public:
virtual wxString OnGetItemText(long, long) const;
virtual int OnGetItemImage(long) const;
+ virtual wxListItemAttr * OnGetItemAttr(long) const;
void OnColClick(wxListEvent&);
ArrayTPI_FILEINFO showFileInfo;
+ wxListItemAttr atDangerItem;
myListCtrl(): wxListCtrl(){}
myListCtrl(wxWindow * parent, wxWindowID id, const wxPoint & pos = wxDefaultPosition, const wxSize & size = wxDefaultSize, long style = wxLC_ICON, const wxValidator & validator = wxDefaultValidator, const wxString & name = wxListCtrlNameStr): wxListCtrl(parent, id, pos, size, style, validator, name){}
}
// \83Z\83L\83\85\83\8a\83e\83B\83`\83F\83b\83N\81B
+ // DTV\8c\9f\8d¸\81B
if (piInfo.fiInfo.fnFileName.GetPathWithSep().Find(wxT("..")) != wxNOT_FOUND)
{
- // DTV\81B
+ piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem;
::wxMessageBox(wxT("This archive may have Directory Traversal Vulnerability(DTV) problem, and some danger files may be extracted to the unexpected system directory! You should use the \"Ignore file pathes\" option when extracting this archive.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION);
}
+ // \8bó\94\92\82Ì\98A\91±\82É\82æ\82é\8ag\92£\8eq\8bU\91\95\82ð\8c\9f\8d¸\81B
if (piInfo.fiInfo.fnFileName.GetFullName().Find(wxT(" ")) != wxNOT_FOUND)
{
- // \8ag\92£\8eq\8bU\91\95\81B
- ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION);
+ piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem;
+ ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden by using many blank charactor and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION);
+ }
+ // Unicode\90§\8cä\95¶\8e\9a\82ð\8c\9f\8d¸\81B
+ for (wxChar c = 0x200c; c <= 0x206f; c++)
+ {
+ if (piInfo.fiInfo.fnFileName.GetFullName().Find(c) != wxNOT_FOUND)
+ {
+ piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem;
+ ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden by using Unicode control character and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION);
+ }
+ switch (c)
+ {
+ case 0x200f: c = 0x2027; break;
+ case 0x202e: c = 0x2060; break;
+ }
}
// \8fî\95ñ\82ð\95Û\91¶\82µ\82Ä\83J\83E\83\93\83g\83A\83b\83v\81B
}
while (tpi.GetFileInformation(hArc, & piInfo.fiInfo, false) == TPI_ERROR_SUCCESS);
}
+
+ // \8eG\91½\8f\88\97\9d\81B
this->fileinfo.Shrink();
this->tree_ctrl->ExpandAllChildren(idArcRoot);
this->tree_ctrl->ScrollTo(idArchive);
this->tree_ctrl->SelectItem(idArchive);
+ this->list_ctrl->atDangerItem.SetTextColour(* wxRED);
// \8f\91\8cÉ\82Ì\8fî\95ñ\82ð\8eæ\93¾\81B
TPI_ARCHIVEINFO aiInfo;
OSDN Git Service
