Tk Library Source Code

Artifact [ff5e8a1020]
Login
Core Home Blog Docs Downloads Tickets Timeline Branches Tags Wiki
Download Hex

Artifact ff5e8a102056b8cd340e17bedaebbc1bde7a7102:

Attachment "tkchat.patch" to ticket [809821ffff] added by dkf 2003-09-21 00:02:23. 
Index: ChangeLog
===================================================================
RCS file: /cvsroot/tcllib/tclapps/apps/tkchat/ChangeLog,v
retrieving revision 1.87
diff -u -r1.87 ChangeLog
--- ChangeLog	19 Sep 2003 22:06:49 -0000	1.87
+++ ChangeLog	20 Sep 2003 16:54:38 -0000
@@ -1,3 +1,8 @@
+2003-09-20  Donal K. Fellows  <[email protected]>
+
+	* tkchat.tcl (UserInfoDialog,UserInfoParseCallback): Made code
+	robust enough to deal with semi-malicious user info.
+
 2003-09-19  Pat Thoyts  <[email protected]>
 
 	* tkchat.tcl: Added a dialog for editing the user details stored
Index: tkchat.tcl
===================================================================
RCS file: /cvsroot/tcllib/tclapps/apps/tkchat/tkchat.tcl,v
retrieving revision 1.119
diff -u -r1.119 tkchat.tcl
--- tkchat.tcl	20 Sep 2003 00:25:27 -0000	1.119
+++ tkchat.tcl	20 Sep 2003 16:54:53 -0000
@@ -4274,7 +4274,7 @@
     set et [text $e.text -height 6 -bd 1 -background white]
     set es [scrollbar $e.scroll -bd 1 -command [list $et yview]]
     $et configure -yscrollcommand [list $es set]
-    $et insert 0.0 $UserInfo(stuff)
+    catch {$et insert 0.0 $UserInfo(stuff)}
     grid configure $et $es -sticky news
     grid rowconfigure $e 0 -weight 1
     grid columnconfigure $e 0 -weight 1
@@ -4345,13 +4345,13 @@
     switch -exact -- $tag {
         INPUT {
             array set params {}
-            foreach pair [eval list [UserInfoFix $param]] {
-                set p [split $pair =]
-                set params([string toupper [lindex $p 0]]) [lindex $p 1]
+	    foreach {- key value} [regexp -all -inline \
+		    {([A-Z]+)="([^""]*)"} $param] {
+		set params([string toupper $key]) $value
             }
             if {[info exists params(NAME)]} {
-                set UserInfo([string trim $params(NAME) "\""]) \
-                    [string trim $params(VALUE) "\""]
+                set UserInfo($params(NAME)) \
+			[::htmlparse::mapEscapes $params(VALUE)]
             }
         }
         TEXTAREA {
@@ -4360,21 +4360,6 @@
             }
         }
     }
-}
-
-proc ::tkchat::UserInfoFix {s} {
-    set r ""
-    set slash 0
-    set quote 0
-    for {set n 0} {$n < [string length $s]} {incr n} {
-        set c [string index $s $n]
-        switch -exact -- $c {
-            "\"" { set quote [expr {$quote ? 0 : 1}] }
-            " "  { if {$quote} {append r "\\"} }
-        }
-        append r $c
-    }
-    return $r
 }
 
 proc ::tkchat::UserInfoSend {} {
This page was generated in about 0.008s by Fossil 2.24 [f4ffefe708] 2024-04-17 14:02:19