From: Michael R. <mr...@us...> - 2003-10-24 18:22:54
|
Update of /cvsroot/xine/xine-lib/src/xine-engine In directory sc8-pr-cvs1:/tmp/cvs-serv1340/src/xine-engine Modified Files: xine_interface.c xine.c input_rip.c Log Message: * notify the user that the save feature is disabled by default * security warning when the user tries to set the save_dir to a dangerous location Index: xine_interface.c =================================================================== RCS file: /cvsroot/xine/xine-lib/src/xine-engine/xine_interface.c,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- xine_interface.c 21 Oct 2003 22:10:34 -0000 1.60 +++ xine_interface.c 24 Oct 2003 09:34:01 -0000 1.61 @@ -772,7 +772,7 @@ static char *std_explanation[] = { "", - "Warning", + "Warning:", "Unknown host:", "Unknown device:", "Network unreachable", @@ -781,6 +781,7 @@ "Read error from:", "Error loading library:", "Encrypted media stream detected", + "Security message:" }; if( type >= 0 && type < sizeof(std_explanation)/ Index: xine.c =================================================================== RCS file: /cvsroot/xine/xine-lib/src/xine-engine/xine.c,v retrieving revision 1.259 retrieving revision 1.260 diff -u -r1.259 -r1.260 --- xine.c 20 Oct 2003 08:36:57 -0000 1.259 +++ xine.c 24 Oct 2003 09:34:01 -0000 1.260 @@ -1222,7 +1222,24 @@ static void config_save_cb (void *this_gen, xine_cfg_entry_t *entry) { xine_t *this = (xine_t *)this_gen; + char *homedir_trail_slash = strcat(strdup(xine_get_homedir()), "/"); + if (entry->str_value[0] && + (entry->str_value[0] != '/' || strstr(entry->str_value, "/.") || + strcmp(entry->str_value, xine_get_homedir()) == 0 || + strcmp(entry->str_value, homedir_trail_slash) == 0)) { + xine_stream_t *stream; + + xine_log(this, XINE_LOG_MSG, + _("xine: The specified save_dir \"%s\" might be a security risk.\n"), entry->str_value); + + pthread_mutex_lock(&this->streams_lock); + if ((stream = (xine_stream_t *)xine_list_first_content(this->streams))) + xine_message(stream, XINE_MSG_SECURITY, _("The specified save_dir might be a security risk."), NULL); + pthread_mutex_unlock(&this->streams_lock); + } + + free(homedir_trail_slash); this->save_path = entry->str_value; } Index: input_rip.c =================================================================== RCS file: /cvsroot/xine/xine-lib/src/xine-engine/input_rip.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- input_rip.c 20 Oct 2003 08:36:57 -0000 1.8 +++ input_rip.c 24 Oct 2003 09:34:01 -0000 1.9 @@ -540,6 +540,8 @@ if (!stream->xine->save_path[0]) { xine_log(stream->xine, XINE_LOG_MSG, _("input_rip: target directory wasn't specified, please fill out the option 'misc.save_dir'\n")); + xine_message(stream, XINE_MSG_SECURITY, + _("The stream save feature is disabled until you set misc.save_dir in the configuration.")); return NULL; } |