[RAPPS] move icon to a field in .txt file (#2941)

* [RAPPS] move icon to a field in .txt file * [RAPPS] add function PathAppendNoDirEscapeW, apply it.
reactos · Sep 6, 2020 · 4482d0f · 4482d0f
1 parent e636373
commit 4482d0f
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 16 deletions.
diff --git a/base/applications/rapps/available.cpp b/base/applications/rapps/available.cpp
@@ -72,14 +72,33 @@ VOID CAvailableApplicationInfo::RetrieveGeneralInfo(AvailableStrings& AvlbString
         }
         else
         {
-            // TODO: Does the filename contain anything stuff like "\\" ".." ":" "<" ">" ?
+            // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
             // these stuff may lead to security issues
-
             ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath;
             PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots");
-            PathAppendW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
+            BOOL bSuccess = PathAppendNoDirEscapeW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
             ScrnshotName.ReleaseBuffer();
-            m_szScrnshotLocation.Add(ScrnshotName);
+            if (bSuccess)
+            {
+                m_szScrnshotLocation.Add(ScrnshotName);
+            }
+        }
+    }
+
+    // TODO: are we going to support specify an URL for an icon ?
+    ATL::CStringW IconLocation;
+    if (GetString(L"Icon", IconLocation))
+    {
+        // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
+        // these stuff may lead to security issues
+        ATL::CStringW IconPath = AvlbStrings.szAppsPath;
+        PathAppendW(IconPath.GetBuffer(MAX_PATH), L"icons");
+        BOOL bSuccess = PathAppendNoDirEscapeW(IconPath.GetBuffer(), IconLocation.GetString());
+        IconPath.ReleaseBuffer();
+
+        if (bSuccess)
+        {
+            m_szIconLocation = IconPath;
         }
     }
 
@@ -246,6 +265,16 @@ BOOL CAvailableApplicationInfo::RetrieveScrnshot(UINT Index,ATL::CStringW& Scrns
     return TRUE;
 }
 
+BOOL CAvailableApplicationInfo::RetrieveIcon(ATL::CStringW& IconLocation) const
+{
+    if (m_szIconLocation.IsEmpty())
+    {
+        return FALSE;
+    }
+    IconLocation = m_szIconLocation;
+    return TRUE;
+}
+
 VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime)
 {
     RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME));

diff --git a/base/applications/rapps/gui.cpp b/base/applications/rapps/gui.cpp
@@ -2394,18 +2394,16 @@ class CMainWindow :
         }
 
         /* Load icon from file */
-        ATL::CStringW szIconPath = szFolderPath;
-        PathAppendW(szIconPath.GetBuffer(MAX_PATH), L"icons");
-        PathAppendW(szIconPath.GetBuffer(), Info->m_szName.GetString());
-        PathAddExtensionW(szIconPath.GetBuffer(), L".ico");
-        szIconPath.ReleaseBuffer();
-
-        hIcon = (HICON) LoadImageW(NULL,
-                                   szIconPath.GetString(),
-                                   IMAGE_ICON,
-                                   LISTVIEW_ICON_SIZE,
-                                   LISTVIEW_ICON_SIZE,
-                                   LR_LOADFROMFILE);
+        ATL::CStringW szIconPath;
+        if (Info->RetrieveIcon(szIconPath))
+        {
+            hIcon = (HICON)LoadImageW(NULL,
+                szIconPath.GetString(),
+                IMAGE_ICON,
+                LISTVIEW_ICON_SIZE,
+                LISTVIEW_ICON_SIZE,
+                LR_LOADFROMFILE);
+        }
 
         if (!hIcon || GetLastError() != ERROR_SUCCESS)
         {

diff --git a/base/applications/rapps/include/available.h b/base/applications/rapps/include/available.h
@@ -52,6 +52,7 @@ struct CAvailableApplicationInfo
     ATL::CStringW m_szUrlDownload;
     ATL::CSimpleArray<LCID> m_LanguageLCIDs;
     ATL::CSimpleArray<ATL::CStringW> m_szScrnshotLocation;
+    ATL::CStringW m_szIconLocation;
 
     ULONG m_SizeBytes;
 
@@ -75,6 +76,7 @@ struct CAvailableApplicationInfo
     BOOL HasInstalledVersion() const;
     BOOL HasUpdate() const;
     BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const;
+    BOOL RetrieveIcon(ATL::CStringW& IconLocation) const;
     // Set a timestamp
     VOID SetLastWriteTime(FILETIME* ftTime);
 

diff --git a/base/applications/rapps/include/misc.h b/base/applications/rapps/include/misc.h
@@ -44,3 +44,5 @@ class CConfigParser
     BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString);
     BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult);
 };
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore);
diff --git a/base/applications/rapps/misc.cpp b/base/applications/rapps/misc.cpp
@@ -407,3 +407,49 @@ BOOL CConfigParser::GetInt(const ATL::CStringW& KeyName, INT& iResult)
     return (iResult > 0);
 }
 // CConfigParser
+
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore)
+{
+    WCHAR pszPathBuffer[MAX_PATH]; // buffer to store result
+    WCHAR pszPathCopy[MAX_PATH];
+
+    if (!PathCanonicalizeW(pszPathCopy, pszPath))
+    {
+        return FALSE;
+    }
+
+    PathRemoveBackslashW(pszPathCopy);
+
+    if (StringCchCopyW(pszPathBuffer, _countof(pszPathBuffer), pszPathCopy) != S_OK)
+    {
+        return FALSE;
+    }
+
+    if (!PathAppendW(pszPathBuffer, pszMore))
+    {
+        return FALSE;
+    }
+
+    size_t PathLen;
+    if (StringCchLengthW(pszPathCopy, _countof(pszPathCopy), &PathLen) != S_OK)
+    {
+        return FALSE;
+    }
+    int CommonPrefixLen = PathCommonPrefixW(pszPathCopy, pszPathBuffer, NULL);
+
+    if ((unsigned int)CommonPrefixLen != PathLen)
+    {
+        // pszPathBuffer should be a file/folder under pszPath.
+        // but now common prefix len is smaller than length of pszPathCopy
+        // hacking use ".." ?
+        return FALSE;
+    }
+
+    if (StringCchCopyW(pszPath, MAX_PATH, pszPathBuffer) != S_OK)
+    {
+        return FALSE;
+    }
+
+    return TRUE;
+}