UnrealXR/raylib
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #688 from jubalh/master

Browse source 
Check for single apostrophe in OpenURL()
This commit is contained in:
Ray 2018-11-13 15:03:24 +01:00 committed by GitHub
commit ffcd13bd9f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/core.c
View file

@ -1828,24 +1828,10 @@ void OpenURL(const char *url)
{
// Small security check trying to avoid (partially) malicious code...
// sorry for the inconvenience when you hit this point...
bool validUrl = true;
int len = strlen(url);
for (int i = 0; i < len; i++)
{
if ((url[i] == ';') ||
(url[i] == '?') ||
(url[i] == ':') ||
(url[i] == '=') ||
(url[i] == '&'))
{
validUrl = false;
break;
}
}
if (validUrl)
if (strchr(url, '\'') != NULL)
{
TraceLog(LOG_WARNING, "Provided URL does not seem to be valid.");
} else {
char *cmd = calloc(strlen(url) + 10, sizeof(char));
#if defined(_WIN32)
@ -1856,10 +1842,9 @@ void OpenURL(const char *url)
sprintf(cmd, "open '%s'", url);
#endif
system(cmd);
free(cmd);
}
else TraceLog(LOG_WARNING, "Provided URL does not seem to be valid.");
}
//----------------------------------------------------------------------------------