tyler.durden/notepad-plus-plus
1
0
Fork 0
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-09-21 17:08:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

[EURO-FOSSA] Fix a vunerability from "Search on Internet" command

Browse Source 
Restrict the usage of customized search engine on only "http://" or "https://" url schema to avoid whatever application can be launched via "Search on Internet" command.
This commit is contained in:
Don HO 2019-02-20 00:34:28 +01:00
parent 5bcf55c59e
commit b90be4a05b
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
PowerEditor/src/NppCommands.cpp
View File

@ -458,14 +458,16 @@ void Notepad_plus::command(int id)
generic_string url; generic_string url;
if (nppGui._searchEngineChoice == nppGui.se_custom) if (nppGui._searchEngineChoice == nppGui.se_custom)
{ {
if (nppGui._searchEngineCustom.empty()) url = nppGui._searchEngineCustom;
remove_if(url.begin(), url.end(), isspace);
auto httpPos = url.find(TEXT("http://"));
auto httpsPos = url.find(TEXT("https://"));
if (url.empty() || (httpPos != 0 && httpsPos != 0)) // if string is not a url (for launching only browser)
{ {
url = TEXT("https://www.google.com/search?q=$(CURRENT_WORD)"); url = TEXT("https://www.google.com/search?q=$(CURRENT_WORD)");
} }
else
{
url = nppGui._searchEngineCustom.c_str();
}
} }
else if (nppGui._searchEngineChoice == nppGui.se_duckDuckGo) else if (nppGui._searchEngineChoice == nppGui.se_duckDuckGo)
{ {