From 4bd0dcfca0534098b03013d6e1eaa178ab42133d Mon Sep 17 00:00:00 2001 From: Michael Roitzsch Date: Tue, 16 Mar 2004 20:50:08 +0000 Subject: implicit changes to the configuration are now disabled by default and have to be enabled by the user CVS patchset: 6274 CVS date: 2004/03/16 20:50:08 --- src/xine-engine/configfile.c | 11 ++++++++++- src/xine-engine/xine.c | 17 ++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/xine-engine/configfile.c b/src/xine-engine/configfile.c index 87791acb0..dd8fa7806 100644 --- a/src/xine-engine/configfile.c +++ b/src/xine-engine/configfile.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: configfile.c,v 1.62 2004/03/03 20:09:16 mroi Exp $ + * $Id: configfile.c,v 1.63 2004/03/16 20:50:08 mroi Exp $ * * config object (was: file) management - implementation * @@ -969,6 +969,15 @@ int _x_config_change_opt(config_values_t *config, const char *opt) { int handled = 0; lprintf ("change_opt '%s'\n", opt); + + if ((entry = config->lookup_entry(config, "misc.implicit_config")) && + entry->type == CONFIG_TYPE_BOOL) { + if (!entry->num_value) + /* changing config entries implicitly is denied */ + return -1; + } else + /* someone messed with the config entry */ + return -1; if(config && opt) { char *key, *value; diff --git a/src/xine-engine/xine.c b/src/xine-engine/xine.c index 2630cbb96..e5b26acb3 100644 --- a/src/xine-engine/xine.c +++ b/src/xine-engine/xine.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: xine.c,v 1.284 2004/03/03 20:09:18 mroi Exp $ + * $Id: xine.c,v 1.285 2004/03/16 20:50:09 mroi Exp $ */ /* @@ -1429,6 +1429,21 @@ void xine_init (xine_t *this) { _("Path for saving streams"), _("Streams will be saved only into this directory"), XINE_CONFIG_SECURITY, __config_save_cb, this); + + /* + * implicit configuration changes + */ + this->config->register_bool(this->config, + "misc.implicit_config", 0, + _("allow implicit changes to the configuration (e.g. by MRL)"), + _("If enabled, you allow xine to change your configuration without " + "explicit actions from your side. For example configuration changes " + "demanded by MRLs or embedded into playlist will be executed.\n" + "This setting is security critcal, because xine can receive MRLs or " + "playlists from untrusted remote sources. If you allow them to " + "arbitrarily change your configuration, you might end with a totally " + "messed up xine."), + XINE_CONFIG_SECURITY, NULL, this); /* * keep track of all opened streams -- cgit v1.2.3