IntenseFinance/gnucash
3
0
Fork 0
mirror of https://github.com/Gnucash/gnucash.git synced 2025-02-25 18:55:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

* src/business/business-gnome/dialog-billterms.c:

Browse Source 
* src/business/business-gnome/dialog-customer.c:
	* src/business/business-gnome/dialog-employee.c:
	* src/business/business-gnome/dialog-payment.c:
	* src/business/business-gnome/dialog-vendor.c:
	* src/business/dialog-tax-table/dialog-tax-table.c:
	* src/gnome/dialog-scheduledxaction.c:
	* src/gnome/gnc-split-reg.c:
	* src/import-export/hbci/hbci-interaction.c:
	  Change dialog statements to allow for embedded percent signs in
	  the messages.  In other words, don't allow user input into the
	  format string of a printf.  There may be other forms of this bug
	  elsewhere -- the code should be manually scrubbed file by file
	  for all printf()'s to make sure no user-servicable strings are
	  used as a printf format argument.  Fixes #115245.


git-svn-id: svn+ssh://svn.gnucash.org/repo/gnucash/trunk@8613 57a11ea4-9604-0410-9ed3-97b8803252fd
This commit is contained in:
Derek Atkins
2003-06-15 22:51:40 +00:00
parent 7eff813058
commit 6df7abcfa9
9 changed files with 20 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/business/business-gnome/dialog-billterms.c
View File

@@ -264,7 +264,7 @@ new_billterm_ok_cb (GtkWidget *widget, gpointer data)
message = g_strdup_printf(_(
"You must provide a unique name for this Billing Term.\n"
"Your choice \"%s\" is already in use."), name);
gnc_error_dialog_parented (GTK_WINDOW (nbt->dialog), message);
gnc_error_dialog_parented (GTK_WINDOW (nbt->dialog), "%s", message);
g_free (message);
return;
}
@@ -604,11 +604,9 @@ billterms_delete_term_cb (GtkButton *button, BillTermsWindow *btw)
return;
if (gncBillTermGetRefcount (btw->current_term) > 0) {
char *message =
g_strdup_printf (_("Term \"%s\" is in use. You cannot delete it."),
gncBillTermGetName (btw->current_term));
gnc_error_dialog_parented (GTK_WINDOW (btw->dialog), message);
g_free (message);
gnc_error_dialog_parented (GTK_WINDOW (btw->dialog),
_("Term \"%s\" is in use. You cannot delete it."),
gncBillTermGetName (btw->current_term));
return;
}

6
src/business/business-gnome/dialog-customer.c
View File

@@ -195,7 +195,7 @@ static gboolean check_edit_amount (GtkWidget *dialog, GtkWidget *amount,
{
if (!gnc_amount_edit_evaluate (GNC_AMOUNT_EDIT (amount))) {
if (error_message)
gnc_error_dialog_parented (GTK_WINDOW (dialog), error_message);
gnc_error_dialog_parented (GTK_WINDOW (dialog), "%s", error_message);
return TRUE;
}
/* We've got a valid-looking number; check mix/max */
@@ -204,7 +204,7 @@ static gboolean check_edit_amount (GtkWidget *dialog, GtkWidget *amount,
if ((min && gnc_numeric_compare (*min, val) > 0) ||
(max && gnc_numeric_compare (val, *max) > 0)) {
if (error_message)
gnc_error_dialog_parented (GTK_WINDOW (dialog), error_message);
gnc_error_dialog_parented (GTK_WINDOW (dialog), "%s", error_message);
return TRUE;
}
}
@@ -217,7 +217,7 @@ static gboolean check_entry_nonempty (GtkWidget *dialog, GtkWidget *entry,
const char *res = gtk_entry_get_text (GTK_ENTRY (entry));
if (safe_strcmp (res, "") == 0) {
if (error_message)
gnc_error_dialog_parented (GTK_WINDOW (dialog), error_message);
gnc_error_dialog_parented (GTK_WINDOW (dialog), "%s", error_message);
return TRUE;
}
return FALSE;

2
src/business/business-gnome/dialog-employee.c
View File

@@ -174,7 +174,7 @@ static gboolean check_entry_nonempty (GtkWidget *dialog, GtkWidget *entry,
const char *res = gtk_entry_get_text (GTK_ENTRY (entry));
if (safe_strcmp (res, "") == 0) {
if (error_message)
gnc_error_dialog_parented (GTK_WINDOW (dialog), error_message);
gnc_error_dialog_parented (GTK_WINDOW (dialog), "%s", error_message);
return TRUE;
}
return FALSE;

2
src/business/business-gnome/dialog-payment.c
View File

@@ -122,7 +122,7 @@ gnc_payment_ok_cb (GtkWidget *widget, gpointer data)
char *msg = g_strdup_printf (
_("Your selected post account, %s, does not exist"),
text);
gnc_error_dialog_parented (GTK_WINDOW (pw->dialog), msg);
gnc_error_dialog_parented (GTK_WINDOW (pw->dialog), "%s", msg);
g_free (msg);
return;
}

2
src/business/business-gnome/dialog-vendor.c
View File

@@ -156,7 +156,7 @@ static gboolean check_entry_nonempty (GtkWidget *dialog, GtkWidget *entry,
const char *res = gtk_entry_get_text (GTK_ENTRY (entry));
if (safe_strcmp (res, "") == 0) {
if (error_message)
gnc_error_dialog_parented (GTK_WINDOW (dialog), error_message);
gnc_error_dialog_parented (GTK_WINDOW (dialog), "%s", error_message);
return TRUE;
}
return FALSE;

4
src/business/dialog-tax-table/dialog-tax-table.c
View File

@@ -76,7 +76,7 @@ new_tax_table_ok_cb (GtkWidget *widget, gpointer data)
message = g_strdup_printf(_(
"You must provide a unique name for this Tax Table.\n"
"Your choice \"%s\" is already in use."), name);
gnc_error_dialog_parented (GTK_WINDOW (ntt->dialog), message);
gnc_error_dialog_parented (GTK_WINDOW (ntt->dialog), "%s", message);
g_free (message);
return;
}
@@ -509,7 +509,7 @@ tax_table_delete_table_cb (GtkButton *button, TaxTableWindow *ttw)
char *message =
g_strdup_printf (_("Tax table \"%s\" is in use. You cannot delete it."),
gncTaxTableGetName (ttw->current_table));
gnc_error_dialog_parented (GTK_WINDOW (ttw->dialog), message);
gnc_error_dialog_parented (GTK_WINDOW (ttw->dialog), "%s", message);
g_free (message);
return;
}

4
src/gnome/dialog-scheduledxaction.c
View File

@@ -1757,7 +1757,7 @@ delete_button_clicked( GtkButton *b, gpointer d )
* they confirm they actually want to do the deletion
* generically. If it's false, cleanup and return. */
if ( ! (destroyOpenedResult =
gnc_verify_dialog_parented( sxd->dialog, FALSE,
gnc_verify_dialog_parented( sxd->dialog, FALSE, "%s",
realConfDelOpenMsg->str )) ) {
for ( l = beingEditedList; l; l = l->next ) {
g_list_free( (GList*)l->data );
@@ -1768,7 +1768,7 @@ delete_button_clicked( GtkButton *b, gpointer d )
}
}
if ( gnc_verify_dialog_parented( sxd->dialog, FALSE,
if ( gnc_verify_dialog_parented( sxd->dialog, FALSE, "%s",
realConfDeleteMsg->str ) ) {
/* Close the being-edited transactions. */
if ( destroyOpenedResult ) {

8
src/gnome/gnc-split-reg.c
View File

@@ -1163,10 +1163,10 @@ gsr_default_delete_handler( GNCSplitReg *gsr, gpointer data )
g_free (buf);
buf = new_buf;
result =
gnc_generic_warning_dialog_parented(gsr->window, two_choices, buf);
gnc_generic_warning_dialog_parented(gsr->window, two_choices, "%s", buf);
} else {
result =
gnc_generic_question_dialog_parented(gsr->window, two_choices,buf);
gnc_generic_question_dialog_parented(gsr->window, two_choices, "%s", buf);
}
g_free(buf);
@@ -1197,7 +1197,7 @@ gsr_default_delete_handler( GNCSplitReg *gsr, gpointer data )
} else {
buf = g_strdup (message);
result =
gnc_generic_question_dialog_parented(gsr->window, two_choices,buf);
gnc_generic_question_dialog_parented(gsr->window, two_choices, buf);
}
g_free (buf);
@@ -2098,7 +2098,7 @@ gtk_callback_bug_workaround (gpointer argp)
{
dialog_args *args = argp;
gnc_warning_dialog_parented(args->gsr->window, args->string);
gnc_warning_dialog_parented(args->gsr->window, "%s", args->string);
g_free(args);
return FALSE;
}

4
src/import-export/hbci/hbci-interaction.c
View File

@@ -345,7 +345,7 @@ static int msgInsertMediumOrAbort(const HBCI_User *user,
retval = gnc_ok_cancel_dialog_parented (data->parent,
GNC_VERIFY_OK,
msgstr);
"%s", msgstr);
g_free (msgstr);
return (retval == GNC_VERIFY_OK);
@@ -414,7 +414,7 @@ static int msgInsertCorrectMediumOrAbort(const HBCI_User *user,
retval = gnc_ok_cancel_dialog_parented (data->parent,
GNC_VERIFY_OK,
msgstr);
"%s", msgstr);
g_free (msgstr);
return (retval == GNC_VERIFY_OK);