Don't ever sniff desktop files when the filename is known. In other words,

2009-02-20  Alexander Larsson  <alexl@redhat.com>

        * gcontenttype.c:
        (g_content_type_guess):
	Don't ever sniff desktop files when the filename is known.
	In other words, only allow desktop files with the .desktop extension
	and when the filename isn't known.
	This is a security precaution since desktop files can execute
	arbitrary code when launched and we don't want to allow them to
	try and hide as another type. There is no legit reason to not
	have the .desktop extension anyway.



svn path=/trunk/; revision=7892

gio/ChangeLog

@@ -1,3 +1,15 @@
+2009-02-20  Alexander Larsson  <alexl@redhat.com>
+
+        * gcontenttype.c:
+        (g_content_type_guess):
+	Don't ever sniff desktop files when the filename is known.
+	In other words, only allow desktop files with the .desktop extension
+	and when the filename isn't known.
+	This is a security precaution since desktop files can execute
+	arbitrary code when launched and we don't want to allow them to
+	try and hide as another type. There is no legit reason to not
+	have the .desktop extension anyway.
+
 2009-02-19  Alexander Larsson  <alexl@redhat.com>
 
 	Bug 549298 – impossible to copy files with p (pipe) flag

gio/gcontenttype.c

@@ -933,6 +933,16 @@ g_content_type_guess (const char   *filename,
 	  data &&
 	  looks_like_text (data, data_size))
 	sniffed_mimetype = "text/plain";
+
+      /* For security reasons we don't ever want to sniff desktop files
+       * where we know the filename and it doesn't have a .desktop extension.
+       * This is because desktop files allow executing any application and
+       * we don't want to make it possible to hide them looking like something
+       * else.
+       */
+      if (filename != NULL &&
+          strcmp (sniffed_mimetype, "application/x-desktop") == 0)
+        sniffed_mimetype = "text/plain";
     }
   
   if (n_name_mimetypes == 0)