[reactos] 06/19: [RAPPS] move icon to a field in .txt file (#2941) - Ros-diffs

6 Sep 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=4482d0f4557ec3df12e398...
commit 4482d0f4557ec3df12e3982c148353724ac3ebf3
Author:     He Yang 1160386205@qq.com
AuthorDate: Tue Jun 30 04:40:40 2020 +0800
Commit:     Mark Jansen mark.jansen@reactos.org
CommitDate: Sun Sep 6 17:09:20 2020 +0200
[RAPPS] move icon to a field in .txt file (#2941)
* [RAPPS] move icon to a field in .txt file
    * [RAPPS] add function PathAppendNoDirEscapeW, apply it.
---
 base/applications/rapps/available.cpp       | 37 ++++++++++++++++++++---
 base/applications/rapps/gui.cpp             | 22 +++++++-------
 base/applications/rapps/include/available.h |  2 ++
 base/applications/rapps/include/misc.h      |  2 ++
 base/applications/rapps/misc.cpp            | 46 +++++++++++++++++++++++++++++
 5 files changed, 93 insertions(+), 16 deletions(-)

diff --git a/base/applications/rapps/available.cpp b/base/applications/rapps/available.cpp
index c26c5aaf622..8af6c78a8b9 100644
--- a/base/applications/rapps/available.cpp
+++ b/base/applications/rapps/available.cpp
@@ -72,14 +72,33 @@ VOID CAvailableApplicationInfo::RetrieveGeneralInfo(AvailableStrings& AvlbString
         }
         else
         {
-            // TODO: Does the filename contain anything stuff like "\" ".." ":" "<" ">" ?
+            // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
             // these stuff may lead to security issues
-
             ATL::CStringW ScrnshotName = AvlbStrings.szAppsPath;
             PathAppendW(ScrnshotName.GetBuffer(MAX_PATH), L"screenshots");
-            PathAppendW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
+            BOOL bSuccess = PathAppendNoDirEscapeW(ScrnshotName.GetBuffer(), ScrnshotLocation.GetString());
             ScrnshotName.ReleaseBuffer();
-            m_szScrnshotLocation.Add(ScrnshotName);
+            if (bSuccess)
+            {
+                m_szScrnshotLocation.Add(ScrnshotName);
+            }
+        }
+    }
+
+    // TODO: are we going to support specify an URL for an icon ?
+    ATL::CStringW IconLocation;
+    if (GetString(L"Icon", IconLocation))
+    {
+        // TODO: Does the filename contain anything stuff like ":" "<" ">" ?
+        // these stuff may lead to security issues
+        ATL::CStringW IconPath = AvlbStrings.szAppsPath;
+        PathAppendW(IconPath.GetBuffer(MAX_PATH), L"icons");
+        BOOL bSuccess = PathAppendNoDirEscapeW(IconPath.GetBuffer(), IconLocation.GetString());
+        IconPath.ReleaseBuffer();
+
+        if (bSuccess)
+        {
+            m_szIconLocation = IconPath;
         }
     }
@@ -246,6 +265,16 @@ BOOL CAvailableApplicationInfo::RetrieveScrnshot(UINT Index,ATL::CStringW& Scrns
     return TRUE;
 }
+BOOL CAvailableApplicationInfo::RetrieveIcon(ATL::CStringW& IconLocation) const
+{
+    if (m_szIconLocation.IsEmpty())
+    {
+        return FALSE;
+    }
+    IconLocation = m_szIconLocation;
+    return TRUE;
+}
+
 VOID CAvailableApplicationInfo::SetLastWriteTime(FILETIME* ftTime)
 {
     RtlCopyMemory(&m_ftCacheStamp, ftTime, sizeof(FILETIME));
diff --git a/base/applications/rapps/gui.cpp b/base/applications/rapps/gui.cpp
index 367a13bcb64..b0599074a47 100644
--- a/base/applications/rapps/gui.cpp
+++ b/base/applications/rapps/gui.cpp
@@ -2394,18 +2394,16 @@ private:
         }
/* Load icon from file */
-        ATL::CStringW szIconPath = szFolderPath;
-        PathAppendW(szIconPath.GetBuffer(MAX_PATH), L"icons");
-        PathAppendW(szIconPath.GetBuffer(), Info->m_szName.GetString());
-        PathAddExtensionW(szIconPath.GetBuffer(), L".ico");
-        szIconPath.ReleaseBuffer();
-
-        hIcon = (HICON) LoadImageW(NULL,
-                                   szIconPath.GetString(),
-                                   IMAGE_ICON,
-                                   LISTVIEW_ICON_SIZE,
-                                   LISTVIEW_ICON_SIZE,
-                                   LR_LOADFROMFILE);
+        ATL::CStringW szIconPath;
+        if (Info->RetrieveIcon(szIconPath))
+        {
+            hIcon = (HICON)LoadImageW(NULL,
+                szIconPath.GetString(),
+                IMAGE_ICON,
+                LISTVIEW_ICON_SIZE,
+                LISTVIEW_ICON_SIZE,
+                LR_LOADFROMFILE);
+        }
if (!hIcon || GetLastError() != ERROR_SUCCESS)
         {
diff --git a/base/applications/rapps/include/available.h b/base/applications/rapps/include/available.h
index 917fd261b0e..259b644dce1 100644
--- a/base/applications/rapps/include/available.h
+++ b/base/applications/rapps/include/available.h
@@ -52,6 +52,7 @@ struct CAvailableApplicationInfo
     ATL::CStringW m_szUrlDownload;
     ATL::CSimpleArray<LCID> m_LanguageLCIDs;
     ATL::CSimpleArrayATL::CStringW m_szScrnshotLocation;
+    ATL::CStringW m_szIconLocation;
ULONG m_SizeBytes;
@@ -75,6 +76,7 @@ struct CAvailableApplicationInfo
     BOOL HasInstalledVersion() const;
     BOOL HasUpdate() const;
     BOOL RetrieveScrnshot(UINT Index, ATL::CStringW& ScrnshotLocation) const;
+    BOOL RetrieveIcon(ATL::CStringW& IconLocation) const;
     // Set a timestamp
     VOID SetLastWriteTime(FILETIME* ftTime);
diff --git a/base/applications/rapps/include/misc.h b/base/applications/rapps/include/misc.h
index 50354c0f7ff..4c1fc6a4b1d 100644
--- a/base/applications/rapps/include/misc.h
+++ b/base/applications/rapps/include/misc.h
@@ -44,3 +44,5 @@ public:
     BOOL GetString(const ATL::CStringW& KeyName, ATL::CStringW& ResultString);
     BOOL GetInt(const ATL::CStringW& KeyName, INT& iResult);
 };
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore);
diff --git a/base/applications/rapps/misc.cpp b/base/applications/rapps/misc.cpp
index 9ee6a391f63..8e164db8648 100644
--- a/base/applications/rapps/misc.cpp
+++ b/base/applications/rapps/misc.cpp
@@ -407,3 +407,49 @@ BOOL CConfigParser::GetInt(const ATL::CStringW& KeyName, INT& iResult)
     return (iResult > 0);
 }
 // CConfigParser
+
+
+BOOL PathAppendNoDirEscapeW(LPWSTR pszPath, LPCWSTR pszMore)
+{
+    WCHAR pszPathBuffer[MAX_PATH]; // buffer to store result
+    WCHAR pszPathCopy[MAX_PATH];
+
+    if (!PathCanonicalizeW(pszPathCopy, pszPath))
+    {
+        return FALSE;
+    }
+
+    PathRemoveBackslashW(pszPathCopy);
+
+    if (StringCchCopyW(pszPathBuffer, _countof(pszPathBuffer), pszPathCopy) != S_OK)
+    {
+        return FALSE;
+    }
+
+    if (!PathAppendW(pszPathBuffer, pszMore))
+    {
+        return FALSE;
+    }
+
+    size_t PathLen;
+    if (StringCchLengthW(pszPathCopy, _countof(pszPathCopy), &PathLen) != S_OK)
+    {
+        return FALSE;
+    }
+    int CommonPrefixLen = PathCommonPrefixW(pszPathCopy, pszPathBuffer, NULL);
+
+    if ((unsigned int)CommonPrefixLen != PathLen)
+    {
+        // pszPathBuffer should be a file/folder under pszPath.
+        // but now common prefix len is smaller than length of pszPathCopy
+        // hacking use ".." ?
+        return FALSE;
+    }
+
+    if (StringCchCopyW(pszPath, MAX_PATH, pszPathBuffer) != S_OK)
+    {
+        return FALSE;
+    }
+
+    return TRUE;
+}

    