From: sirakaba Date: Fri, 2 Oct 2009 14:26:31 +0000 (+0000) Subject: セキュリティ面で問題のある格納ファイルに対して警告し、赤字で表示するよう変更。 X-Git-Tag: 0.01beta4~88 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=76aad2a174a14f1a636ec5079813813482bde111;hp=a0fe27f12565c8a31791264cd282a6a6e1e995bd;p=tpi%2Flychee.git セキュリティ面で問題のある格納ファイルに対して警告し、赤字で表示するよう変更。 git-svn-id: svn+ssh://svn.sourceforge.jp/svnroot/tpi/tpi@9 9df91469-1e22-0410-86e7-ea8537beb833 --- diff --git a/src/frontend/cls_listctrl.cpp b/src/frontend/cls_listctrl.cpp index 1d5d7bc..3c3d84f 100644 --- a/src/frontend/cls_listctrl.cpp +++ b/src/frontend/cls_listctrl.cpp @@ -96,6 +96,11 @@ int myListCtrl::OnGetItemImage(long i) const #endif } +wxListItemAttr * myListCtrl::OnGetItemAttr(long i) const +{ + return (wxListItemAttr *) this->showFileInfo[i].pCustomInfo; +} + void myListCtrl::OnColClick(wxListEvent& e) { g_nSortingColumn = e.GetColumn(); diff --git a/src/frontend/cls_listctrl.h b/src/frontend/cls_listctrl.h index cb47652..d107289 100644 --- a/src/frontend/cls_listctrl.h +++ b/src/frontend/cls_listctrl.h @@ -27,9 +27,11 @@ class myListCtrl: public wxListCtrl public: virtual wxString OnGetItemText(long, long) const; virtual int OnGetItemImage(long) const; + virtual wxListItemAttr * OnGetItemAttr(long) const; void OnColClick(wxListEvent&); ArrayTPI_FILEINFO showFileInfo; + wxListItemAttr atDangerItem; myListCtrl(): wxListCtrl(){} myListCtrl(wxWindow * parent, wxWindowID id, const wxPoint & pos = wxDefaultPosition, const wxSize & size = wxDefaultSize, long style = wxLC_ICON, const wxValidator & validator = wxDefaultValidator, const wxString & name = wxListCtrlNameStr): wxListCtrl(parent, id, pos, size, style, validator, name){} diff --git a/src/frontend/frm_main.cpp b/src/frontend/frm_main.cpp index 0146f8a..7038b51 100644 --- a/src/frontend/frm_main.cpp +++ b/src/frontend/frm_main.cpp @@ -740,15 +740,31 @@ void MainFrame::LoadArc(wxString szFileName) } // ƒZƒLƒ…ƒŠƒeƒBƒ`ƒFƒbƒNB + // DTVŒŸ¸B if (piInfo.fiInfo.fnFileName.GetPathWithSep().Find(wxT("..")) != wxNOT_FOUND) { - // DTVB + piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem; ::wxMessageBox(wxT("This archive may have Directory Traversal Vulnerability(DTV) problem, and some danger files may be extracted to the unexpected system directory! You should use the \"Ignore file pathes\" option when extracting this archive.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION); } + // ‹ó”’‚̘A‘±‚É‚æ‚éŠg’£Žq‹U‘•‚ðŒŸ¸B if (piInfo.fiInfo.fnFileName.GetFullName().Find(wxT(" ")) != wxNOT_FOUND) { - // Šg’£Žq‹U‘•B - ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION); + piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem; + ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden by using many blank charactor and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION); + } + // Unicode§Œä•¶Žš‚ðŒŸ¸B + for (wxChar c = 0x200c; c <= 0x206f; c++) + { + if (piInfo.fiInfo.fnFileName.GetFullName().Find(c) != wxNOT_FOUND) + { + piInfo.fiInfo.pCustomInfo = & this->list_ctrl->atDangerItem; + ::wxMessageBox(wxT("This archive may contain extension-disguised files whose real extension is hidden by using Unicode control character and you may mistake that it is a \"safe\" file. Don\'t execute these files carelessly.\nDanger file is:\n" + piInfo.fiInfo.szStoredName), wxMessageBoxCaptionStr, wxICON_EXCLAMATION); + } + switch (c) + { + case 0x200f: c = 0x2027; break; + case 0x202e: c = 0x2060; break; + } } // î•ñ‚ð•Û‘¶‚µ‚ăJƒEƒ“ƒgƒAƒbƒvB @@ -758,10 +774,13 @@ void MainFrame::LoadArc(wxString szFileName) } while (tpi.GetFileInformation(hArc, & piInfo.fiInfo, false) == TPI_ERROR_SUCCESS); } + + // ŽG‘½ˆ—B this->fileinfo.Shrink(); this->tree_ctrl->ExpandAllChildren(idArcRoot); this->tree_ctrl->ScrollTo(idArchive); this->tree_ctrl->SelectItem(idArchive); + this->list_ctrl->atDangerItem.SetTextColour(* wxRED); // ‘ŒÉ‚̏î•ñ‚ðŽæ“¾B TPI_ARCHIVEINFO aiInfo;