Merge pull request #687 from jubalh/openurlwarning

Add warning to OpenURL()
author: Ray <raysan5@gmail.com> 2018-11-12 14:41:36 +0100
committer: GitHub <noreply@github.com> 2018-11-12 14:41:36 +0100
commit: d2f4cc1142894357ffe983863b2cce04ac91fae5 (patch)
tree: 63ec90588c2addd443337fe30b18a01a9a3441e0 /src
parent: 30a1edd40ef77b1bbbd90be7c848985f064f7060 (diff)
parent: a8dffc63fbe3926498ecb905428f454d0afbe526 (diff)
download: raylib-d2f4cc1142894357ffe983863b2cce04ac91fae5.tar.gz
raylib-d2f4cc1142894357ffe983863b2cce04ac91fae5.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/core.c b/src/core.c
index 1f4707c8..88b41935 100644
--- a/src/core.c
+++ b/src/core.c
@@ -1820,6 +1820,12 @@ int StorageLoadValue(int position)
 }
 
 // Open URL with default system browser (if available)
+// Note:
+// This function is onlyl safe to use if you control the URL given.
+// A user could craft a malicious string performing another action.
+// Only call this function yourself not with user input or make sure to check the
+// string yourself.
+// See https://github.com/raysan5/raylib/issues/686
 void OpenURL(const char *url)
 {
     char *cmd = calloc(strlen(url) + 10, sizeof(char));
author	Ray <raysan5@gmail.com>	2018-11-12 14:41:36 +0100
committer	GitHub <noreply@github.com>	2018-11-12 14:41:36 +0100
commit	d2f4cc1142894357ffe983863b2cce04ac91fae5 (patch)
tree	63ec90588c2addd443337fe30b18a01a9a3441e0 /src
parent	30a1edd40ef77b1bbbd90be7c848985f064f7060 (diff)
parent	a8dffc63fbe3926498ecb905428f454d0afbe526 (diff)
download	raylib-d2f4cc1142894357ffe983863b2cce04ac91fae5.tar.gz raylib-d2f4cc1142894357ffe983863b2cce04ac91fae5.zip