WrapEarnPass left a comment (geany/geany#4611) Geany seems to have been designed with the assumption that users are sane. I was trying to minimize changes to match that assumption.
If you're interested in fixing all the escaping problems at once, including things like the Title Bar, and Tab names, and preventing shell escapes <img width="1021" height="511" alt="Image" src="https://github.com/user-attachments/assets/ df6779c1-566b-400a-bf4d-fdcbef7ce365" /> that requires a structural change to Geany. A GeanyDocument should have two built in attributes. A display_ that strips any non-printable characters (as Linux allows ALL characters except / and \0 , and Windows allows almost all of them too.), and a real_ that is run through g_shell_escape or quoted. Consumers of GeanyDocuments should then choose if the attribute they want is the printable name, or the OS safe name, as those two things are vastly different. This should be expanded to real_path as well, as again, folders are files, and everything except / and \0 are allowed there too. A sufficiently malicious zip file could create a path to a document where the path itself is a shell escape. This has to be OS specific as [g_shell_quote](https://github.com/GNOME/glib/blob/main/glib/gshell.c) is not OS agnostic. > We always use single quotes https://www.geany.org/manual/reference/structGeanyDocument.html doc->file_name should be run through g_shell_escape on Linux, or double-quoted on windows (maybe renamed to real_name, to fit the theme) doc->display_name should be limited to g_unichar_isprint==true doc->real_directory should be run through g_shell_escape on Linux, or double-quoted on windows doc->display_directory should be run through g_unichar_isprint==true doc->real_path should be run through g_shell_escape on Linux, or double-quoted on windows doc->display_path should be run through g_unichar_isprint==true doc->real_path should be logically equivalent to real_directory+real_name All Geany UI elements should choose one of the display_* elements. Build menu, and plugins should pick between display_* and real_* depending on their specific case. Messages to Status and Compiler should be display_ and spawn or shell execs should use real_* Then, in the future, if any other edge cases are found, you have a specific designated spot to refactor them out of. Compliant customers (like hopefully, geany-plugins) automatically get fixes by standardizing on GeanyDocument. -- Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/4611#issuecomment-4864704908 You are receiving this because you are subscribed to this thread. Message ID: <geany/geany/issues/4611/[email protected]>
