrew John Hughes <ahughes@redhat.com>
date Wed, 17 Nov 2010 14:24:45 +0000
parents 89ccf12401c2
children f5667b14ce7e
files ChangeLog NEWS rt/net/sourceforge/jnlp/util/XDesktopEntry.java
diffstat 3 files changed, 29 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Nov 18 13:25:29 2010 +0000
+++ b/ChangeLog	Wed Nov 17 14:24:45 2010 +0000
@@ -1,3 +1,12 @@
+2010-11-12  Omair Majid  <omajid@redhat.com>
+
+	PR592
+	* NEWS: Updated.
+	* netx/net/sourceforge/jnlp/util/XDesktopEntry.java:
+	(getContentsAsReader()): Call sanitize on user-inputted values.
+	(sanitize(String)): Sanitize values used in desktop
+	entries.
+
 2010-11-18  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Updated.
--- a/NEWS	Thu Nov 18 13:25:29 2010 +0000
+++ b/NEWS	Wed Nov 17 14:24:45 2010 +0000
@@ -18,6 +18,7 @@
     inconsistently.
 * NetX
   - Do not prompt user multiple times for the same certificate.
+  - PR592: NetX can create invalid desktop entry files
 
 New in release 1.7.5 (2010-10-13):
 
--- a/rt/net/sourceforge/jnlp/util/XDesktopEntry.java	Thu Nov 18 13:25:29 2010 +0000
+++ b/rt/net/sourceforge/jnlp/util/XDesktopEntry.java	Wed Nov 17 14:24:45 2010 +0000
@@ -77,9 +77,9 @@
 
         String fileContents = "[Desktop Entry]\n";
         fileContents += "Version=1.0\n";
-        fileContents += "Name=" + file.getTitle() + "\n";
+        fileContents += "Name=" + sanitize(file.getTitle()) + "\n";
         fileContents += "GenericName=Java Web Start Application\n";
-        fileContents += "Comment=" + file.getInformation().getDescription() + "\n";
+        fileContents += "Comment=" + sanitize(file.getInformation().getDescription()) + "\n";
         fileContents += "Type=Application\n";
         if (iconLocation != null) {
             fileContents += "Icon=" + iconLocation + "\n";
@@ -88,7 +88,7 @@
             
         }
         if (file.getInformation().getVendor() != null) {
-            fileContents += "Vendor=" + file.getInformation().getVendor() + "\n";
+            fileContents += "Vendor=" + sanitize(file.getInformation().getVendor()) + "\n";
         }
         
         //Shortcut executes the jnlp from cache and system preferred java..
@@ -99,6 +99,22 @@
     }
 
     /**
+     * Sanitizes a string so that it can be used safely in a key=value pair in a
+     * desktop entry file.
+     *
+     * @param input a String to sanitize
+     * @return a string safe to use as either the key or the value in the
+     * key=value pair in a desktop entry file
+     */
+    private static String sanitize(String input) {
+        if (input == null) {
+            return "";
+        }
+        /* key=value pairs must be a single line */
+        return input.split("\n")[0];
+    }
+
+    /**
      * Get the size of the icon (in pixels) for the desktop shortcut
      */
     public int getIconSize() {