fuzzyroddis
commented
7 years ago Problem Line: https://github.com/tonsky/AnyBar/blob/master/AnyBar/AppDelegate.m#L132 One Kind of Fix: Use a regular expression to limit image file names to [a-zA-Z0-9.-_]
Open fuzzyroddis opened 7 years ago
fuzzyroddis
commented
7 years ago Problem Line: https://github.com/tonsky/AnyBar/blob/master/AnyBar/AppDelegate.m#L132 One Kind of Fix: Use a regular expression to limit image file names to [a-zA-Z0-9.-_]
tonsky
commented
7 years ago Although I agree it sounds insecure it's all limited to local machine and worst that could happen is you see the image on your own screen. I'll think what I can do about it
On Wed, Sep 6, 2017 at 12:13 PM Steven Roddis notifications@github.com wrote:
Problem Line: https://github.com/tonsky/AnyBar/blob/master/AnyBar/AppDelegate.m#L132 One Kind of Fix: Use a regular expression to limit image file names to [a-zA-Z0-9.-_]
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/tonsky/AnyBar/issues/66#issuecomment-327424519, or mute the thread https://github.com/notifications/unsubscribe-auth/AARabCgWbinMNhzVZmb7nHKxgfsbU_hdks5sfmIjgaJpZM4PODnH .
What should happen: A question mark icon is displayed as no valid icon was found in ~/.AnyBar
What happens: The secret icon is displayed which is located at ~/.AnyBar/../secret_icon.png
I can't think of a way to exploit it however.