notepad-plus-plus/src at 0f936707a2457eb4611d7d42a68a3e066614f8e4 - notepad-plus-plus - Gitea: Git with a cup of tea

tyler.durden/notepad-plus-plus

mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-12-07 21:59:45 +01:00

History

Don HO 0f936707a2 [EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder"

Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.

Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd

Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.

2019-01-14 20:20:19 +01:00

..

Moved PowerEditor in trunk remotely

2009-04-24 23:34:47 +00:00

Notepad++ 7.6.2 release Gilet Jaune Edition

2019-01-01 02:46:17 +01:00

Export function list in json format

2017-09-11 02:46:15 +02:00

Fix a compiling error due to bad formatted ressource file.

2018-12-17 14:11:41 +01:00

ScitillaComponent

Change folder location of auto-completion

2018-12-23 04:27:56 +01:00

Warning/error fixes as per VS2017 code analysis

2018-02-19 12:21:35 +01:00

Fix GDI objects leak problem

2018-03-11 01:05:29 +01:00

Update uchardet to 0.0.6 to improve UTF-8 detection quality

2018-11-09 13:49:58 +01:00

[EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder"

2019-01-14 20:20:19 +01:00

clipboardFormats.h

[UPDATE] Update the GPL of all project source code to avoid the bundle version made by the tiers sites : cnet, softonic and 01net.

2012-04-15 16:54:38 +00:00

CMakeLists.txt

CMake: use WIN32 variable

2016-11-19 18:33:18 +01:00

config.4zipPackage.xml

Add Plugins Admin module into zipped package

2018-12-23 01:20:32 +01:00

contextMenu.xml

Cleanup in context menu and Run entries

2018-05-26 00:00:09 +02:00

dpiAware.manifest

[NEW] DPI aware (in progress).

2014-01-21 21:29:45 +00:00

dpiManager.h

[NEW_FEATURE] Make Notepad++ DPI-aware.

2014-02-11 00:26:24 +00:00

EncodingMapper.cpp

Fix broken indicies in EncodingMapper

2017-12-28 20:34:07 +01:00

EncodingMapper.h

Fix a plugin installation problem

2018-08-19 18:04:16 +02:00

functionList.xml

Add unit tests for function list feature

2018-04-13 12:46:03 +02:00

keys.h

[UPDATE] Update the GPL of all project source code to avoid the bundle version made by the tiers sites : cnet, softonic and 01net.

2012-04-15 16:54:38 +00:00

langs.model.xml

Updates rust keywords and primitive types for 2018 edition

2018-12-25 20:10:19 +01:00

lastRecentFileList.cpp

Fix 2 different files whose canonic names are the same can't be opened

2018-02-04 04:26:52 +01:00

lastRecentFileList.h

Fixed cppChecker reported issues

2017-07-17 10:35:25 +02:00

lesDlgs.cpp

Improve code quality by using static code analysis tool (cppchecker)

2016-07-18 02:08:29 +02:00

lesDlgs.h

Some code enhancements

2016-07-11 01:07:01 +02:00

localization.cpp

Make new added SHA-256 hash features translatable

2018-12-26 00:06:04 +01:00

localization.h

Make Plugins Admin translatable

2018-11-27 13:12:56 +01:00

localizationString.h

Add Zulu localization

2018-12-29 12:40:35 +01:00

menuCmdID.h

Add generation of SHA-256 hash feature

2018-12-16 20:14:30 +01:00

Notepad_plus_Window.cpp

Clean up

2018-06-24 01:16:01 +02:00

Notepad_plus_Window.h

Ghost typing enhancement

2018-03-10 11:30:55 +01:00

Notepad_plus.cpp

Make new added SHA-256 hash features translatable

2018-12-26 00:06:04 +01:00

Notepad_plus.h

Add generation of SHA-256 hash feature

2018-12-16 20:14:30 +01:00

Notepad_plus.rc

Notepad++ 7.6.2 release Gilet Jaune Edition

2019-01-01 02:46:17 +01:00

notepad++.exe.manifest

Enhance the version detection capacity

2015-12-05 21:39:53 +01:00

NppBigSwitch.cpp

Remove unecessary message boxes from some NPPM API

2018-12-09 22:29:34 +01:00

NppCommands.cpp

[EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder"

2019-01-14 20:20:19 +01:00

NppIO.cpp

Fix "Close all but this" behaviour if multiple views are present and some files are dirty.

2018-11-10 16:45:37 +01:00

NppNotification.cpp

Add checking MD5 ability in Plugin Admin

2018-09-27 09:56:58 +02:00

Parameters.cpp

Fix the plugin crash issue due to the inexistent path

2018-12-17 10:16:01 +01:00

Parameters.h

Change loading plugin list location

2018-12-04 13:38:25 +01:00

resource.h

Notepad++ 7.6.2 release Gilet Jaune Edition

2019-01-01 02:46:17 +01:00

rgba_icons.h

Make margins dpi aware

2016-08-17 00:12:13 +02:00

shortcuts.xml

Cleanup in context menu and Run entries

2018-05-26 00:00:09 +02:00

StaticControl.h

[UPDATE] Update the GPL of all project source code to avoid the bundle version made by the tiers sites : cnet, softonic and 01net.

2012-04-15 16:54:38 +00:00

stylers.model.xml

Fix invalid xml syntax issue from #4572

2018-12-09 15:50:23 +01:00

toolbarIcons.xml

Moved PowerEditor in trunk remotely

2009-04-24 23:34:47 +00:00

UniConversion.cpp

[UPDATE] Unprecompile headers (part 3)

2015-06-02 18:01:47 +02:00

UniConversion.h

[UPDATE] Unprecompile headers (part 3)

2015-06-02 18:01:47 +02:00

userDefineLang.xml

Moved PowerEditor in trunk remotely

2009-04-24 23:34:47 +00:00

Utf8_16.cpp

Fix UTF-8 detection for 4 byte characters

2018-11-09 13:39:00 +01:00

Utf8_16.h

x64 ready

2016-06-05 20:30:22 +02:00

Utf8.h

[BUG_FIXED] (Author: François-R Boyer) Fix DBCS encodings file saving corruption bug.

2010-08-16 16:52:03 +00:00

winmain.cpp

Add -notepadStyleCmdline for Notepad-style command line processing (/p -> -quickPrint and joining paths)

2018-10-12 00:41:52 +02:00