mirrors/raylib
1
0
Fork 0
mirror of https://github.com/raysan5/raylib.git synced 2025-10-02 16:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OpenURL on SDL (#3460)

Browse Source
This commit is contained in:
ubkp
2023-10-25 07:17:54 -03:00
committed by GitHub
parent 7e5eff8a29
commit b0c0f2e560
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/platforms/rcore_desktop_sdl.c
View File

@@ -893,9 +893,15 @@ double GetTime(void)
} }
// Open URL with default system browser (if available) // Open URL with default system browser (if available)
// NOTE: This function is only safe to use if you control the URL given.
// A user could craft a malicious string performing another action.
// Only call this function yourself not with user input or make sure to check the string yourself.
// Ref: https://github.com/raysan5/raylib/issues/686
void OpenURL(const char *url) void OpenURL(const char *url)
{ {
SDL_OpenURL(url); // Security check to (partially) avoid malicious code
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
else SDL_OpenURL(url);
} }
//---------------------------------------------------------------------------------- //----------------------------------------------------------------------------------