Skip to content

Commit

Permalink
fix arbitrary command injection in the Unix version of PlatformOpenIn…
Browse files Browse the repository at this point in the history
…ShellFn_DefaultImpl

+ Enable on non-iPhone macOS builds
  • Loading branch information
cfillion committed Jul 6, 2024
1 parent 2d0baaa commit 71f8812
Showing 1 changed file with 29 additions and 8 deletions.
37 changes: 29 additions & 8 deletions imgui.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -14353,11 +14353,18 @@ static void SetClipboardTextFn_DefaultImpl(void* user_data_ctx, const char* text

//-----------------------------------------------------------------------------

#if defined(__APPLE__) && defined(TARGET_OS_IPHONE) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
#ifndef IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
#if defined(__APPLE__) && TARGET_OS_IPHONE
#define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
#endif

#if defined(_WIN32) && !defined(IMGUI_DISABLE_WIN32_FUNCTIONS) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
#if defined(_WIN32) && defined(IMGUI_DISABLE_WIN32_FUNCTIONS)
#define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
#endif
#endif

#ifndef IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
#ifdef _WIN32
#include <shellapi.h> // ShellExecuteA()
#ifdef _MSC_VER
#pragma comment(lib, "shell32")
Expand All @@ -14366,18 +14373,32 @@ static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
{
return (INT_PTR)::ShellExecuteA(NULL, "open", path, NULL, NULL, SW_SHOWDEFAULT) > 32;
}
#elif !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
#else
#include <sys/wait.h>
#include <unistd.h>
static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
{
#if __APPLE__
const char* open_executable = "open";
const char* args[] { "open", "--", path, NULL };
#else
const char* open_executable = "xdg-open";
const char* args[] { "xdg-open", path, NULL };
#endif
ImGuiTextBuffer buf;
buf.appendf("%s \"%s\"", open_executable, path);
return system(buf.c_str()) != -1;
pid_t pid = fork();
if (pid < 0)
return false;
else if (!pid)
{
execvp(args[0], const_cast<char **>(args));
exit(-1);
}
else
{
int status;
waitpid(pid, &status, 0);
return WEXITSTATUS(status) == 0;
}
}
#endif
#else
static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char*) { return false; }
#endif // Default shell handlers
Expand Down

0 comments on commit 71f8812

Please sign in to comment.