… | |
… | |
49 | #undef ROW |
49 | #undef ROW |
50 | #define ROW(n) THIS->row_buf [LINENO (n)] |
50 | #define ROW(n) THIS->row_buf [LINENO (n)] |
51 | |
51 | |
52 | ///////////////////////////////////////////////////////////////////////////// |
52 | ///////////////////////////////////////////////////////////////////////////// |
53 | |
53 | |
|
|
54 | static SV * |
|
|
55 | taint (SV *sv) |
|
|
56 | { |
|
|
57 | SvTAINT (sv); |
|
|
58 | return sv; |
|
|
59 | } |
|
|
60 | |
|
|
61 | static SV * |
|
|
62 | taint_if (SV *sv, SV *src) |
|
|
63 | { |
|
|
64 | if (SvTAINTED (src)) |
|
|
65 | SvTAINT (sv); |
|
|
66 | |
|
|
67 | return sv; |
|
|
68 | } |
|
|
69 | |
54 | static wchar_t * |
70 | static wchar_t * |
55 | sv2wcs (SV *sv) |
71 | sv2wcs (SV *sv) |
56 | { |
72 | { |
57 | STRLEN len; |
73 | STRLEN len; |
58 | char *str = SvPVutf8 (sv, len); |
74 | char *str = SvPVutf8 (sv, len); |
… | |
… | |
390 | perl_free (perl); |
406 | perl_free (perl); |
391 | } |
407 | } |
392 | } |
408 | } |
393 | |
409 | |
394 | void |
410 | void |
395 | rxvt_perl_interp::init () |
411 | rxvt_perl_interp::init (bool tainted) |
396 | { |
412 | { |
397 | if (!perl) |
413 | if (!perl) |
398 | { |
414 | { |
399 | char *argv[] = { |
415 | char *argv[] = { |
400 | "", |
416 | "", |
401 | "-edo '" LIBDIR "/urxvt.pm' or ($@ and die $@) or exit 1", |
417 | "-edo '" LIBDIR "/urxvt.pm' or ($@ and die $@) or exit 1", |
|
|
418 | "-T", |
402 | }; |
419 | }; |
403 | |
420 | |
404 | perl = perl_alloc (); |
421 | perl = perl_alloc (); |
405 | perl_construct (perl); |
422 | perl_construct (perl); |
406 | |
423 | |
407 | if (perl_parse (perl, xs_init, 2, argv, (char **)NULL) |
424 | if (perl_parse (perl, xs_init, 2 + !!tainted, argv, (char **)NULL) |
408 | || perl_run (perl)) |
425 | || perl_run (perl)) |
409 | { |
426 | { |
410 | rxvt_warn ("unable to initialize perl-interpreter, continuing without.\n"); |
427 | rxvt_warn ("unable to initialize perl-interpreter, continuing without.\n"); |
411 | |
428 | |
412 | perl_destruct (perl); |
429 | perl_destruct (perl); |
… | |
… | |
473 | case DT_LONG: |
490 | case DT_LONG: |
474 | XPUSHs (sv_2mortal (newSViv (va_arg (ap, long)))); |
491 | XPUSHs (sv_2mortal (newSViv (va_arg (ap, long)))); |
475 | break; |
492 | break; |
476 | |
493 | |
477 | case DT_STR: |
494 | case DT_STR: |
478 | XPUSHs (sv_2mortal (newSVpv (va_arg (ap, char *), 0))); |
495 | XPUSHs (taint (sv_2mortal (newSVpv (va_arg (ap, char *), 0)))); |
479 | break; |
496 | break; |
480 | |
497 | |
481 | case DT_STR_LEN: |
498 | case DT_STR_LEN: |
482 | { |
499 | { |
483 | char *str = va_arg (ap, char *); |
500 | char *str = va_arg (ap, char *); |
484 | int len = va_arg (ap, int); |
501 | int len = va_arg (ap, int); |
485 | |
502 | |
486 | XPUSHs (sv_2mortal (newSVpvn (str, len))); |
503 | XPUSHs (taint (sv_2mortal (newSVpvn (str, len)))); |
487 | } |
504 | } |
488 | break; |
505 | break; |
489 | |
506 | |
490 | case DT_WCS_LEN: |
507 | case DT_WCS_LEN: |
491 | { |
508 | { |
492 | wchar_t *wstr = va_arg (ap, wchar_t *); |
509 | wchar_t *wstr = va_arg (ap, wchar_t *); |
493 | int wlen = va_arg (ap, int); |
510 | int wlen = va_arg (ap, int); |
494 | |
511 | |
495 | XPUSHs (sv_2mortal (wcs2sv (wstr, wlen))); |
512 | XPUSHs (taint (sv_2mortal (wcs2sv (wstr, wlen)))); |
496 | } |
513 | } |
497 | break; |
514 | break; |
498 | |
515 | |
499 | case DT_XEVENT: |
516 | case DT_XEVENT: |
500 | { |
517 | { |
… | |
… | |
814 | char *mbstr = rxvt_wcstombs (wstr); |
831 | char *mbstr = rxvt_wcstombs (wstr); |
815 | rxvt_pop_locale (); |
832 | rxvt_pop_locale (); |
816 | |
833 | |
817 | free (wstr); |
834 | free (wstr); |
818 | |
835 | |
819 | RETVAL = newSVpv (mbstr, 0); |
836 | RETVAL = taint_if (newSVpv (mbstr, 0), str); |
820 | free (mbstr); |
837 | free (mbstr); |
821 | } |
838 | } |
822 | OUTPUT: |
839 | OUTPUT: |
823 | RETVAL |
840 | RETVAL |
824 | |
841 | |
… | |
… | |
831 | |
848 | |
832 | rxvt_push_locale (THIS->locale); |
849 | rxvt_push_locale (THIS->locale); |
833 | wchar_t *wstr = rxvt_mbstowcs (data, len); |
850 | wchar_t *wstr = rxvt_mbstowcs (data, len); |
834 | rxvt_pop_locale (); |
851 | rxvt_pop_locale (); |
835 | |
852 | |
836 | RETVAL = wcs2sv (wstr); |
853 | RETVAL = taint_if (wcs2sv (wstr), octets); |
837 | free (wstr); |
854 | free (wstr); |
838 | } |
855 | } |
839 | OUTPUT: |
856 | OUTPUT: |
840 | RETVAL |
857 | RETVAL |
841 | |
858 | |
… | |
… | |
948 | wchar_t *wstr = new wchar_t [THIS->ncol]; |
965 | wchar_t *wstr = new wchar_t [THIS->ncol]; |
949 | |
966 | |
950 | for (int col = 0; col < THIS->ncol; col++) |
967 | for (int col = 0; col < THIS->ncol; col++) |
951 | wstr [col] = l.t [col]; |
968 | wstr [col] = l.t [col]; |
952 | |
969 | |
953 | XPUSHs (sv_2mortal (wcs2sv (wstr, THIS->ncol))); |
970 | XPUSHs (taint (sv_2mortal (wcs2sv (wstr, THIS->ncol)))); |
954 | |
971 | |
955 | delete [] wstr; |
972 | delete [] wstr; |
956 | } |
973 | } |
957 | |
974 | |
958 | if (new_text) |
975 | if (new_text) |
… | |
… | |
1079 | else |
1096 | else |
1080 | *r++ = *s; |
1097 | *r++ = *s; |
1081 | |
1098 | |
1082 | rxvt_pop_locale (); |
1099 | rxvt_pop_locale (); |
1083 | |
1100 | |
1084 | RETVAL = wcs2sv (rstr, r - rstr); |
1101 | RETVAL = taint_if (wcs2sv (rstr, r - rstr), string); |
1085 | |
1102 | |
1086 | delete [] rstr; |
1103 | delete [] rstr; |
1087 | } |
1104 | } |
1088 | OUTPUT: |
1105 | OUTPUT: |
1089 | RETVAL |
1106 | RETVAL |
… | |
… | |
1115 | else if (IS_COMPOSE (*s)) |
1132 | else if (IS_COMPOSE (*s)) |
1116 | r += rxvt_composite.expand (*s, r); |
1133 | r += rxvt_composite.expand (*s, r); |
1117 | else |
1134 | else |
1118 | *r++ = *s; |
1135 | *r++ = *s; |
1119 | |
1136 | |
1120 | RETVAL = wcs2sv (rstr, r - rstr); |
1137 | RETVAL = taint_if (wcs2sv (rstr, r - rstr), text); |
1121 | |
1138 | |
1122 | delete [] rstr; |
1139 | delete [] rstr; |
1123 | } |
1140 | } |
1124 | OUTPUT: |
1141 | OUTPUT: |
1125 | RETVAL |
1142 | RETVAL |
… | |
… | |
1147 | |
1164 | |
1148 | if (!IN_RANGE_EXC (index, 0, NUM_RESOURCES)) |
1165 | if (!IN_RANGE_EXC (index, 0, NUM_RESOURCES)) |
1149 | croak ("requested out-of-bound resource %s+%d,", name, index - rs->value); |
1166 | croak ("requested out-of-bound resource %s+%d,", name, index - rs->value); |
1150 | |
1167 | |
1151 | if (GIMME_V != G_VOID) |
1168 | if (GIMME_V != G_VOID) |
1152 | XPUSHs (THIS->rs [index] ? sv_2mortal (newSVpv (THIS->rs [index], 0)) : &PL_sv_undef); |
1169 | XPUSHs (THIS->rs [index] ? sv_2mortal (taint (newSVpv (THIS->rs [index], 0))) : &PL_sv_undef); |
1153 | |
1170 | |
1154 | if (newval) |
1171 | if (newval) |
1155 | { |
1172 | { |
1156 | if (SvOK (newval)) |
1173 | if (SvOK (newval)) |
1157 | { |
1174 | { |
… | |
… | |
1238 | void |
1255 | void |
1239 | rxvt_term::selection (SV *newtext = 0) |
1256 | rxvt_term::selection (SV *newtext = 0) |
1240 | PPCODE: |
1257 | PPCODE: |
1241 | { |
1258 | { |
1242 | if (GIMME_V != G_VOID) |
1259 | if (GIMME_V != G_VOID) |
1243 | XPUSHs (sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len))); |
1260 | XPUSHs (taint (sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len)))); |
1244 | |
1261 | |
1245 | if (newtext) |
1262 | if (newtext) |
1246 | { |
1263 | { |
1247 | free (THIS->selection.text); |
1264 | free (THIS->selection.text); |
1248 | |
1265 | |