https://git.reactos.org/?p=reactos.git;a=commitdiff;h=4482d0f4557ec3df12e3982c148353724ac3ebf3
commit 4482d0f4557ec3df12e3982c148353724ac3ebf3 Author: He Yang <[email protected]> AuthorDate: Tue Jun 30 04:40:40 2020 +0800 Commit: Mark Jansen <[email protected]> CommitDate: Sun Sep 6 17:09:20 2020 +0200 [RAPPS] move icon to a field in .txt file (#2941) * [RAPPS] move icon to a field in .txt file * [RAPPS] add function PathAppendNoDirEscapeW, apply it. --- base/applications/rapps/available.cpp | 37 ++++++++++++++++++++--- base/applications/rapps/gui.cpp | 22 +++++++------- base/applications/rapps/include/available.h | 2 ++ base/applications/rapps/include/misc.h | 2 ++ base/applications/rapps/misc.cpp | 46 +++++++++++++++++++++++++++++ 5 files changed, 93 insertions(+), 16 deletions(-) diff --git a/base/applications/rapps/available.cpp b/base/applications/rapps/available.cpp index c26c5aaf622..8af6c78a8b9 100644 --- a/base/applications/rapps/available.cpp +++ b/base/applications/rapps/available.cpp @@ -72,14 +72,33 @@ VOID CAvailableApplicationInfo::RetrieveGeneralInfo(AvailableStrings& AvlbString } else { - // TODO: Does the filename contain anything stuff like "\\" ".." ":" "<" ">" ? + // TODO: Does the filename contain anything stuff like ":" "<" ">" ? // these stuff may lead to security issues - ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath; PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots"); - PathAppendW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString()); + BOOL bSuccess = PathAppendNoDirEscapeW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString()); ScrnshotName.ReleaseBuffer(); - m_szScrnshotLocation.Add(ScrnshotName); + if (bSuccess) + { + m_szScrnshotLocation.Add(ScrnshotName); + } + } + } + + // TODO: are we going to support specify an URL for an icon ? + ATL::CStringW IconLocation; + if (GetString(L"Icon", IconLocation)) + { + // TODO: Does the filename contain anything stuff like ":" "<" ">" ? + // these stuff may lead to security issues + ATL::CStringW IconPath = AvlbStrings.szAppsPath; + PathAppendW(IconPath.GetBuffer(MAX_PATH), L"icons"); + BOOL bSuccess = PathAppendNoDirEscapeW(IconPath.GetBuffer(), IconLocation.GetString()); + IconPath.ReleaseBuffer(); + + if (bSuccess) + { + m_szIconLocation = IconPath; } } @@ -246,6 +265,16 @@ BOOL CAvailableApplicationInfo::RetrieveScrnshot(UINT Index,ATL::CStringW& Scrns return TRUE; } +BOOL CAvailableApplicationInfo::RetrieveIcon(ATL::CStringW& IconLocation) const +{ + if (m_szIconLocation.IsEmpty()) + { + return FALSE; + } + IconLocation = m_szIconLocation; + return TRUE; +} + VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime) { RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME)); diff --git a/base/applications/rapps/gui.cpp b/base/applications/rapps/gui.cpp index 367a13bcb64..b0599074a47 100644 --- a/base/applications/rapps/gui.cpp +++ b/base/applications/rapps/gui.cpp @@ -2394,18 +2394,16 @@ private: } /* Load icon from file */ - ATL::CStringW szIconPath = szFolderPath; - PathAppendW(szIconPath.GetBuffer(MAX_PATH), L"icons"); - PathAppendW(szIconPath.GetBuffer(), Info->m_szName.GetString()); - PathAddExtensionW(szIconPath.GetBuffer(), L".ico"); - szIconPath.ReleaseBuffer(); - - hIcon = (HICON) LoadImageW(NULL, - szIconPath.GetString(), - IMAGE_ICON, - LISTVIEW_ICON_SIZE, - LISTVIEW_ICON_SIZE, - LR_LOADFROMFILE); + ATL::CStringW szIconPath; + if (Info->RetrieveIcon(szIconPath)) + { + hIcon = (HICON)LoadImageW(NULL, + szIconPath.GetString(), + IMAGE_ICON, + LISTVIEW_ICON_SIZE, + LISTVIEW_ICON_SIZE, + LR_LOADFROMFILE); + } if (!hIcon || GetLastError() != ERROR_SUCCESS) { diff --git a/base/applications/rapps/include/available.h b/base/applications/rapps/include/available.h index 917fd261b0e..259b644dce1 100644 --- a/base/applications/rapps/include/available.h +++ b/base/applications/rapps/include/available.h @@ -52,6 +52,7 @@ struct CAvailableApplicationInfo ATL::CStringW m_szUrlDownload; ATL::CSimpleArray<LCID> m_LanguageLCIDs; ATL::CSimpleArray<ATL::CStringW> m_szScrnshotLocation; + ATL::CStringW m_szIconLocation; ULONG m_SizeBytes; @@ -75,6 +76,7 @@ struct CAvailableApplicationInfo BOOL HasInstalledVersion() const; BOOL HasUpdate() const; BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const; + BOOL RetrieveIcon(ATL::CStringW& IconLocation) const; // Set a timestamp VOID SetLastWriteTime(FILETIME* ftTime); diff --git a/base/applications/rapps/include/misc.h b/base/applications/rapps/include/misc.h index 50354c0f7ff..4c1fc6a4b1d 100644 --- a/base/applications/rapps/include/misc.h +++ b/base/applications/rapps/include/misc.h @@ -44,3 +44,5 @@ public: BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString); BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult); }; + +BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore); diff --git a/base/applications/rapps/misc.cpp b/base/applications/rapps/misc.cpp index 9ee6a391f63..8e164db8648 100644 --- a/base/applications/rapps/misc.cpp +++ b/base/applications/rapps/misc.cpp @@ -407,3 +407,49 @@ BOOL CConfigParser::GetInt(const ATL::CStringW& KeyName, INT& iResult) return (iResult > 0); } // CConfigParser + + +BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore) +{ + WCHAR pszPathBuffer[MAX_PATH]; // buffer to store result + WCHAR pszPathCopy[MAX_PATH]; + + if (!PathCanonicalizeW(pszPathCopy, pszPath)) + { + return FALSE; + } + + PathRemoveBackslashW(pszPathCopy); + + if (StringCchCopyW(pszPathBuffer, _countof(pszPathBuffer), pszPathCopy) != S_OK) + { + return FALSE; + } + + if (!PathAppendW(pszPathBuffer, pszMore)) + { + return FALSE; + } + + size_t PathLen; + if (StringCchLengthW(pszPathCopy, _countof(pszPathCopy), &PathLen) != S_OK) + { + return FALSE; + } + int CommonPrefixLen = PathCommonPrefixW(pszPathCopy, pszPathBuffer, NULL); + + if ((unsigned int)CommonPrefixLen != PathLen) + { + // pszPathBuffer should be a file/folder under pszPath. + // but now common prefix len is smaller than length of pszPathCopy + // hacking use ".." ? + return FALSE; + } + + if (StringCchCopyW(pszPath, MAX_PATH, pszPathBuffer) != S_OK) + { + return FALSE; + } + + return TRUE; +}
