[RAPPS] move icon to a field in .txt file (#2941)

* [RAPPS] move icon to a field in .txt file
* [RAPPS] add function PathAppendNoDirEscapeW, apply it.
This commit is contained in:
He Yang 2020-06-30 04:40:40 +08:00 committed by Mark Jansen
parent e636373016
commit 4482d0f455
No known key found for this signature in database
GPG key ID: B39240EE84BEAE8B
5 changed files with 93 additions and 16 deletions

View file

@ -72,16 +72,35 @@ VOID CAvailableApplicationInfo::RetrieveGeneralInfo(AvailableStrings& AvlbString
} }
else else
{ {
// TODO: Does the filename contain anything stuff like "\\" ".." ":" "<" ">" ? // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
// these stuff may lead to security issues // these stuff may lead to security issues
ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath; ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath;
PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots"); PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots");
PathAppendW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString()); BOOL bSuccess = PathAppendNoDirEscapeW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
ScrnshotName.ReleaseBuffer(); ScrnshotName.ReleaseBuffer();
if (bSuccess)
{
m_szScrnshotLocation.Add(ScrnshotName); m_szScrnshotLocation.Add(ScrnshotName);
} }
} }
}
// TODO: are we going to support specify an URL for an icon ?
ATL::CStringW IconLocation;
if (GetString(L"Icon", IconLocation))
{
// TODO: Does the filename contain anything stuff like ":" "<" ">" ?
// these stuff may lead to security issues
ATL::CStringW IconPath = AvlbStrings.szAppsPath;
PathAppendW(IconPath.GetBuffer(MAX_PATH), L"icons");
BOOL bSuccess = PathAppendNoDirEscapeW(IconPath.GetBuffer(), IconLocation.GetString());
IconPath.ReleaseBuffer();
if (bSuccess)
{
m_szIconLocation = IconPath;
}
}
RetrieveSize(); RetrieveSize();
RetrieveLicenseType(); RetrieveLicenseType();
@ -246,6 +265,16 @@ BOOL CAvailableApplicationInfo::RetrieveScrnshot(UINT Index,ATL::CStringW& Scrns
return TRUE; return TRUE;
} }
BOOL CAvailableApplicationInfo::RetrieveIcon(ATL::CStringW& IconLocation) const
{
if (m_szIconLocation.IsEmpty())
{
return FALSE;
}
IconLocation = m_szIconLocation;
return TRUE;
}
VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime) VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime)
{ {
RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME)); RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME));

View file

@ -2394,18 +2394,16 @@ private:
} }
/* Load icon from file */ /* Load icon from file */
ATL::CStringW szIconPath = szFolderPath; ATL::CStringW szIconPath;
PathAppendW(szIconPath.GetBuffer(MAX_PATH), L"icons"); if (Info->RetrieveIcon(szIconPath))
PathAppendW(szIconPath.GetBuffer(), Info->m_szName.GetString()); {
PathAddExtensionW(szIconPath.GetBuffer(), L".ico");
szIconPath.ReleaseBuffer();
hIcon = (HICON)LoadImageW(NULL, hIcon = (HICON)LoadImageW(NULL,
szIconPath.GetString(), szIconPath.GetString(),
IMAGE_ICON, IMAGE_ICON,
LISTVIEW_ICON_SIZE, LISTVIEW_ICON_SIZE,
LISTVIEW_ICON_SIZE, LISTVIEW_ICON_SIZE,
LR_LOADFROMFILE); LR_LOADFROMFILE);
}
if (!hIcon || GetLastError() != ERROR_SUCCESS) if (!hIcon || GetLastError() != ERROR_SUCCESS)
{ {

View file

@ -52,6 +52,7 @@ struct CAvailableApplicationInfo
ATL::CStringW m_szUrlDownload; ATL::CStringW m_szUrlDownload;
ATL::CSimpleArray<LCID> m_LanguageLCIDs; ATL::CSimpleArray<LCID> m_LanguageLCIDs;
ATL::CSimpleArray<ATL::CStringW> m_szScrnshotLocation; ATL::CSimpleArray<ATL::CStringW> m_szScrnshotLocation;
ATL::CStringW m_szIconLocation;
ULONG m_SizeBytes; ULONG m_SizeBytes;
@ -75,6 +76,7 @@ struct CAvailableApplicationInfo
BOOL HasInstalledVersion() const; BOOL HasInstalledVersion() const;
BOOL HasUpdate() const; BOOL HasUpdate() const;
BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const; BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const;
BOOL RetrieveIcon(ATL::CStringW& IconLocation) const;
// Set a timestamp // Set a timestamp
VOID SetLastWriteTime(FILETIME* ftTime); VOID SetLastWriteTime(FILETIME* ftTime);

View file

@ -44,3 +44,5 @@ public:
BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString); BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString);
BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult); BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult);
}; };
BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore);

View file

@ -407,3 +407,49 @@ BOOL CConfigParser::GetInt(const ATL::CStringW& KeyName, INT& iResult)
return (iResult > 0); return (iResult > 0);
} }
// CConfigParser // CConfigParser
BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore)
{
WCHAR pszPathBuffer[MAX_PATH]; // buffer to store result
WCHAR pszPathCopy[MAX_PATH];
if (!PathCanonicalizeW(pszPathCopy, pszPath))
{
return FALSE;
}
PathRemoveBackslashW(pszPathCopy);
if (StringCchCopyW(pszPathBuffer, _countof(pszPathBuffer), pszPathCopy) != S_OK)
{
return FALSE;
}
if (!PathAppendW(pszPathBuffer, pszMore))
{
return FALSE;
}
size_t PathLen;
if (StringCchLengthW(pszPathCopy, _countof(pszPathCopy), &PathLen) != S_OK)
{
return FALSE;
}
int CommonPrefixLen = PathCommonPrefixW(pszPathCopy, pszPathBuffer, NULL);
if ((unsigned int)CommonPrefixLen != PathLen)
{
// pszPathBuffer should be a file/folder under pszPath.
// but now common prefix len is smaller than length of pszPathCopy
// hacking use ".." ?
return FALSE;
}
if (StringCchCopyW(pszPath, MAX_PATH, pszPathBuffer) != S_OK)
{
return FALSE;
}
return TRUE;
}