#436 Protection against file type spoofing

[Gabriel Corona]

When called with a regular file as CLI argument, PCManFM (as well as several other file managers) delegate to another program (based on file type infered from file extension or file content) for opening the file.

Moreover, PCManFM is associated with the inode/directory pseudo MIME type (Exec=pcmanfm %U).

This makes it possible for a malicious web server to trick the user into believing he is about to open a file with the file manager whereas he is actually going to open it with another software (https://www.openwall.com/lists/oss-security/2023/01/05/1).

It might make sense to prevent PCManFM invocation triggered through file type association to trigger invocation of other programs.

This might be implemented either by:

Solution 1: not invoking other programs when passed a regular file as CLI argument

Instead, PCManFM would only open the directory containing the file (and possibly preselect it).

This arguably makes sense from a user's point of view:

1. It might make sense to actually open a PCManFM window when pcmanfm is invoked:;
2. this is actually what is described in the man page;
   3.there are several other programs which may be used when the user wants to open a file with whatever program can handle this file.

However, this would break xdg-open which currently relies on pcmanfm to handle regular files under LXDE.

Solution 2: adding a --directory parameter in the Exec line

When invoked with this extra argument, pcmanfm would reject opening non-directory files. This would preserve the existing behavior (including compatibility for xdg-open).