diff options
| -rw-r--r-- | chrome/browser/browser_init.cc | 7 | ||||
| -rw-r--r-- | chrome/browser/shell_integration_unittest.cc | 12 | ||||
| -rw-r--r-- | chrome/common/chrome_plugin_util.cc | 11 |
3 files changed, 19 insertions, 11 deletions
diff --git a/chrome/browser/browser_init.cc b/chrome/browser/browser_init.cc index 568d0fd..07addd7 100644 --- a/chrome/browser/browser_init.cc +++ b/chrome/browser/browser_init.cc @@ -492,7 +492,12 @@ bool BrowserInit::LaunchWithProfile::OpenApplicationURL(Profile* profile) { if (!command_line_.HasSwitch(switches::kApp)) return false; - GURL url(command_line_.GetSwitchValueASCII(switches::kApp)); + std::string url_string(command_line_.GetSwitchValueASCII(switches::kApp)); +#if defined(OS_WIN) // Fix up Windows shortcuts. + ReplaceSubstringsAfterOffset(&url_string, 0, "\\x", "%"); +#endif + GURL url(url_string); + if (!url.is_empty() && url.is_valid()) { Browser::OpenApplicationWindow(profile, url); return true; diff --git a/chrome/browser/shell_integration_unittest.cc b/chrome/browser/shell_integration_unittest.cc index 6352d5a..7133031 100644 --- a/chrome/browser/shell_integration_unittest.cc +++ b/chrome/browser/shell_integration_unittest.cc @@ -132,7 +132,7 @@ TEST(ShellIntegrationTest, GetDesktopFileContents) { "#!/usr/bin/env xdg-open\n" "Name=http://evil.com/evil%20--join-the-b0tnet\n" "Exec=/opt/google/chrome/google-chrome " - "--app=\"http://evil.com/evil%%20--join-the-b0tnet\"\n" + "--app=\"http://evil.com/evil%20--join-the-b0tnet\"\n" }, { "http://evil.com/evil; rm -rf /; \"; rm -rf $HOME >ownz0red", "Innocent Title", @@ -144,10 +144,10 @@ TEST(ShellIntegrationTest, GetDesktopFileContents) { "#!/usr/bin/env xdg-open\n" "Name=Innocent Title\n" "Exec=/opt/google/chrome/google-chrome " - "--app=\"http://evil.com/evil%%20rm%%20-rf%%20/%%20%%22%%20rm%%20" - "-rf%%20HOME%%20%%3Eownz0red\"\n" + "--app=\"http://evil.com/evil%3B%20rm%20-rf%20/%3B%20%22%3B%20rm%20" + "-rf%20%24HOME%20%3Eownz0red\"\n" }, - { "http://evil.com/evil | cat `echo ownz0red` >/dev/null\\", + { "http://evil.com/evil | cat `echo ownz0red` >/dev/null", "Innocent Title", "chrome-http__evil.com_evil", @@ -157,8 +157,8 @@ TEST(ShellIntegrationTest, GetDesktopFileContents) { "#!/usr/bin/env xdg-open\n" "Name=Innocent Title\n" "Exec=/opt/google/chrome/google-chrome " - "--app=\"http://evil.com/evil%%20%%7C%%20cat%%20%%60echo%%20ownz0red" - "%%60%%20%%3E/dev/null/\"\n" + "--app=\"http://evil.com/evil%20%7C%20cat%20%60echo%20ownz0red" + "%60%20%3E/dev/null\"\n" }, }; for (size_t i = 0; i < ARRAYSIZE_UNSAFE(test_cases); i++) { diff --git a/chrome/common/chrome_plugin_util.cc b/chrome/common/chrome_plugin_util.cc index e3b0f40..128fe1b 100644 --- a/chrome/common/chrome_plugin_util.cc +++ b/chrome/common/chrome_plugin_util.cc @@ -150,10 +150,13 @@ CPError CPB_GetCommandLineArgumentsCommon(const char* url, // chrome. // Note: Do not change this flag! Old Gears shortcuts will break if you do! std::string url_string(url); - ReplaceSubstringsAfterOffset(&url_string, 0, "\"", "\\\""); - ReplaceSubstringsAfterOffset(&url_string, 0, "%", "%%"); - ReplaceSubstringsAfterOffset(&url_string, 0, ";", ""); - ReplaceSubstringsAfterOffset(&url_string, 0, "$", ""); + ReplaceSubstringsAfterOffset(&url_string, 0, "\\", "%5C"); + ReplaceSubstringsAfterOffset(&url_string, 0, "\"", "%22"); + ReplaceSubstringsAfterOffset(&url_string, 0, ";", "%3B"); + ReplaceSubstringsAfterOffset(&url_string, 0, "$", "%24"); +#if defined(OS_WIN) // Windows shortcuts can't escape % so we use \x instead. + ReplaceSubstringsAfterOffset(&url_string, 0, "%", "\\x"); +#endif std::wstring url_w = UTF8ToWide(url_string); // TODO(evanm): use CommandLine APIs instead of this. arguments_w += std::wstring(L"--") + ASCIIToWide(switches::kApp) + |