|
17 | 17 | #include "nsIOutputStream.h" |
18 | 18 | #include "nsIPrefService.h" |
19 | 19 | #include "nsIStringBundle.h" |
| 20 | +#include "nsIMIMEService.h" |
20 | 21 | #include "nsNetUtil.h" |
21 | 22 | #include "nsServiceManagerUtils.h" |
22 | 23 | #include "nsShellService.h" |
@@ -1459,9 +1460,31 @@ nsWindowsShellService::UnpinShortcutFromTaskbar( |
1459 | 1460 | return ManageShortcutTaskbarPins(runInTestMode, pinType, aShortcutPath); |
1460 | 1461 | } |
1461 | 1462 |
|
| 1463 | +// Ensure that the supplied name doesn't have invalid characters. |
| 1464 | +static void ValidateFilename(nsAString& aFilename) { |
| 1465 | + nsCOMPtr<nsIMIMEService> mimeService = do_GetService("@mozilla.org/mime;1"); |
| 1466 | + if (NS_WARN_IF(!mimeService)) { |
| 1467 | + aFilename.Truncate(); |
| 1468 | + return; |
| 1469 | + } |
| 1470 | + |
| 1471 | + uint32_t flags = nsIMIMEService::VALIDATE_SANITIZE_ONLY; |
| 1472 | + |
| 1473 | + nsAutoString outFilename; |
| 1474 | + mimeService->ValidateFileNameForSaving(aFilename, EmptyCString(), flags, |
| 1475 | + outFilename); |
| 1476 | + aFilename = outFilename; |
| 1477 | +} |
| 1478 | + |
1462 | 1479 | NS_IMETHODIMP |
1463 | 1480 | nsWindowsShellService::GetTaskbarTabShortcutPath(const nsAString& aShortcutName, |
1464 | 1481 | nsAString& aRetPath) { |
| 1482 | + nsAutoString sanitizedShortcutName(aShortcutName); |
| 1483 | + ValidateFilename(sanitizedShortcutName); |
| 1484 | + if (sanitizedShortcutName != aShortcutName) { |
| 1485 | + return NS_ERROR_FILE_INVALID_PATH; |
| 1486 | + } |
| 1487 | + |
1465 | 1488 | // The taskbar tab shortcut will always be in |
1466 | 1489 | // %APPDATA%\Microsoft\Windows\Start Menu\Programs |
1467 | 1490 | RefPtr<IKnownFolderManager> fManager; |
|
0 commit comments