From b2c53fb704fad31cc660d07c28503c521adefb48 Mon Sep 17 00:00:00 2001 From: Dylan Simon Date: Sat, 27 Aug 2011 00:08:47 -0400 Subject: fix shell argument order --- src/uzbl-core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/uzbl-core.c b/src/uzbl-core.c index af60767..4d4868f 100644 --- a/src/uzbl-core.c +++ b/src/uzbl-core.c @@ -595,10 +595,9 @@ spawn_sh(GArray *argv, GString *result) { if(!cmd) return; - gchar *cmdname = g_strdup(cmd[0]); - g_array_insert_val(argv, 1, cmdname); + g_array_insert_val(argv, 1, cmd[0]); - for (i = 1; i < g_strv_length(cmd); i++) + for (i = g_strv_length(cmd)-1; i > 0; i--) g_array_prepend_val(argv, cmd[i]); if (result) { @@ -609,7 +608,6 @@ spawn_sh(GArray *argv, GString *result) { } else run_command(cmd[0], (const gchar **) argv->data, FALSE, NULL); - g_free (cmdname); g_strfreev (cmd); } -- cgit v1.2.3 From d2b8f3353d6dcec90a77a89861d69f95f9d3e2fa Mon Sep 17 00:00:00 2001 From: Dylan Simon Date: Sat, 27 Aug 2011 09:28:12 -0400 Subject: allow back and forward to take numeric count argument --- src/commands.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/commands.c b/src/commands.c index 7b327e6..7689ea1 100644 --- a/src/commands.c +++ b/src/commands.c @@ -92,10 +92,22 @@ VIEWFUNC(reload_bypass_cache) VIEWFUNC(stop_loading) VIEWFUNC(zoom_in) VIEWFUNC(zoom_out) -VIEWFUNC(go_back) -VIEWFUNC(go_forward) #undef VIEWFUNC +void +view_go_back(WebKitWebView *page, GArray *argv, GString *result) { + (void)result; + int n = argv_idx(argv, 0) ? atoi(argv_idx(argv, 0)) : 1; + webkit_web_view_go_back_or_forward(page, -n); +} + +void +view_go_forward(WebKitWebView *page, GArray *argv, GString *result) { + (void)result; + int n = argv_idx(argv, 0) ? atoi(argv_idx(argv, 0)) : 1; + webkit_web_view_go_back_or_forward(page, n); +} + void toggle_zoom_type (WebKitWebView* page, GArray *argv, GString *result) { (void)argv; (void)result; -- cgit v1.2.3 From 23dbcac12ebfd4391132dd27e646fcf892108502 Mon Sep 17 00:00:00 2001 From: Dylan Simon Date: Sun, 11 Sep 2011 22:19:55 -0400 Subject: Fix some quoting woes - Avoid buffer overrun in split_quoted with trailing backslash (!) - Properly quote COMMAND_EXECUTED arguments - Remove unused and misleading parse_command function --- src/io.c | 1 + src/uzbl-core.c | 30 +++++++----------------------- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/src/io.c b/src/io.c index 062a853..3574e7e 100644 --- a/src/io.c +++ b/src/io.c @@ -129,6 +129,7 @@ control_stdin(GIOChannel *gio, GIOCondition condition) { parse_cmd_line(ctl_line, result); g_free(ctl_line); + if (*result->str) puts(result->str); g_string_free(result, TRUE); diff --git a/src/uzbl-core.c b/src/uzbl-core.c index 4d4868f..1e3bed3 100644 --- a/src/uzbl-core.c +++ b/src/uzbl-core.c @@ -527,8 +527,8 @@ split_quoted(const gchar* src, const gboolean unquote) { gchar **ret; gchar *dup; for (p = src; *p != '\0'; p++) { - if ((*p == '\\') && unquote) g_string_append_c(s, *++p); - else if (*p == '\\') { g_string_append_c(s, *p++); + if ((*p == '\\') && unquote && p[1]) g_string_append_c(s, *++p); + else if (*p == '\\' && p[1]) { g_string_append_c(s, *p++); g_string_append_c(s, *p); } else if ((*p == '"') && unquote && !sq) dq = !dq; else if (*p == '"' && !sq) { g_string_append_c(s, *p); @@ -617,12 +617,14 @@ run_parsed_command(const CommandInfo *c, GArray *a, GString *result) { if(strcmp("set", c->key) && strcmp("event", c->key) && strcmp("request", c->key)) { - // FIXME, build string inside send_event GString *param = g_string_new(""); const gchar *p; guint i = 0; - while ((p = argv_idx(a, i++))) - g_string_append_printf(param, " '%s'", p); + while ((p = argv_idx(a, i++))) { + g_string_append (param, " '"); + append_escaped (param, p); + g_string_append_c (param, '\''); + } /* might be destructive on array a */ c->function(uzbl.gui.web_view, a, result); @@ -694,24 +696,6 @@ parse_command_parts(const gchar *line, GArray *a) { return c; } -void -parse_command(const char *cmd, const char *params, GString *result) { - CommandInfo *c = g_hash_table_lookup(uzbl.behave.commands, cmd); - if(c) { - GArray *a = g_array_new (TRUE, FALSE, sizeof(gchar*)); - - parse_command_arguments(params, a, c->no_split); - run_parsed_command(c, a, result); - - g_array_free (a, TRUE); - } else { - send_event(COMMAND_ERROR, NULL, - TYPE_NAME, cmd, - TYPE_STR, params ? params : "", - NULL); - } -} - gboolean valid_name(const gchar* name) { char *invalid_chars = "\t^°!\"§$%&/()=?'`'+~*'#-:,;@<>| \\{}[]¹²³¼½"; -- cgit v1.2.3 From a964be6bd96583f8735fd297856f1c9845850f6a Mon Sep 17 00:00:00 2001 From: Dylan Simon Date: Wed, 14 Sep 2011 17:30:42 -0400 Subject: preserve HttpOnly flag on cookies to prevent XSS attacks --- examples/data/plugins/cookies.py | 16 +++++++++++++--- src/commands.c | 13 +++++++++---- src/cookie-jar.c | 4 +++- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/examples/data/plugins/cookies.py b/examples/data/plugins/cookies.py index e29ee36..a09cf69 100644 --- a/examples/data/plugins/cookies.py +++ b/examples/data/plugins/cookies.py @@ -39,7 +39,9 @@ class TextStore(object): 'TRUE' : 'https', 'FALSE' : 'http' } + extra = '' if cookie[0].startswith("#HttpOnly_"): + extra = 'Only' domain = cookie[0][len("#HttpOnly_"):] elif cookie[0].startswith('#'): return None @@ -50,7 +52,7 @@ class TextStore(object): cookie[2], cookie[5], cookie[6], - scheme[cookie[3]], + scheme[cookie[3]] + extra, cookie[4]) except (KeyError,IndexError): # Let malformed rows pass through like comments @@ -60,9 +62,17 @@ class TextStore(object): """Convert cookie event to cookie.txt row""" secure = { 'https' : 'TRUE', - 'http' : 'FALSE' + 'http' : 'FALSE', + 'httpsOnly' : 'TRUE', + 'httpOnly' : 'FALSE' } - return (cookie[0], + http_only = { + 'https' : '', + 'http' : '', + 'httpsOnly' : '#HttpOnly_', + 'httpOnly' : '#HttpOnly_' + } + return (http_only[cookie[4]] + cookie[0], 'TRUE' if cookie[0].startswith('.') else 'FALSE', cookie[1], secure[cookie[4]], diff --git a/src/commands.c b/src/commands.c index 7689ea1..85057b3 100644 --- a/src/commands.c +++ b/src/commands.c @@ -241,8 +241,8 @@ show_inspector(WebKitWebView *page, GArray *argv, GString *result) { void add_cookie(WebKitWebView *page, GArray *argv, GString *result) { (void) page; (void) result; - gchar *host, *path, *name, *value; - gboolean secure = 0; + gchar *host, *path, *name, *value, *scheme; + gboolean secure = 0, httponly = 0; SoupDate *expires = NULL; if(argv->len != 6) @@ -253,14 +253,19 @@ add_cookie(WebKitWebView *page, GArray *argv, GString *result) { path = argv_idx (argv, 1); name = argv_idx (argv, 2); value = argv_idx (argv, 3); - secure = strcmp (argv_idx (argv, 4), "https") == 0; - if (strlen (argv_idx (argv, 5)) != 0) + scheme = argv_idx (argv, 4); + if (strncmp (scheme, "http", 4) == 0) { + secure = scheme[4] == 's'; + httponly = strncmp (&scheme[4+secure], "Only", 4) == 0; + } + if (argv->len >= 6 && *argv_idx (argv, 5)) expires = soup_date_new_from_time_t ( strtoul (argv_idx (argv, 5), NULL, 10)); // Create new cookie SoupCookie * cookie = soup_cookie_new (name, value, host, path, -1); soup_cookie_set_secure (cookie, secure); + soup_cookie_set_http_only (cookie, httponly); if (expires) soup_cookie_set_expires (cookie, expires); diff --git a/src/cookie-jar.c b/src/cookie-jar.c index dd9585b..2f6be83 100644 --- a/src/cookie-jar.c +++ b/src/cookie-jar.c @@ -40,7 +40,9 @@ changed(SoupCookieJar *jar, SoupCookie *old_cookie, SoupCookie *new_cookie) { * command because otherwise a loop would occur when a cookie change is * propagated to other uzbl instances using add/delete_cookie. */ if(!uzbl_jar->in_manual_add) { - gchar *scheme = cookie->secure ? "https" : "http"; + gchar *scheme = cookie->secure + ? cookie->http_only ? "httpsOnly" : "https" + : cookie->http_only ? "httpOnly" : "http"; gchar *expires = NULL; if(cookie->expires) -- cgit v1.2.3