gbookmarkfile: Escape icon href and mime

If callers supply strings containing unescaped characters for icon href or mime, then dumping the content can lead to corrupted files.
2025-12-04 07:41:11 +01:00 · 2025-08-28 20:35:35 +02:00
parent 1e7fab4065
commit f795a8a5de
2 changed files with 29 additions and 5 deletions
--- a/glib/gbookmarkfile.c
+++ b/glib/gbookmarkfile.c
@@ -485,17 +485,25 @@ bookmark_metadata_dump (BookmarkMetadata *metadata)
  /* icon */
  if (metadata->icon_href)
    {
+      gchar *href, *mime;
+
      if (!metadata->icon_mime)
        metadata->icon_mime = g_strdup ("application/octet-stream");

+      href = g_markup_escape_text (metadata->icon_href, -1);
+      mime = g_markup_escape_text (metadata->icon_mime, -1);
+
      buffer = g_strconcat ("       "
-			    "<" BOOKMARK_NAMESPACE_NAME
-			    ":" BOOKMARK_ICON_ELEMENT
-			    " " BOOKMARK_HREF_ATTRIBUTE "=\"", metadata->icon_href,
-			    "\" " BOOKMARK_TYPE_ATTRIBUTE "=\"", metadata->icon_mime, "\"/>\n", NULL);
+                            "<" BOOKMARK_NAMESPACE_NAME
+                            ":" BOOKMARK_ICON_ELEMENT
+                            " " BOOKMARK_HREF_ATTRIBUTE "=\"",
+                            href,
+                            "\" " BOOKMARK_TYPE_ATTRIBUTE "=\"", mime, "\"/>\n", NULL);
      g_string_append (retval, buffer);

      g_free (buffer);
+      g_free (mime);
+      g_free (href);
    }

  /* private hint */
--- a/glib/tests/bookmarkfile.c
+++ b/glib/tests/bookmarkfile.c
@@ -37,7 +37,7 @@ test_to_file (void)
  const gchar *filename;
  gboolean res;
  GError *error = NULL;
-  char *in, *out;
+  char *in, *mime, *out;
  gchar *tmp_filename = NULL;
  gint fd;

@@ -50,6 +50,10 @@ test_to_file (void)
  g_test_message ("Roundtrip from newly created bookmark file %s", tmp_filename);
  g_bookmark_file_set_title (bookmark, "file:///tmp/schedule.ps", "schedule.ps");
  g_bookmark_file_set_mime_type (bookmark, "file:///tmp/schedule.ps", "application/postscript");
+  g_bookmark_file_set_icon (bookmark,
+                            "file:///tmp/schedule.ps",
+                            "application\">-x-postscript",
+                            "image/\">png");
  g_bookmark_file_add_application (bookmark, "file:///tmp/schedule.ps", "ghostscript", "ghostscript %F");

  res = g_bookmark_file_to_file (bookmark, tmp_filename, &error);
@@ -71,6 +75,18 @@ test_to_file (void)
  g_free (out);

  remove (tmp_filename);
+  res = g_bookmark_file_get_icon (bookmark,
+                                  "file:///tmp/schedule.ps",
+                                  &out,
+                                  &mime,
+                                  &error);
+
+  g_assert_no_error (error);
+  g_assert_true (res);
+  g_assert_cmpstr (out, ==, "application\">-x-postscript");
+  g_free (out);
+  g_assert_cmpstr (mime, ==, "image/\">png");
+  g_free (mime);

  g_test_message ("Roundtrip from a valid bookmark file");
  filename = g_test_get_filename (G_TEST_DIST, "bookmarks", "valid-01.xbel", NULL);