diff options
| author | Jeffrey Stedfast <fejj@ximian.com> | 2003-03-13 05:39:09 +0800 |
|---|---|---|
| committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2003-03-13 05:39:09 +0800 |
| commit | 4b32de61d00bf5ae12d4179bede135fd2ded0f9c (patch) | |
| tree | 92debe525bfb370732bd8d56328ca461203a2a3f /mail/mail-display.c | |
| parent | 1f54deb5584629a657a69d62db0e07935322be05 (diff) | |
| download | gsoc2013-evolution-4b32de61d00bf5ae12d4179bede135fd2ded0f9c.tar.gz gsoc2013-evolution-4b32de61d00bf5ae12d4179bede135fd2ded0f9c.tar.zst gsoc2013-evolution-4b32de61d00bf5ae12d4179bede135fd2ded0f9c.zip | |
Security vulnerability fixes.
2003-03-12 Jeffrey Stedfast <fejj@ximian.com>
Security vulnerability fixes.
* mail-display.c (do_external_viewer): Make sure that we don't
launch a bonobo control to view a mime-type that we handle
internally, otherwise maliciously formed HTML mail using <object>
tags could potentially launch a bonobo vontrol to view the mime
part bypassing any checks that Evolution might do on the data
normally.
svn path=/trunk/; revision=20269
Diffstat (limited to 'mail/mail-display.c')
| -rw-r--r-- | mail/mail-display.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/mail/mail-display.c b/mail/mail-display.c index 83387bde92..955de714ea 100644 --- a/mail/mail-display.c +++ b/mail/mail-display.c @@ -1081,6 +1081,11 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb, CORBA_Environment ev; CamelStreamMem *cstream; BonoboStream *bstream; + MailMimeHandler *handler; + + handler = mail_lookup_handler (eb->type); + if (!handler || handler->builtin) + return FALSE; component = gnome_vfs_mime_get_default_component (eb->type); if (!component) |