2140
2140
std::string command = rcfile.getURLOpenerFormat();
2142
2142
/// Try to avoid letting flash movies execute
2143
/// arbitrary commands (sic)
2145
/// Maybe we should exec here, but if we do we might have problems
2146
/// with complex urlOpenerFormats like:
2147
/// firefox -remote 'openurl(%u)'
2149
std::string safeurl = url.encode(urlstr);
2143
/// arbitrary commands (sic).
2145
/// NOTE: it is assumed that the user-provided command
2146
/// puts the url place-holder within single quotes.
2147
/// Failing that, there will be the possibility
2148
/// for malicious SWF files to run arbitrary commands.
2151
/// Check safety of user provided command
2153
/// TODO: improve this check
2154
/// - quote nested in double quote
2155
/// - %u after second quote
2157
/// TODO: check only once
2159
bool command_is_safe = false;
2161
std::string::size_type loc = command.find('\'');
2162
if ( loc == std::string::npos ) break;
2163
loc = command.find("%u", loc);
2164
if ( loc == std::string::npos ) break;
2165
loc = command.find('\'', loc);
2166
if ( loc == std::string::npos ) break;
2167
command_is_safe = true;
2170
if ( ! command_is_safe ) {
2171
log_error("The '%%u' token in urlOpenerFormat rc directive should be within single quotes");
2175
std::string safeurl = urlstr;
2176
boost::replace_all(safeurl, "'", "'\\''");
2150
2178
boost::replace_all(command, "%u", safeurl);
2152
2180
log_debug("Launching URL: %s", command);
2153
2181
const int ret = std::system(command.c_str());
2154
2182
if (ret == -1) {