Index: IETray.cpp =================================================================== RCS file: d:\cvsroot/iepatch/IETray.cpp,v retrieving revision 1.1 retrieving revision 1.3 diff -r1.1 -r1.3 30a31,35 > // Hacked on by Paul Hsieh. In the spirit of > // concern for security trumping restrictive > // EULAs and licensing, I have violated 2) > // above. > 40,41d44 < char sNew[256]; < 128c131 < void RemoveAtAnd(char *s) --- > static void RemoveAtAnd (char *s) 130,143c133,139 < char *ptr = strstr(s,"@"); < while (ptr != NULL) < { < for (;ptr char * t = s; > do { > *t = *s; > if (!*s) break; > s++; > t += (*t == '@' || *t == '&') ? 0 : 1; > } while (1); 150,183c146,170 < char *dest = (char *)malloc(256*sizeof(char)); < < WideCharToMultiByte( CP_ACP, 0, (BSTR)url->bstrVal, -1, < dest, 256, NULL, NULL ); < < char s[3]; < sprintf(s,"%c@",1); < < < if (NULL != strstr(dest,"\2") || NULL != strstr(dest,"\1") || NULL != strstr(dest,"\218")) < { < WCHAR *url=(WCHAR *)malloc(256*sizeof(WCHAR)); < < char surl[256]; < strcpy(surl,"http://www.openwares.org/cgi-bin/exploit.cgi?"); < < char sFake[256]; < char sTrue[256]; < < if (NULL != strstr(dest,"\2")) < { < strcpy(sFake,strstr(dest,"\2") +1); < _mbsnbcpy((unsigned char*)sTrue,(unsigned char*)dest,strlen(dest)-strlen(sFake)-1); < sTrue[strlen(dest)-strlen(sFake)-1]='\0'; < RemoveAtAnd(sTrue); < RemoveAtAnd(sFake); < < } else if (NULL != strstr(dest,"\1")) < { < strcpy(sFake,strstr(dest,"\1") +1); < _mbsnbcpy((unsigned char*)sTrue,(unsigned char*)dest,strlen(dest)-strlen(sFake)-1); < sTrue[strlen(dest)-strlen(sFake)-1]='\0'; < RemoveAtAnd(sTrue); < RemoveAtAnd(sFake); --- > /* Obtain the length of the Wide Character string. */ > int len = WideCharToMultiByte (CP_ACP, 0, (BSTR)url->bstrVal, -1, > NULL, 0, NULL, NULL ); > if (len <= 0) len = 256; > char *dest = (char *) malloc( len * sizeof(char) ); > /* if (!dest) throw (...); */ > > /* Convert the Wide Character string to the multibyte character set. */ > int destLen = WideCharToMultiByte( CP_ACP, 0, (BSTR)url->bstrVal, -1, > dest, 256, NULL, NULL ); > > char * sFake, * sTrue; > > for (int i=0; dest[i]; i++) { > switch (dest[i]) { > case '\2': > case '\1': > strcpy (sFake = (char *) malloc (destLen * sizeof (char)), dest + i + 1); > memcpy (sTrue = (char *) malloc (destLen * sizeof (char)), dest, i); > sTrue[i] = '\0'; > goto DoneFindingBadCharacters; > case '\218': > strcpy (sFake = (char *) malloc (destLen * sizeof (char)), "unknown"); > strcpy (sTrue = (char *) malloc (destLen * sizeof (char)), "unknown"); > goto DoneFindingBadCharacters; 185,208c172 < else < { < strcpy(sFake,"unknown"); < strcpy(sTrue,"unknown"); < RemoveAtAnd(sTrue); < RemoveAtAnd(sFake); < } < < /* if (NULL != strstr(dest,"\0")) < { < strcpy(sFake,strstr(dest,"\0") +1); < _mbsnbcpy((unsigned char*)sTrue,(unsigned char*)dest,strlen(dest)-strlen(sFake)-1); < sTrue[strlen(dest)-strlen(sFake)-1]='\0'; < < }*/ < < strcat(surl,sFake); < strcat(surl,"&"); < strcat(surl,sTrue); < < MultiByteToWideChar( CP_ACP, 0, surl, -1, < url, 256 ); < < m_smtWB->Navigate(url,0,0,0,0); --- > } 210c174,175 < *Cancel = VARIANT_TRUE; --- > free (dest); > return; 212,213c177,205 < < } --- > DoneFindingBadCharacters:; > free (dest); > RemoveAtAnd (sTrue); > RemoveAtAnd (sFake); > > // Can this be changed to something like file://$ENV(IEPatchDir)/errMsg.html ? > char openwaresUrl[] = "http://www.openwares.org/cgi-bin/exploit.cgi?"; > > char * sUrl = (char *) malloc ((sizeof openwaresUrl) + 1 + strlen (sTrue) + strlen (sFake) + 1); > > strcpy (sUrl, openwaresUrl); > strcat (sUrl, sFake); > strcat (sUrl, "&"); > strcat (sUrl, sTrue); > > int sUrlLen = strlen (sUrl); > > free (sFake); > free (sTrue); > > WCHAR *newUrl = (WCHAR *) malloc ((2 + sUrlLen) * sizeof(WCHAR)); > /* if (!newUrl) throw (...); */ > > MultiByteToWideChar( CP_ACP, 0, (char *) sUrl, -1, > newUrl, 1 + sUrlLen ); > free (sUrl); > m_smtWB->Navigate (newUrl, 0, 0, 0, 0); > free (newUrl); > *Cancel = VARIANT_TRUE;