diff options
author | Jihoon Kim <jihoon48.kim@samsung.com> | 2016-08-18 10:40:24 +0900 |
---|---|---|
committer | Jihoon Kim <jihoon48.kim@samsung.com> | 2016-08-18 10:40:24 +0900 |
commit | 0e35f8454eb993da74bd4fb5d0c089e068b87cbf (patch) | |
tree | 375faeebb1b3dadb43141fd0684134ab6ff8c146 | |
parent | 16986ffc7aded1e8baf1eb36227d425cc30d8f03 (diff) | |
download | efl-0e35f8454eb993da74bd4fb5d0c089e068b87cbf.tar.gz |
edje_entry: Make a result of retrieve_surrounding_cb secure
Summary:
Regardless of the password mode of Entry,
_edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text
to any callers who register that callback.
This commit replace plain text with '*'
because current behavior could be a security hole in some case.
Reviewers: woohyun, id213sin, jihoon
Reviewed By: jihoon
Subscribers: cedric, jsuya, z-wony, jpeg
Differential Revision: https://phab.enlightenment.org/D4238
-rw-r--r-- | src/lib/edje/edje_entry.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c index fca05a0ead..dae01925f3 100644 --- a/src/lib/edje/edje_entry.c +++ b/src/lib/edje/edje_entry.c @@ -4411,6 +4411,13 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_ if (plain_text) { + if (ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA) + { + char *itr = NULL; + for (itr = plain_text; itr && *itr; ++itr) + *itr = '*'; + } + *text = strdup(plain_text); free(plain_text); |