SF.net SVN: geany:[4456] trunk

eht16 at users.sourceforge.net eht16 at xxxxx
Sun Nov 29 20:59:31 UTC 2009 

Revision: 4456
          http://geany.svn.sourceforge.net/geany/?rev=4456&view=rev
Author:   eht16
Date:     2009-11-29 20:59:31 +0000 (Sun, 29 Nov 2009)

Log Message:
-----------
Add a hidden pref to allow executing text which was sent to the terminal directly, i.e. do not strip trailing newline characters.
Also fix the stripping of trailing newline characters if there was more than one.

Modified Paths:
--------------
    trunk/ChangeLog
    trunk/doc/geany.html
    trunk/doc/geany.txt
    trunk/src/keyfile.c
    trunk/src/vte.c
    trunk/src/vte.h

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/ChangeLog	2009-11-29 20:59:31 UTC (rev 4456)
@@ -7,6 +7,11 @@
    Update partly outdated and wrong doc comment.
  * src/main.c, src/main.h, src/socket.c:
    Allow opening Geany projects remotely.
+ * doc/geany.txt, doc/geany.html, src/bte.c, src/vte.h, src/keyfile.c:
+   Add a hidden pref to allow executing text which was sent to the
+   terminal directly, i.e. do not strip trailing newline characters.
+   Also fix the stripping of trailing newline characters if there was
+   more than one.
 
 
 2009-11-26  Frank Lanitz  <frank(at)frank(dot)uvena(dot)de>

Modified: trunk/doc/geany.html
===================================================================
--- trunk/doc/geany.html	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/doc/geany.html	2009-11-29 20:59:31 UTC (rev 4456)
@@ -6,7 +6,7 @@
 <meta name="generator" content="Docutils 0.5: http://docutils.sourceforge.net/" />
 <title>Geany</title>
 <meta name="authors" content="Enrico Tröger  Nick Treleaven  Frank Lanitz" />
-<meta name="date" content="2009-11-18" />
+<meta name="date" content="2009-11-23" />
 <style type="text/css">
 
 /*
@@ -139,7 +139,7 @@
 <br />Nick Treleaven
 <br />Frank Lanitz</td></tr>
 <tr><th class="docinfo-name">Date:</th>
-<td>2009-11-18</td></tr>
+<td>2009-11-23</td></tr>
 <tr><th class="docinfo-name">Version:</th>
 <td>0.19</td></tr>
 </tbody>
@@ -4569,6 +4569,17 @@
 <tt class="docutils literal"><span class="pre">vte/termcap/xterm</span></tt>.</td>
 <td>xterm</td>
 </tr>
+<tr><td>send_selection_unsafe</td>
+<td>By default, Geany strips any trailing
+newline characters from the current
+selection before sending it to the terminal
+to not execute arbitrary code. This is
+mainly a security feature.
+If, for whatever reasons, you really want
+it to be executed directly, set this option
+to true.</td>
+<td>false</td>
+</tr>
 <tr><td><strong>File related</strong></td>
 <td> </td>
 <td> </td>
@@ -5824,7 +5835,7 @@
 <div class="footer">
 <hr class="footer" />
 <a class="reference external" href="geany.txt">View document source</a>.
-Generated on: 2009-11-23 20:57 UTC.
+Generated on: 2009-11-29 20:56 UTC.
 Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
 
 </div>

Modified: trunk/doc/geany.txt
===================================================================
--- trunk/doc/geany.txt	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/doc/geany.txt	2009-11-29 20:59:31 UTC (rev 4456)
@@ -355,10 +355,10 @@
                                        then terminal-support is automatically disabled. Only
                                        available if Geany was compiled with support for VTE.
 
-*none*        --socket-file            Use this socket filename for communication with a 
+*none*        --socket-file            Use this socket filename for communication with a
                                        running Geany instance. This can be used with the following
                                        command to execute Geany on the current workspace::
-                                       
+
                                          geany --socket-file=/tmp/geany-sock-$(xprop -root _NET_CURRENT_DESKTOP | awk '{print $3}')
 
 *none*        --vte-lib                Specify explicitly the path including filename or only
@@ -3935,6 +3935,14 @@
 emulation                         Terminal emulation mode. Only change this    xterm
                                   if you have VTE termcap files other than
                                   ``vte/termcap/xterm``.
+send_selection_unsafe             By default, Geany strips any trailing        false
+                                  newline characters from the current
+                                  selection before sending it to the terminal
+                                  to not execute arbitrary code. This is
+                                  mainly a security feature.
+                                  If, for whatever reasons, you really want
+                                  it to be executed directly, set this option
+                                  to true.
 **File related**
 use_safe_file_saving              Defines the mode how Geany saves files to    false
                                   disk. If disabled, Geany directly writes

Modified: trunk/src/keyfile.c
===================================================================
--- trunk/src/keyfile.c	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/src/keyfile.c	2009-11-29 20:59:31 UTC (rev 4456)
@@ -435,6 +435,9 @@
 
 		if (!g_key_file_has_key(config, "VTE", "emulation", NULL))	/* hidden */
 			g_key_file_set_string(config, "VTE", "emulation", vc->emulation);
+		if (!g_key_file_has_key(config, "VTE", "send_selection_unsafe", NULL))	/* hidden */
+			g_key_file_set_boolean(config, "VTE", "send_selection_unsafe",
+				vc->send_selection_unsafe);
 		g_key_file_set_string(config, "VTE", "font", vc->font);
 		g_key_file_set_boolean(config, "VTE", "scroll_on_key", vc->scroll_on_key);
 		g_key_file_set_boolean(config, "VTE", "scroll_on_out", vc->scroll_on_out);
@@ -731,6 +734,8 @@
 			vte_info.dir = g_strdup("/");
 
 		vc->emulation = utils_get_setting_string(config, "VTE", "emulation", "xterm");
+		vc->send_selection_unsafe = utils_get_setting_boolean(config, "VTE",
+			"send_selection_unsafe", FALSE);
 		vc->shell = utils_get_setting_string(config, "VTE", "shell", shell);
 		vc->font = utils_get_setting_string(config, "VTE", "font", "Monospace 10");
 		vc->scroll_on_key = utils_get_setting_boolean(config, "VTE", "scroll_on_key", TRUE);

Modified: trunk/src/vte.c
===================================================================
--- trunk/src/vte.c	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/src/vte.c	2009-11-29 20:59:31 UTC (rev 4456)
@@ -948,9 +948,23 @@
 
 	len = strlen(text);
 
-	/* Make sure there is no newline character at the end to prevent unwanted execution */
-	if (text[len-1] == '\n' || text[len-1] == '\r')
-		text[len-1] = '\0';
+	if (vc->send_selection_unsafe)
+	{	/* Explicitly append a trailing newline character to get the command executed,
+		   this is disabled by default as it could cause all sorts of damage. */
+		if (text[len-1] != '\n' && text[len-1] != '\r')
+		{
+			setptr(text, g_strconcat(text, "\n", NULL));
+			len++;
+		}
+	}
+	else
+	{	/* Make sure there is no newline character at the end to prevent unwanted execution */
+		while (text[len-1] == '\n' || text[len-1] == '\r')
+		{
+			text[len-1] = '\0';
+			len--;
+		}
+	}
 
 	vf->vte_terminal_feed_child(VTE_TERMINAL(vc->vte), text, len);
 

Modified: trunk/src/vte.h
===================================================================
--- trunk/src/vte.h	2009-11-29 19:59:13 UTC (rev 4455)
+++ trunk/src/vte.h	2009-11-29 20:59:31 UTC (rev 4456)
@@ -52,6 +52,7 @@
 	gboolean skip_run_script;
 	gboolean enable_bash_keys;
 	gboolean cursor_blinks;
+	gboolean send_selection_unsafe;
 	gint scrollback_lines;
 	gchar *emulation;
 	gchar *shell;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Commits mailing list