Browse Source

Ensure that custom user .face images are added to allowed paths list. Fixes #98

sisyphus
Dustin Falgout 8 years ago
parent
commit
65196d0d1c
  1. 35
      src/webkit2-extension.c

35
src/webkit2-extension.c

@ -276,24 +276,33 @@ get_user_image_cb(JSContextRef context,
JSObjectRef thisObject, JSObjectRef thisObject,
JSStringRef propertyName, JSStringRef propertyName,
JSValueRef *exception) { JSValueRef *exception) {
const gchar *image_uri = lightdm_user_get_image(USER);
const gchar *image = lightdm_user_get_image(USER);
gchar *image_path; gchar *image_path;
gint result; gint result;
image_path = g_filename_from_uri(image_uri, NULL, NULL); // Determine if we already checked this path
if (image_path) { for (iter = paths; iter; iter = iter->next) {
result = g_access(image_path, R_OK); if (0 == g_strcmp0(image, iter->data)) {
g_free(image_path); // We've already checked this path, no need to continue further.
} else { return string_or_null(context, image);
result = g_access(image_uri, R_OK); }
} }
if (result) { image_path = g_strdup(image);
/* Couldn't access */ result = g_access(image_path, R_OK);
return JSValueMakeNull(context);
} else { if (0 == result) {
return string_or_null(context, image_uri); // Path is accessible. Add it to our paths list.
paths = g_slist_prepend(paths, image_path);
return string_or_null(context, image);
} }
// Path is not accessible.
g_free(image_path);
return JSValueMakeNull(context);
} }
@ -1835,7 +1844,7 @@ should_block_request(const char *file_path) {
if (NULL != canonical_path) { if (NULL != canonical_path) {
for (iter = paths; iter; iter = iter->next) { for (iter = paths; iter; iter = iter->next) {
if (strcmp(canonical_path, iter->data) == 0 || g_str_has_prefix(canonical_path, iter->data)) { if (0 == g_strcmp0(canonical_path, iter->data) || g_str_has_prefix(canonical_path, iter->data)) {
result = FALSE; /* Allowed */ result = FALSE; /* Allowed */
break; break;
} }

Loading…
Cancel
Save