[RAPPS] move icon to a field in .txt file (#2941)

* [RAPPS] move icon to a field in .txt file * [RAPPS] add function PathAppendNoDirEscapeW, apply it.
2024-12-29 10:35:28 +00:00 · 2020-06-30 04:40:40 +08:00 · 2020-06-30 04:40:40 +08:00 · 4482d0f455
commit 4482d0f455
parent e636373016
5 changed files with 93 additions and 16 deletions
--- a/base/applications/rapps/available.cpp
+++ b/base/applications/rapps/available.cpp
@ -72,14 +72,33 @@ VOID CAvailableApplicationInfo::RetrieveGeneralInfo(AvailableStrings& AvlbString
        }
        else
        {
-            // TODO: Does the filename contain anything stuff like "\\" ".." ":" "<" ">" ?
+            // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
            // these stuff may lead to security issues
-
            ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath;
            PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots");
-            PathAppendW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
+            BOOL bSuccess = PathAppendNoDirEscapeW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
            ScrnshotName.ReleaseBuffer();
-            m_szScrnshotLocation.Add(ScrnshotName);
+            if (bSuccess)
+            {
+                m_szScrnshotLocation.Add(ScrnshotName);
+            }
+        }
+    }
+
+    // TODO: are we going to support specify an URL for an icon ?
+    ATL::CStringW IconLocation;
+    if (GetString(L"Icon", IconLocation))
+    {
+        // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
+        // these stuff may lead to security issues
+        ATL::CStringW IconPath = AvlbStrings.szAppsPath;
+        PathAppendW(IconPath.GetBuffer(MAX_PATH), L"icons");
+        BOOL bSuccess = PathAppendNoDirEscapeW(IconPath.GetBuffer(), IconLocation.GetString());
+        IconPath.ReleaseBuffer();
+
+        if (bSuccess)
+        {
+            m_szIconLocation = IconPath;
        }
    }

@ -246,6 +265,16 @@ BOOL CAvailableApplicationInfo::RetrieveScrnshot(UINT Index,ATL::CStringW& Scrns
    return TRUE;
 }

+BOOL CAvailableApplicationInfo::RetrieveIcon(ATL::CStringW& IconLocation) const
+{
+    if (m_szIconLocation.IsEmpty())
+    {
+        return FALSE;
+    }
+    IconLocation = m_szIconLocation;
+    return TRUE;
+}
+
 VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime)
 {
    RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME));
--- a/base/applications/rapps/gui.cpp
+++ b/base/applications/rapps/gui.cpp
@ -2394,18 +2394,16 @@ private:
        }

        /* Load icon from file */
-        ATL::CStringW szIconPath = szFolderPath;
-        PathAppendW(szIconPath.GetBuffer(MAX_PATH), L"icons");
-        PathAppendW(szIconPath.GetBuffer(), Info->m_szName.GetString());
-        PathAddExtensionW(szIconPath.GetBuffer(), L".ico");
-        szIconPath.ReleaseBuffer();
-
-        hIcon = (HICON) LoadImageW(NULL,
-                                   szIconPath.GetString(),
-                                   IMAGE_ICON,
-                                   LISTVIEW_ICON_SIZE,
-                                   LISTVIEW_ICON_SIZE,
-                                   LR_LOADFROMFILE);
+        ATL::CStringW szIconPath;
+        if (Info->RetrieveIcon(szIconPath))
+        {
+            hIcon = (HICON)LoadImageW(NULL,
+                szIconPath.GetString(),
+                IMAGE_ICON,
+                LISTVIEW_ICON_SIZE,
+                LISTVIEW_ICON_SIZE,
+                LR_LOADFROMFILE);
+        }

        if (!hIcon || GetLastError() != ERROR_SUCCESS)
        {
--- a/base/applications/rapps/include/available.h
+++ b/base/applications/rapps/include/available.h
@ -52,6 +52,7 @@ struct CAvailableApplicationInfo
    ATL::CStringW m_szUrlDownload;
    ATL::CSimpleArray<LCID> m_LanguageLCIDs;
    ATL::CSimpleArray<ATL::CStringW> m_szScrnshotLocation;
+    ATL::CStringW m_szIconLocation;

    ULONG m_SizeBytes;

@ -75,6 +76,7 @@ struct CAvailableApplicationInfo
    BOOL HasInstalledVersion() const;
    BOOL HasUpdate() const;
    BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const;
+    BOOL RetrieveIcon(ATL::CStringW& IconLocation) const;
    // Set a timestamp
    VOID SetLastWriteTime(FILETIME* ftTime);

--- a/base/applications/rapps/include/misc.h
+++ b/base/applications/rapps/include/misc.h
@ -44,3 +44,5 @@ public:
    BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString);
    BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult);
 };
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore);
--- a/base/applications/rapps/misc.cpp
+++ b/base/applications/rapps/misc.cpp
@ -407,3 +407,49 @@ BOOL CConfigParser::GetInt(const ATL::CStringW& KeyName, INT& iResult)
    return (iResult > 0);
 }
 // CConfigParser
+
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore)
+{
+    WCHAR pszPathBuffer[MAX_PATH]; // buffer to store result
+    WCHAR pszPathCopy[MAX_PATH];
+
+    if (!PathCanonicalizeW(pszPathCopy, pszPath))
+    {
+        return FALSE;
+    }
+
+    PathRemoveBackslashW(pszPathCopy);
+
+    if (StringCchCopyW(pszPathBuffer, _countof(pszPathBuffer), pszPathCopy) != S_OK)
+    {
+        return FALSE;
+    }
+
+    if (!PathAppendW(pszPathBuffer, pszMore))
+    {
+        return FALSE;
+    }
+
+    size_t PathLen;
+    if (StringCchLengthW(pszPathCopy, _countof(pszPathCopy), &PathLen) != S_OK)
+    {
+        return FALSE;
+    }
+    int CommonPrefixLen = PathCommonPrefixW(pszPathCopy, pszPathBuffer, NULL);
+
+    if ((unsigned int)CommonPrefixLen != PathLen)
+    {
+        // pszPathBuffer should be a file/folder under pszPath.
+        // but now common prefix len is smaller than length of pszPathCopy
+        // hacking use ".." ?
+        return FALSE;
+    }
+
+    if (StringCchCopyW(pszPath, MAX_PATH, pszPathBuffer) != S_OK)
+    {
+        return FALSE;
+    }
+
+    return TRUE;
+}