From 23dbcac12ebfd4391132dd27e646fcf892108502 Mon Sep 17 00:00:00 2001
From: Dylan Simon <dylan@dylex.net>
Date: Sun, 11 Sep 2011 22:19:55 -0400
Subject: Fix some quoting woes

- Avoid buffer overrun in split_quoted with trailing backslash (!)
- Properly quote COMMAND_EXECUTED arguments
- Remove unused and misleading parse_command function
---
 src/io.c        |  1 +
 src/uzbl-core.c | 30 +++++++-----------------------
 2 files changed, 8 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/io.c b/src/io.c
index 062a853..3574e7e 100644
--- a/src/io.c
+++ b/src/io.c
@@ -129,6 +129,7 @@ control_stdin(GIOChannel *gio, GIOCondition condition) {
     parse_cmd_line(ctl_line, result);
     g_free(ctl_line);
 
+    if (*result->str)
     puts(result->str);
     g_string_free(result, TRUE);
 
diff --git a/src/uzbl-core.c b/src/uzbl-core.c
index 4d4868f..1e3bed3 100644
--- a/src/uzbl-core.c
+++ b/src/uzbl-core.c
@@ -527,8 +527,8 @@ split_quoted(const gchar* src, const gboolean unquote) {
     gchar **ret;
     gchar *dup;
     for (p = src; *p != '\0'; p++) {
-        if ((*p == '\\') && unquote) g_string_append_c(s, *++p);
-        else if (*p == '\\') { g_string_append_c(s, *p++);
+        if ((*p == '\\') && unquote && p[1]) g_string_append_c(s, *++p);
+        else if (*p == '\\' && p[1]) { g_string_append_c(s, *p++);
                                g_string_append_c(s, *p); }
         else if ((*p == '"') && unquote && !sq) dq = !dq;
         else if (*p == '"' && !sq) { g_string_append_c(s, *p);
@@ -617,12 +617,14 @@ run_parsed_command(const CommandInfo *c, GArray *a, GString *result) {
     if(strcmp("set", c->key)   &&
        strcmp("event", c->key) &&
        strcmp("request", c->key)) {
-        // FIXME, build string inside send_event
         GString *param = g_string_new("");
         const gchar *p;
         guint i = 0;
-        while ((p = argv_idx(a, i++)))
-            g_string_append_printf(param, " '%s'", p);
+        while ((p = argv_idx(a, i++))) {
+            g_string_append (param, " '");
+            append_escaped (param, p);
+            g_string_append_c (param, '\'');
+        }
 
 	/* might be destructive on array a */
         c->function(uzbl.gui.web_view, a, result);
@@ -694,24 +696,6 @@ parse_command_parts(const gchar *line, GArray *a) {
     return c;
 }
 
-void
-parse_command(const char *cmd, const char *params, GString *result) {
-    CommandInfo *c = g_hash_table_lookup(uzbl.behave.commands, cmd);
-    if(c) {
-        GArray *a = g_array_new (TRUE, FALSE, sizeof(gchar*));
-
-        parse_command_arguments(params, a, c->no_split);
-        run_parsed_command(c, a, result);
-
-        g_array_free (a, TRUE);
-    } else {
-        send_event(COMMAND_ERROR, NULL,
-            TYPE_NAME, cmd,
-            TYPE_STR, params ? params : "",
-            NULL);
-    }
-}
-
 gboolean
 valid_name(const gchar* name) {
     char *invalid_chars = "\t^°!\"§$%&/()=?'`'+~*'#-:,;@<>| \\{}[]¹²³¼½";
-- 
cgit v1.2.3