From 5ce4fedba27f4160ed7d1979478886c6546d382c Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Wed, 24 Nov 2010 13:12:52 -0500
Subject: fix PR592: netx can create invalid desktop entry files

2010-11-24  Omair Majid  <omajid@redhat.com>

    Fix PR592.
    * netx/net/sourceforge/jnlp/util/XDesktopEntry.java
    (getContentsAsReader): Sanitize information before adding to desktop file.
    (sanitize): New method. Ensure that there are no newlines in input.
---
 netx/net/sourceforge/jnlp/util/XDesktopEntry.java | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'netx/net/sourceforge/jnlp/util/XDesktopEntry.java')

diff --git a/netx/net/sourceforge/jnlp/util/XDesktopEntry.java b/netx/net/sourceforge/jnlp/util/XDesktopEntry.java
index b4baef7..d5ebf0f 100644
--- a/netx/net/sourceforge/jnlp/util/XDesktopEntry.java
+++ b/netx/net/sourceforge/jnlp/util/XDesktopEntry.java
@@ -80,9 +80,9 @@ public class XDesktopEntry {
 
         String fileContents = "[Desktop Entry]\n";
         fileContents += "Version=1.0\n";
-        fileContents += "Name=" + file.getTitle() + "\n";
+        fileContents += "Name=" + sanitize(file.getTitle()) + "\n";
         fileContents += "GenericName=Java Web Start Application\n";
-        fileContents += "Comment=" + file.getInformation().getDescription() + "\n";
+        fileContents += "Comment=" + sanitize(file.getInformation().getDescription()) + "\n";
         fileContents += "Type=Application\n";
         if (iconLocation != null) {
             fileContents += "Icon=" + iconLocation + "\n";
@@ -91,7 +91,7 @@ public class XDesktopEntry {
 
         }
         if (file.getInformation().getVendor() != null) {
-            fileContents += "Vendor=" + file.getInformation().getVendor() + "\n";
+            fileContents += "Vendor=" + sanitize(file.getInformation().getVendor()) + "\n";
         }
 
         //Shortcut executes the jnlp from cache and system preferred java..
@@ -101,6 +101,22 @@ public class XDesktopEntry {
 
     }
 
+    /**
+     * Sanitizes a string so that it can be used safely in a key=value pair in a
+     * desktop entry file.
+     *
+     * @param input a String to sanitize
+     * @return a string safe to use as either the key or the value in the
+     * key=value pair in a desktop entry file
+     */
+    private static String sanitize(String input) {
+        if (input == null) {
+            return "";
+        }
+        /* key=value pairs must be a single line */
+        return input.split("\n")[0];
+    }
+
     /**
      * Get the size of the icon (in pixels) for the desktop shortcut
      */
-- 
cgit v1.2.3