Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL hyperlinking problems with null byte #372

Closed
deanjerkovich opened this issue Feb 29, 2016 · 1 comment
Closed

URL hyperlinking problems with null byte #372

deanjerkovich opened this issue Feb 29, 2016 · 1 comment
Labels
bug ui

Comments

@deanjerkovich
Copy link

if you send the following message, it will break string parsing:

http://www.test.com/?a=%00

resulting in a message with just '%2' being delivered, but ultimately linking to test.com
@s-rah
Copy link
Member

s-rah commented Feb 29, 2016

Yeah, there is a bigger issue here with handling unicode in the regex. PR is: #302

special added a commit to special/ricochet that referenced this issue Apr 14, 2016
@special
Fix parsing of links containing escape sequences
68e712f 
When formatting links to be displayed in messages, using repeated calls
to QString::arg() will interpret '%0' and similar in the URL as a
placeholder, resulting in the link not being properly formatted.

Depending on the value, this can either result in a broken URL when
copied to the clipboard (ricochet-im#403), or the URL being displayed with a label
of just '%2' (ricochet-im#372).

This cannot be used to mislabel links, and there is no printf-style
format vulnerability with QString::arg. There is no security impact.
@special special mentioned this issue Apr 14, 2016
Merged
@special special closed this as completed Apr 14, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@special @s-rah @deanjerkovich