pidgin/pidgin

Stop using g_uri_escape_string() to escape the URI before launching it.
release-2.x.y
2014-01-13, Mark Doliner
41e1147347a5
Stop using g_uri_escape_string() to escape the URI before launching it.

This was wrong. Take this URL as an example:
https://developer.pidgin.im/search?q=brains&noquickjump=1&wiki=on

When escaped with g_uri_escape_string() it becomes:
https://developer.pidgin.im/search%3Fq%3Dbrains%26noquickjump%3D1%26wiki%3Don

?, = and & are replaced with %3F, %3D and %26 which means they are considered part of the path component rather than query args. I tested and I get 404s when launching that URL with Firefox, Google Chrome, and these manual commands: gnome-open, xdg-open, firefox, google-chrome.

Strangely I DON'T get a 404 when I launch the URL with Konqueror. The original unescaped URL loads. I consider this to be a bug in Konqueror. They would fail to load when launched with a URL that has a question mark as part of the path component because they would convert the remaining path into the query string.

So I ripped out uri_escaped and used uri in its place everywhere.

This bug never got released. We changed the behavior because someone reported
to us that this URL:
http://example.org/$(xterm)
caused xterm to be executed on his system. Obviously that's bad if that
happens, but I don't think it's a bug in Pidgin. We're correctly escaping
all arguments that we pass to the browser command. If a system unescapes those
at some point and execs them, then that system is dangerously broken.

I tested this newest code with Firefox, Google Chrome, Konqueror, and the
manual commands gnome-open and xdg-open and they all work perfectly for me.
/* Declarations for getopt.
NOTE: getopt is now part of the C library, so if you don't know what
"Keep this file name-space clean" means, talk to roland@gnu.ai.mit.edu
before changing it!
Pidgin is the legal property of its developers, whose names are too numerous
to list here. Please refer to the COPYRIGHT file distributed with this
source distribution.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */
#ifndef _GETOPT_H
#define _GETOPT_H 1
#ifdef __cplusplus
extern "C" {
#endif
/* For communication from `getopt' to the caller.
When `getopt' finds an option that takes an argument,
the argument value is returned here.
Also, when `ordering' is RETURN_IN_ORDER,
each non-option ARGV-element is returned here. */
extern char *optarg;
/* Index in ARGV of the next element to be scanned.
This is used for communication to and from the caller
and for communication between successive calls to `getopt'.
On entry to `getopt', zero means this is the first call; initialize.
When `getopt' returns EOF, this is the index of the first of the
non-option elements that the caller should itself scan.
Otherwise, `optind' communicates from one call to the next
how much of ARGV has been scanned so far. */
extern int optind;
/* Callers store zero here to inhibit the error message `getopt' prints
for unrecognized options. */
extern int opterr;
/* Set to an option character which was unrecognized. */
extern int optopt;
/* Describe the long-named options requested by the application.
The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
of `struct option' terminated by an element containing a name which is
zero.
The field `has_arg' is:
no_argument (or 0) if the option does not take an argument,
required_argument (or 1) if the option requires an argument,
optional_argument (or 2) if the option takes an optional argument.
If the field `flag' is not NULL, it points to a variable that is set
to the value given in the field `val' when the option is found, but
left unchanged if the option is not found.
To have a long-named option do something other than set an `int' to
a compiled-in constant, such as set a value from `optarg', set the
option's `flag' field to zero and its `val' field to a nonzero
value (the equivalent single-letter option character, if there is
one). For long options that have a zero `flag' field, `getopt'
returns the contents of the `val' field. */
struct option
{
#if __STDC__
const char *name;
#else
char *name;
#endif
/* has_arg can't be an enum because some compilers complain about
type mismatches in all the code that assumes it is an int. */
int has_arg;
int *flag;
int val;
};
/* Names for the values of the `has_arg' field of `struct option'. */
#define no_argument 0
#define required_argument 1
#define optional_argument 2
#if __STDC__
#if defined(__GNU_LIBRARY__)
/* Many other libraries have conflicting prototypes for getopt, with
differences in the consts, in stdlib.h. To avoid compilation
errors, only prototype getopt for the GNU C library. */
extern int getopt (int argc, char *const *argv, const char *shortopts);
#else /* not __GNU_LIBRARY__ */
extern int getopt ();
#endif /* not __GNU_LIBRARY__ */
extern int getopt_long (int argc, char *const *argv, const char *shortopts,
const struct option *longopts, int *longind);
extern int getopt_long_only (int argc, char *const *argv,
const char *shortopts,
const struct option *longopts, int *longind);
/* Internal only. Users should not call this directly. */
extern int _getopt_internal (int argc, char *const *argv,
const char *shortopts,
const struct option *longopts, int *longind,
int long_only);
#else /* not __STDC__ */
extern int getopt ();
extern int getopt_long ();
extern int getopt_long_only ();
extern int _getopt_internal ();
#endif /* not __STDC__ */
#ifdef __cplusplus
}
#endif
#endif /* _GETOPT_H */