OpenURL() - Added small security check

src/core.c

@@ -1820,13 +1820,31 @@ int StorageLoadValue(int position)
 }
 
 // Open URL with default system browser (if available)
-// Note:
+// NOTE: This function is onlyl safe to use if you control the URL given.
-// This function is onlyl safe to use if you control the URL given.
 // A user could craft a malicious string performing another action.
-// Only call this function yourself not with user input or make sure to check the
+// Only call this function yourself not with user input or make sure to check the string yourself.
-// string yourself.
+// CHECK: https://github.com/raysan5/raylib/issues/686
-// See https://github.com/raysan5/raylib/issues/686
 void OpenURL(const char *url)
+{
+    // Small security check trying to avoid (partially) malicious code... 
+    // sorry for the inconvenience when you hit this point...
+    bool validUrl = true;
+    int len = strlen(url);
+    
+    for (int i = 0; i < len; i++) 
+    {
+        if ((url[i] == ';') || 
+            (url[i] == '?') || 
+            (url[i] == ':') || 
+            (url[i] == '=') || 
+            (url[i] == '&')) 
+        {
+            validUrl = false;
+            break;
+        }
+    }
+    
+    if (validUrl)
     {
         char *cmd = calloc(strlen(url) + 10, sizeof(char));
 
@@ -1841,6 +1859,8 @@ void OpenURL(const char *url)
     
         free(cmd);
     }
+    else TraceLog(LOG_WARNING, "Provided URL does not seem to be valid.");
+}
 
 //----------------------------------------------------------------------------------
 // Module Functions Definition - Input (Keyboard, Mouse, Gamepad) Functions