diff options
| author | ubkp <[email protected]> | 2023-10-25 07:17:54 -0300 |
|---|---|---|
| committer | GitHub <[email protected]> | 2023-10-25 12:17:54 +0200 |
| commit | b0c0f2e5606f129175a10919a16b9eaea248f150 (patch) | |
| tree | 5100eae944c826a2d02244e46a3d65a26cead2a3 /src | |
| parent | 7e5eff8a29525df247110268133dcf11f9e72b11 (diff) | |
| download | raylib-b0c0f2e5606f129175a10919a16b9eaea248f150.tar.gz raylib-b0c0f2e5606f129175a10919a16b9eaea248f150.zip | |
Fix OpenURL on SDL (#3460)
Diffstat (limited to 'src')
| -rw-r--r-- | src/platforms/rcore_desktop_sdl.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/platforms/rcore_desktop_sdl.c b/src/platforms/rcore_desktop_sdl.c index ad051a95..ccc2acf0 100644 --- a/src/platforms/rcore_desktop_sdl.c +++ b/src/platforms/rcore_desktop_sdl.c @@ -893,9 +893,15 @@ double GetTime(void) } // Open URL with default system browser (if available) +// NOTE: This function is only safe to use if you control the URL given. +// A user could craft a malicious string performing another action. +// Only call this function yourself not with user input or make sure to check the string yourself. +// Ref: https://github.com/raysan5/raylib/issues/686 void OpenURL(const char *url) { - SDL_OpenURL(url); + // Security check to (partially) avoid malicious code + if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character"); + else SDL_OpenURL(url); } //---------------------------------------------------------------------------------- @@ -1145,7 +1151,7 @@ int InitPlatform(void) //if ((CORE.Window.flags & FLAG_FULLSCREEN_DESKTOP) > 0) flags |= SDL_WINDOW_FULLSCREEN_DESKTOP; // NOTE: Some OpenGL context attributes must be set before window creation - + // Check selection OpenGL version if (rlGetVersion() == RL_OPENGL_21) { @@ -1224,9 +1230,9 @@ int InitPlatform(void) TRACELOG(LOG_INFO, " > Viewport offsets: %i, %i", CORE.Window.renderOffset.x, CORE.Window.renderOffset.y); } else - { - TRACELOG(LOG_FATAL, "PLATFORM: Failed to initialize graphics device"); - return -1; + { + TRACELOG(LOG_FATAL, "PLATFORM: Failed to initialize graphics device"); + return -1; } // Load OpenGL extensions @@ -1253,7 +1259,7 @@ int InitPlatform(void) //---------------------------------------------------------------------------- CORE.Storage.basePath = GetWorkingDirectory(); // Define base path for storage //---------------------------------------------------------------------------- - + TRACELOG(LOG_INFO, "PLATFORM: DESKTOP (SDL): Initialized successfully"); return 0; |