Skip to content

Commit 39320d6

Browse files
cfillioncfillion
committed
fix arbitrary command injection in the Unix version of PlatformOpenInShellFn_DefaultImpl
+ Enable on non-iPhone macOS builds
1 parent 2d0baaa commit 39320d6

File tree

1 file changed

+27
-8
lines changed

1 file changed

+27
-8
lines changed

imgui.cpp

+27-8
Original file line numberDiff line numberDiff line change
@@ -14353,11 +14353,16 @@ static void SetClipboardTextFn_DefaultImpl(void* user_data_ctx, const char* text
1435314353

1435414354
//-----------------------------------------------------------------------------
1435514355

14356-
#if defined(__APPLE__) && defined(TARGET_OS_IPHONE) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
14356+
#if defined(__APPLE__) && TARGET_OS_IPHONE && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
1435714357
#define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
1435814358
#endif
1435914359

14360-
#if defined(_WIN32) && !defined(IMGUI_DISABLE_WIN32_FUNCTIONS) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
14360+
#if defined(_WIN32) && defined(IMGUI_DISABLE_WIN32_FUNCTIONS)
14361+
#define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
14362+
#endif
14363+
14364+
#ifndef IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
14365+
#ifdef _WIN32
1436114366
#include <shellapi.h> // ShellExecuteA()
1436214367
#ifdef _MSC_VER
1436314368
#pragma comment(lib, "shell32")
@@ -14366,18 +14371,32 @@ static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
1436614371
{
1436714372
return (INT_PTR)::ShellExecuteA(NULL, "open", path, NULL, NULL, SW_SHOWDEFAULT) > 32;
1436814373
}
14369-
#elif !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
14374+
#else
14375+
#include <sys/wait.h>
14376+
#include <unistd.h>
1437014377
static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
1437114378
{
1437214379
#if __APPLE__
14373-
const char* open_executable = "open";
14380+
const char* args[] { "open", "--", path, NULL };
1437414381
#else
14375-
const char* open_executable = "xdg-open";
14382+
const char* args[] { "xdg-open", path, NULL };
1437614383
#endif
14377-
ImGuiTextBuffer buf;
14378-
buf.appendf("%s \"%s\"", open_executable, path);
14379-
return system(buf.c_str()) != -1;
14384+
pid_t pid = fork();
14385+
if (pid < 0)
14386+
return false;
14387+
else if (!pid)
14388+
{
14389+
execvp(args[0], const_cast<char **>(args));
14390+
exit(-1);
14391+
}
14392+
else
14393+
{
14394+
int status;
14395+
waitpid(pid, &status, 0);
14396+
return WEXITSTATUS(status) == 0;
14397+
}
1438014398
}
14399+
#endif
1438114400
#else
1438214401
static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char*) { return false; }
1438314402
#endif // Default shell handlers

0 commit comments

Comments
 (0)