From dc7ba390ce47ec3179fbddbf0b119c7fd730cb4a Mon Sep 17 00:00:00 2001
From: Michael Roitzsch <mroi@users.sourceforge.net>
Date: Fri, 24 Oct 2003 09:34:01 +0000
Subject: * notify the user that the save feature is disabled by default *
 security warning when the user tries to set the save_dir to a dangerous
 location

CVS patchset: 5586
CVS date: 2003/10/24 09:34:01
---
 include/xine.h.in                |  5 +++--
 src/xine-engine/input_rip.c      |  4 +++-
 src/xine-engine/xine.c           | 19 ++++++++++++++++++-
 src/xine-engine/xine_interface.c |  5 +++--
 4 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/include/xine.h.in b/include/xine.h.in
index 8a0ec2e31..7675cc4c6 100644
--- a/include/xine.h.in
+++ b/include/xine.h.in
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
  *
- * $Id: xine.h.in,v 1.99 2003/10/22 16:49:26 mroi Exp $
+ * $Id: xine.h.in,v 1.100 2003/10/24 09:34:01 mroi Exp $
  *
  * public xine-lib (libxine) interface and documentation
  *
@@ -1576,7 +1576,8 @@ typedef struct {
 #define XINE_MSG_FILE_NOT_FOUND		6  /* (file name or mrl) */
 #define XINE_MSG_READ_ERROR		7  /* (device/file/mrl)  */
 #define XINE_MSG_LIBRARY_LOAD_ERROR	8  /* (library/decoder)  */
-#define XINE_MSG_ENCRYPTED_SOURCE	9  /* none */
+#define XINE_MSG_ENCRYPTED_SOURCE	9  /* none               */
+#define XINE_MSG_SECURITY		10 /* (security message) */
 
 /* opaque xine_event_queue_t */
 typedef struct xine_event_queue_s xine_event_queue_t;
diff --git a/src/xine-engine/input_rip.c b/src/xine-engine/input_rip.c
index b96d3414d..8b5cfbb08 100644
--- a/src/xine-engine/input_rip.c
+++ b/src/xine-engine/input_rip.c
@@ -29,7 +29,7 @@
  * - it's possible speeder saving streams in the xine without playing:
  *     xine stream_mrl#save:file.raw\;noaudio\;novideo
  *
- * $Id: input_rip.c,v 1.8 2003/10/20 08:36:57 valtri Exp $
+ * $Id: input_rip.c,v 1.9 2003/10/24 09:34:01 mroi Exp $
  */
 
 /* TODO:
@@ -540,6 +540,8 @@ input_plugin_t *rip_plugin_get_instance (xine_stream_t *stream, const char *file
   if (!stream->xine->save_path[0]) {
     xine_log(stream->xine, XINE_LOG_MSG,
       _("input_rip: target directory wasn't specified, please fill out the option 'misc.save_dir'\n"));
+    xine_message(stream, XINE_MSG_SECURITY,
+      _("The stream save feature is disabled until you set misc.save_dir in the configuration."));
     return NULL;
   }
   
diff --git a/src/xine-engine/xine.c b/src/xine-engine/xine.c
index ddca0f974..dd275149f 100644
--- a/src/xine-engine/xine.c
+++ b/src/xine-engine/xine.c
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
  *
- * $Id: xine.c,v 1.259 2003/10/20 08:36:57 valtri Exp $
+ * $Id: xine.c,v 1.260 2003/10/24 09:34:01 mroi Exp $
  */
 
 /*
@@ -1222,7 +1222,24 @@ static void config_demux_strategy_cb (void *this_gen, xine_cfg_entry_t *entry) {
 
 static void config_save_cb (void *this_gen, xine_cfg_entry_t *entry) {
   xine_t *this = (xine_t *)this_gen;
+  char *homedir_trail_slash = strcat(strdup(xine_get_homedir()), "/");
 
+  if (entry->str_value[0] &&
+      (entry->str_value[0] != '/' || strstr(entry->str_value, "/.") ||
+       strcmp(entry->str_value, xine_get_homedir()) == 0 ||
+       strcmp(entry->str_value, homedir_trail_slash) == 0)) {
+    xine_stream_t *stream;
+    
+    xine_log(this, XINE_LOG_MSG,
+      _("xine: The specified save_dir \"%s\" might be a security risk.\n"), entry->str_value);
+    
+    pthread_mutex_lock(&this->streams_lock);
+    if ((stream = (xine_stream_t *)xine_list_first_content(this->streams)))
+      xine_message(stream, XINE_MSG_SECURITY, _("The specified save_dir might be a security risk."), NULL);
+    pthread_mutex_unlock(&this->streams_lock);
+  }
+  
+  free(homedir_trail_slash);
   this->save_path = entry->str_value;
 }
 
diff --git a/src/xine-engine/xine_interface.c b/src/xine-engine/xine_interface.c
index db60e60e7..1aab5feea 100644
--- a/src/xine-engine/xine_interface.c
+++ b/src/xine-engine/xine_interface.c
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
  *
- * $Id: xine_interface.c,v 1.60 2003/10/21 22:10:34 f1rmb Exp $
+ * $Id: xine_interface.c,v 1.61 2003/10/24 09:34:01 mroi Exp $
  *
  * convenience/abstraction layer, functions to implement
  * libxine's public interface
@@ -772,7 +772,7 @@ int xine_message(xine_stream_t *stream, int type, ...) {
 
   static char *std_explanation[] = {
     "",
-    "Warning",
+    "Warning:",
     "Unknown host:",
     "Unknown device:",
     "Network unreachable",
@@ -781,6 +781,7 @@ int xine_message(xine_stream_t *stream, int type, ...) {
     "Read error from:",
     "Error loading library:",
     "Encrypted media stream detected",
+    "Security message:"
   };
 
   if( type >= 0 && type < sizeof(std_explanation)/
-- 
cgit v1.2.3