edje_entry: Make a result of retrieve_surrounding_cb secure

Summary: Regardless of the password mode of Entry, _edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text to any callers who register that callback. This commit replace plain text with '*' because current behavior could be a security hole in some case. Reviewers: woohyun, id213sin, jihoon Reviewed By: jihoon Subscribers: cedric, jsuya, z-wony, jpeg Differential Revision: https://phab.enlightenment.org/D4238
author: Jihoon Kim <jihoon48.kim@samsung.com> 2016-08-18 10:40:24 +0900
committer: Jihoon Kim <jihoon48.kim@samsung.com> 2016-08-18 10:40:24 +0900
commit: 0e35f8454eb993da74bd4fb5d0c089e068b87cbf (patch)
tree: 375faeebb1b3dadb43141fd0684134ab6ff8c146
parent: 16986ffc7aded1e8baf1eb36227d425cc30d8f03 (diff)
download: efl-0e35f8454eb993da74bd4fb5d0c089e068b87cbf.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index fca05a0ead..dae01925f3 100644
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -4411,6 +4411,13 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_
 
              if (plain_text)
                {
+                  if (ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA)
+                    {
+                       char *itr = NULL;
+                       for (itr = plain_text; itr && *itr; ++itr)
+                         *itr = '*';
+                    }
+
                   *text = strdup(plain_text);
 
                   free(plain_text);
author	Jihoon Kim <jihoon48.kim@samsung.com>	2016-08-18 10:40:24 +0900
committer	Jihoon Kim <jihoon48.kim@samsung.com>	2016-08-18 10:40:24 +0900
commit	0e35f8454eb993da74bd4fb5d0c089e068b87cbf (patch)
tree	375faeebb1b3dadb43141fd0684134ab6ff8c146
parent	16986ffc7aded1e8baf1eb36227d425cc30d8f03 (diff)
download	efl-0e35f8454eb993da74bd4fb5d0c089e068b87cbf.tar.gz