Revision: 4456 http://geany.svn.sourceforge.net/geany/?rev=4456&view=rev Author: eht16 Date: 2009-11-29 20:59:31 +0000 (Sun, 29 Nov 2009)
Log Message: ----------- Add a hidden pref to allow executing text which was sent to the terminal directly, i.e. do not strip trailing newline characters. Also fix the stripping of trailing newline characters if there was more than one.
Modified Paths: -------------- trunk/ChangeLog trunk/doc/geany.html trunk/doc/geany.txt trunk/src/keyfile.c trunk/src/vte.c trunk/src/vte.h
Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/ChangeLog 2009-11-29 20:59:31 UTC (rev 4456) @@ -7,6 +7,11 @@ Update partly outdated and wrong doc comment. * src/main.c, src/main.h, src/socket.c: Allow opening Geany projects remotely. + * doc/geany.txt, doc/geany.html, src/bte.c, src/vte.h, src/keyfile.c: + Add a hidden pref to allow executing text which was sent to the + terminal directly, i.e. do not strip trailing newline characters. + Also fix the stripping of trailing newline characters if there was + more than one.
2009-11-26 Frank Lanitz <frank(at)frank(dot)uvena(dot)de>
Modified: trunk/doc/geany.html =================================================================== --- trunk/doc/geany.html 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/doc/geany.html 2009-11-29 20:59:31 UTC (rev 4456) @@ -6,7 +6,7 @@ <meta name="generator" content="Docutils 0.5: http://docutils.sourceforge.net/" /> <title>Geany</title> <meta name="authors" content="Enrico Tröger Nick Treleaven Frank Lanitz" /> -<meta name="date" content="2009-11-18" /> +<meta name="date" content="2009-11-23" /> <style type="text/css">
/* @@ -139,7 +139,7 @@ <br />Nick Treleaven <br />Frank Lanitz</td></tr> <tr><th class="docinfo-name">Date:</th> -<td>2009-11-18</td></tr> +<td>2009-11-23</td></tr> <tr><th class="docinfo-name">Version:</th> <td>0.19</td></tr> </tbody> @@ -4569,6 +4569,17 @@ <tt class="docutils literal"><span class="pre">vte/termcap/xterm</span></tt>.</td> <td>xterm</td> </tr> +<tr><td>send_selection_unsafe</td> +<td>By default, Geany strips any trailing +newline characters from the current +selection before sending it to the terminal +to not execute arbitrary code. This is +mainly a security feature. +If, for whatever reasons, you really want +it to be executed directly, set this option +to true.</td> +<td>false</td> +</tr> <tr><td><strong>File related</strong></td> <td> </td> <td> </td> @@ -5824,7 +5835,7 @@ <div class="footer"> <hr class="footer" /> <a class="reference external" href="geany.txt">View document source</a>. -Generated on: 2009-11-23 20:57 UTC. +Generated on: 2009-11-29 20:56 UTC. Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
</div>
Modified: trunk/doc/geany.txt =================================================================== --- trunk/doc/geany.txt 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/doc/geany.txt 2009-11-29 20:59:31 UTC (rev 4456) @@ -355,10 +355,10 @@ then terminal-support is automatically disabled. Only available if Geany was compiled with support for VTE.
-*none* --socket-file Use this socket filename for communication with a +*none* --socket-file Use this socket filename for communication with a running Geany instance. This can be used with the following command to execute Geany on the current workspace:: - + geany --socket-file=/tmp/geany-sock-$(xprop -root _NET_CURRENT_DESKTOP | awk '{print $3}')
*none* --vte-lib Specify explicitly the path including filename or only @@ -3935,6 +3935,14 @@ emulation Terminal emulation mode. Only change this xterm if you have VTE termcap files other than ``vte/termcap/xterm``. +send_selection_unsafe By default, Geany strips any trailing false + newline characters from the current + selection before sending it to the terminal + to not execute arbitrary code. This is + mainly a security feature. + If, for whatever reasons, you really want + it to be executed directly, set this option + to true. **File related** use_safe_file_saving Defines the mode how Geany saves files to false disk. If disabled, Geany directly writes
Modified: trunk/src/keyfile.c =================================================================== --- trunk/src/keyfile.c 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/src/keyfile.c 2009-11-29 20:59:31 UTC (rev 4456) @@ -435,6 +435,9 @@
if (!g_key_file_has_key(config, "VTE", "emulation", NULL)) /* hidden */ g_key_file_set_string(config, "VTE", "emulation", vc->emulation); + if (!g_key_file_has_key(config, "VTE", "send_selection_unsafe", NULL)) /* hidden */ + g_key_file_set_boolean(config, "VTE", "send_selection_unsafe", + vc->send_selection_unsafe); g_key_file_set_string(config, "VTE", "font", vc->font); g_key_file_set_boolean(config, "VTE", "scroll_on_key", vc->scroll_on_key); g_key_file_set_boolean(config, "VTE", "scroll_on_out", vc->scroll_on_out); @@ -731,6 +734,8 @@ vte_info.dir = g_strdup("/");
vc->emulation = utils_get_setting_string(config, "VTE", "emulation", "xterm"); + vc->send_selection_unsafe = utils_get_setting_boolean(config, "VTE", + "send_selection_unsafe", FALSE); vc->shell = utils_get_setting_string(config, "VTE", "shell", shell); vc->font = utils_get_setting_string(config, "VTE", "font", "Monospace 10"); vc->scroll_on_key = utils_get_setting_boolean(config, "VTE", "scroll_on_key", TRUE);
Modified: trunk/src/vte.c =================================================================== --- trunk/src/vte.c 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/src/vte.c 2009-11-29 20:59:31 UTC (rev 4456) @@ -948,9 +948,23 @@
len = strlen(text);
- /* Make sure there is no newline character at the end to prevent unwanted execution */ - if (text[len-1] == '\n' || text[len-1] == '\r') - text[len-1] = '\0'; + if (vc->send_selection_unsafe) + { /* Explicitly append a trailing newline character to get the command executed, + this is disabled by default as it could cause all sorts of damage. */ + if (text[len-1] != '\n' && text[len-1] != '\r') + { + setptr(text, g_strconcat(text, "\n", NULL)); + len++; + } + } + else + { /* Make sure there is no newline character at the end to prevent unwanted execution */ + while (text[len-1] == '\n' || text[len-1] == '\r') + { + text[len-1] = '\0'; + len--; + } + }
vf->vte_terminal_feed_child(VTE_TERMINAL(vc->vte), text, len);
Modified: trunk/src/vte.h =================================================================== --- trunk/src/vte.h 2009-11-29 19:59:13 UTC (rev 4455) +++ trunk/src/vte.h 2009-11-29 20:59:31 UTC (rev 4456) @@ -52,6 +52,7 @@ gboolean skip_run_script; gboolean enable_bash_keys; gboolean cursor_blinks; + gboolean send_selection_unsafe; gint scrollback_lines; gchar *emulation; gchar *shell;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.