Maestro Linden avatar Maestro Linden committed a060ea4 Draft

MAINT-536 MAINT-1913 Added missing URL scheme filtering to the Linux viewer, changed URL scheme whitelist. Reviewed by Callum.

Comments (0)

Files changed (3)

indra/llwindow/llwindow.cpp

 BOOL gDebugClicks = FALSE;
 BOOL gDebugWindowProc = FALSE;
 
-const S32 gURLProtocolWhitelistCount = 3;
-const std::string gURLProtocolWhitelist[] = { "file:", "http:", "https:" };
+const S32 gURLProtocolWhitelistCount = 4;
+const std::string gURLProtocolWhitelist[] = { "secondlife:", "http:", "https:", "data:" };
 
 // CP: added a handler list - this is what's used to open the protocol and is based on registry entry
 //	   only meaningful difference currently is that file: protocols are opened using http:
 //	   since no protocol handler exists in registry for file:
 //     Important - these lists should match - protocol to handler
-const std::string gURLProtocolWhitelistHandler[] = { "http", "http", "https" };	
+// Maestro: This list isn't referenced anywhere that I could find
+//const std::string gURLProtocolWhitelistHandler[] = { "http", "http", "https" };	
 
 
 S32 OSMessageBox(const std::string& text, const std::string& caption, U32 type)

indra/llwindow/llwindow.h

 // Protocols, like "http" and "https" we support in URLs
 extern const S32 gURLProtocolWhitelistCount;
 extern const std::string gURLProtocolWhitelist[];
-extern const std::string gURLProtocolWhitelistHandler[];
+//extern const std::string gURLProtocolWhitelistHandler[];
 
 void simpleEscapeString ( std::string& stringIn  );
 

indra/llwindow/llwindowsdl.cpp

 // Must begin with protocol identifier.
 void LLWindowSDL::spawnWebBrowser(const std::string& escaped_url, bool async)
 {
+	bool found = false;
+	S32 i;
+	for (i = 0; i < gURLProtocolWhitelistCount; i++)
+	{
+		if (escaped_url.find(gURLProtocolWhitelist[i]) != std::string::npos)
+		{
+			found = true;
+			break;
+		}
+	}
+
+	if (!found)
+	{
+		llwarns << "spawn_web_browser called for url with protocol not on whitelist: " << escaped_url << llendl;
+		return;
+	}
+
 	llinfos << "spawn_web_browser: " << escaped_url << llendl;
 	
 #if LL_LINUX || LL_SOLARIS
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.