From 04db5c3f8f9dbf65ca81198ca1a6bbcbaa7a4a03 Mon Sep 17 00:00:00 2001 From: =?utf8?q?V=C3=A1clav=20Slav=C3=ADk?= Date: Sat, 19 Jan 2002 23:23:15 +0000 Subject: [PATCH] implemented URLs blocking in wxHtmlWindow git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@13666 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775 --- include/wx/html/htmlpars.h | 4 ++++ include/wx/html/htmlwin.h | 5 +++++ include/wx/html/winpars.h | 9 ++++++--- src/html/htmlwin.cpp | 6 ++++++ src/html/m_image.cpp | 4 ++++ src/html/winpars.cpp | 23 ++++++++++------------- 6 files changed, 35 insertions(+), 16 deletions(-) diff --git a/include/wx/html/htmlpars.h b/include/wx/html/htmlpars.h index 7d1205ae61..0faf78d4dd 100644 --- a/include/wx/html/htmlpars.h +++ b/include/wx/html/htmlpars.h @@ -48,6 +48,10 @@ public: wxFileSystem* GetFS() const { return m_FS; } + // Returns TRUE if the parser is allowed to open given URL (may be forbidden + // for security reasons) + virtual bool CanOpenURL(const wxString& url) const { return TRUE; } + // You can simply call this method when you need parsed output. // This method does these things: // 1. call InitParser(source); diff --git a/include/wx/html/htmlwin.h b/include/wx/html/htmlwin.h index c58d244feb..22466f4856 100644 --- a/include/wx/html/htmlwin.h +++ b/include/wx/html/htmlwin.h @@ -150,6 +150,11 @@ public: // Called when user clicked on hypertext link. Default behavior is to // call LoadPage(loc) virtual void OnLinkClicked(const wxHtmlLinkInfo& link); + + // Called when wxHtmlWindow wants to fetch data from an URL (e.g. when loading + // a page or loading an image). The data are downloaded if and only if + // OnOpeningURL returns TRUE. + virtual bool OnOpeningURL(const wxString& url) const { return TRUE; } // Returns a pointer to the parser. wxHtmlWinParser *GetParser() const { return m_Parser; } diff --git a/include/wx/html/winpars.h b/include/wx/html/winpars.h index 69f81a56a1..396526b92a 100644 --- a/include/wx/html/winpars.h +++ b/include/wx/html/winpars.h @@ -24,6 +24,7 @@ #include "wx/html/htmlcell.h" #include "wx/encconv.h" +class WXDLLEXPORT wxHtmlWindow; class WXDLLEXPORT wxHtmlWinParser; class WXDLLEXPORT wxHtmlWinTagHandler; class WXDLLEXPORT wxHtmlTagsModule; @@ -40,13 +41,15 @@ class WXDLLEXPORT wxHtmlWinParser : public wxHtmlParser friend class wxHtmlWindow; public: - wxHtmlWinParser(wxWindow *wnd = NULL); + wxHtmlWinParser(wxHtmlWindow *wnd = NULL); ~wxHtmlWinParser(); virtual void InitParser(const wxString& source); virtual void DoneParser(); virtual wxObject* GetProduct(); + virtual bool CanOpenURL(const wxString& url) const; + // Set's the DC used for parsing. If SetDC() is not called, // parsing won't proceed virtual void SetDC(wxDC *dc, double pixel_scale = 1.0) @@ -63,7 +66,7 @@ public: // GetDC()->GetChar...() // returns associated wxWindow - wxWindow *GetWindow() {return m_Window;} + wxHtmlWindow *GetWindow() {return m_Window;} // sets fonts to be used when displaying HTML page. void SetFonts(wxString normal_face, wxString fixed_face, const int *sizes); @@ -130,7 +133,7 @@ private: wxChar *m_tmpStrBuf; size_t m_tmpStrBufSize; // temporary variables used by AddText - wxWindow *m_Window; + wxHtmlWindow *m_Window; // window we're parsing for double m_PixelScale; wxDC *m_DC; diff --git a/src/html/htmlwin.cpp b/src/html/htmlwin.cpp index 0eef9744f0..9625513f47 100644 --- a/src/html/htmlwin.cpp +++ b/src/html/htmlwin.cpp @@ -262,6 +262,12 @@ bool wxHtmlWindow::LoadPage(const wxString& location) m_RelatedFrame->SetStatusText(_("Connecting..."), m_RelatedStatusBar); Refresh(FALSE); } + + if ( !m_Parser->CanOpenURL(location) ) + { + wxLogError(_("Access denied to document '%s'!"), location.c_str()); + return FALSE; + } f = m_FS->OpenFile(location); diff --git a/src/html/m_image.cpp b/src/html/m_image.cpp index 4ab735e28a..5f5cc37d91 100644 --- a/src/html/m_image.cpp +++ b/src/html/m_image.cpp @@ -29,6 +29,7 @@ #include "wx/html/forcelnk.h" #include "wx/html/m_templ.h" +#include "wx/html/htmlwin.h" #include "wx/image.h" #include "wx/gifdecod.h" @@ -547,6 +548,9 @@ TAG_HANDLER_BEGIN(IMG, "IMG,MAP,AREA") wxFSFile *str; wxString tmp = tag.GetParam(wxT("SRC")); wxString mn = wxEmptyString; + + if ( !m_WParser->CanOpenURL(tmp) ) + return FALSE; str = m_WParser->GetFS()->OpenFile(tmp); if (tag.HasParam(wxT("WIDTH"))) diff --git a/src/html/winpars.cpp b/src/html/winpars.cpp index 59b93e0692..479401d392 100644 --- a/src/html/winpars.cpp +++ b/src/html/winpars.cpp @@ -40,7 +40,7 @@ wxList wxHtmlWinParser::m_Modules; -wxHtmlWinParser::wxHtmlWinParser(wxWindow *wnd) : wxHtmlParser() +wxHtmlWinParser::wxHtmlWinParser(wxHtmlWindow *wnd) : wxHtmlParser() { m_tmpStrBuf = NULL; m_tmpStrBufSize = 0; @@ -84,7 +84,6 @@ wxHtmlWinParser::wxHtmlWinParser(wxWindow *wnd) : wxHtmlParser() } } - wxHtmlWinParser::~wxHtmlWinParser() { int i, j, k, l, m; @@ -102,21 +101,16 @@ wxHtmlWinParser::~wxHtmlWinParser() delete[] m_tmpStrBuf; } - void wxHtmlWinParser::AddModule(wxHtmlTagsModule *module) { m_Modules.Append(module); } - - void wxHtmlWinParser::RemoveModule(wxHtmlTagsModule *module) { m_Modules.DeleteObject(module); } - - void wxHtmlWinParser::SetFonts(wxString normal_face, wxString fixed_face, const int *sizes) { int i, j, k, l, m; @@ -140,8 +134,6 @@ void wxHtmlWinParser::SetFonts(wxString normal_face, wxString fixed_face, const } } - - void wxHtmlWinParser::InitParser(const wxString& source) { wxHtmlParser::InitParser(source); @@ -169,8 +161,6 @@ void wxHtmlWinParser::InitParser(const wxString& source) m_Container->InsertCell(new wxHtmlFontCell(CreateCurrentFont())); } - - void wxHtmlWinParser::DoneParser() { m_Container = NULL; @@ -178,8 +168,6 @@ void wxHtmlWinParser::DoneParser() wxHtmlParser::DoneParser(); } - - wxObject* wxHtmlWinParser::GetProduct() { wxHtmlContainerCell *top; @@ -192,6 +180,15 @@ wxObject* wxHtmlWinParser::GetProduct() return top; } +bool wxHtmlWinParser::CanOpenURL(const wxString& url) const +{ + // FIXME - normalize the URL to full path before passing to + // OnOpeningURL!! + if ( m_Window ) + return m_Window->OnOpeningURL(url); + else + return TRUE; +} void wxHtmlWinParser::AddText(const wxChar* txt) { -- 2.47.2