Index: kdemultimedia/kmidi/common.cpp diff -u kdemultimedia/kmidi/common.cpp:1.6 kdemultimedia/kmidi/common.cpp:1.6.6.2 --- kdemultimedia/kmidi/common.cpp:1.6 Sat Aug 19 03:45:50 2000 +++ kdemultimedia/kmidi/common.cpp Fri Dec 13 16:19:10 2002 @@ -56,6 +56,32 @@ #define R_OPEN_MODE O_RDONLY #endif +static char * shell_quote(const char *s) +{ + char *result; + char *p; + p = result = (char *)malloc(strlen(s)*5+3); + *p++ = '\''; + while(*s) + { + if (*s == '\'') + { + *p++ = '\''; + *p++ = '"'; + *p++ = *s++; + *p++ = '"'; + *p++ = '\''; + } + else + { + *p++ = *s++; + } + } + *p++ = '\''; + *p = '\0'; + return result; +} + /* Try to open a file for reading. If the filename ends in one of the defined compressor extensions, pipe the file through the decompressor */ static FILE *try_to_open(char *name, int decompress) @@ -77,41 +103,23 @@ { int l,el; static const char *decompressor_list[] = DECOMPRESSOR_LIST, **dec; - char tmp[1024], tmp2[1024], *cp, *cp2; + char tmp[1024], *quoted_name; /* Check if it's a compressed file */ l=strlen(name); for (dec=decompressor_list; *dec; dec+=2) { el=strlen(*dec); - if ((el>=l) || (strcmp(name+l-el, *dec))) + if ((l > sizeof(tmp)-128) || (el>=l) || (strcmp(name+l-el, *dec))) continue; /* Yes. Close the file, open a pipe instead. */ fclose(fp); /* Quote some special characters in the file name */ - cp=name; - cp2=tmp2; - while (*cp) - { - switch(*cp) - { - case '\'': - case '\\': - case ' ': - case '`': - case '!': - case '"': - case '&': - case ';': - *cp2++='\\'; - } - *cp2++=*cp++; - } - *cp2=0; - - sprintf(tmp, *(dec+1), tmp2); + quoted_name = shell_quote(name); + sprintf(tmp, *(dec+1), quoted_name); fp=popen(tmp, "r"); + free(quoted_name); break; } } Index: kdemultimedia/kscd/CDDBSetup.cpp diff -u kdemultimedia/kscd/CDDBSetup.cpp:1.33 kdemultimedia/kscd/CDDBSetup.cpp:1.33.2.2 --- kdemultimedia/kscd/CDDBSetup.cpp:1.33 Fri Jul 27 14:12:09 2001 +++ kdemultimedia/kscd/CDDBSetup.cpp Fri Dec 6 08:54:42 2002 @@ -8,7 +8,7 @@ #include #include - +#include #include #include #include @@ -63,8 +63,7 @@ connect(currentSubmitAddPB, SIGNAL(clicked()), this, SLOT(insertSUL())); connect(currentSubmitDelPB, SIGNAL(clicked()), this, SLOT(removeSUL())); - QIntValidator *port_validator=new QIntValidator(this,"HTTP Port Validator"); - port_validator->setRange(0, INT_MAX ); + KIntValidator *port_validator=new KIntValidator(0,INT_MAX,proxy_port_ef); proxy_port_ef->setValidator(port_validator); proxy_port_ef->setEnabled(cddb_http_cb->isChecked()); @@ -241,7 +240,7 @@ remote_cddb_cb->setChecked(true); cddb_http_cb->setChecked(false); // Leave proxy host and port values unchanged, just disable them - + cddb_timeout_ef->setText("30"); emit updateCurrentServer(); } // set_defaults @@ -311,27 +310,24 @@ it != list.end(); ++it ) { - char ser [CDDB_FIELD_BUFFER_LEN]; - char por [CDDB_FIELD_BUFFER_LEN]; - char proto [CDDB_FIELD_BUFFER_LEN]; - char extra [CDDB_FIELD_BUFFER_LEN]; - char email [CDDB_FIELD_BUFFER_LEN]; - - QString srv=*it; - sscanf(srv.ascii(),"%s %s %s %s",ser,proto,por,extra); - CDDB::transport t=CDDB::decodeTransport(proto); + QStringList sl = QStringList::split(' ', *it); + CDDB::transport t = CDDB::UNKNOWN; + if (sl.count() > 1) + t = CDDB::decodeTransport(sl[1].ascii()); if(t==CDDB::UNKNOWN) { continue; } else { if(t==CDDB::SMTP) { - snprintf(email, sizeof(email),"%s@%s",extra,ser); - have_email=true; - submission_listbox->insertItem(email, -1); + if (sl.count() > 3) { + QString email = sl[3] + "@" + sl[0]; + have_email=true; + submission_listbox->insertItem(email, -1); + } } else { have_srv=true; - server_listbox->insertItem(srv, -1); + server_listbox->insertItem(*it, -1); } } } Index: kdemultimedia/kscd/CDDBSetupData.cpp diff -u kdemultimedia/kscd/CDDBSetupData.cpp:1.23 kdemultimedia/kscd/CDDBSetupData.cpp:1.23.2.1 --- kdemultimedia/kscd/CDDBSetupData.cpp:1.23 Fri Jul 27 11:09:01 2001 +++ kdemultimedia/kscd/CDDBSetupData.cpp Sun Feb 3 10:55:03 2002 @@ -55,7 +55,7 @@ cddb_timeout_ef->setText( "30" ); cddb_timeout_ef->setMaxLength ( 5 ); cddb_timeout_ef->setFixedWidth ( 5*fm.maxWidth() ); - cddb_timeout_ef->setValidator(new QIntValidator (cddb_timeout_ef)); + cddb_timeout_ef->setValidator(new KIntValidator (0,9999,cddb_timeout_ef)); lay3->addWidget ( cddb_timeout_ef ); QLabel* cddb_timeout_lb = new QLabel( i18n("seconds freedb timeout"), group, "CDDBTimeoutLabel" ); lay3->addWidget ( cddb_timeout_lb ); Index: kdemultimedia/kscd/CDDialog.cpp diff -u kdemultimedia/kscd/CDDialog.cpp:1.48 kdemultimedia/kscd/CDDialog.cpp:1.48.2.1 --- kdemultimedia/kscd/CDDialog.cpp:1.48 Tue Jun 12 08:06:45 2001 +++ kdemultimedia/kscd/CDDialog.cpp Tue Feb 26 10:16:42 2002 @@ -174,10 +174,9 @@ // put one of these into the destructor too.. if(cdinfo.cddbtoc) delete [] cdinfo.cddbtoc; - - + if(!cd) + return; cdinfo.cddbtoc = new struct mytoc [cd->ntracks + 2]; - /* * Avoid people who need to edit titles of "no discs" to crash kscd. */ @@ -192,7 +191,6 @@ listbox->repaint(); return; } - cdinfo.magicID = cddb_discid(); /* cddb magic disk id */ cdinfo.ntracks = cd->ntracks; /* Number of tracks on the disc */ cdinfo.length = cd->length; /* Total running time in seconds */ Index: kdemultimedia/kscd/cddb.cpp diff -u kdemultimedia/kscd/cddb.cpp:1.40.2.1 kdemultimedia/kscd/cddb.cpp:1.40.2.3 --- kdemultimedia/kscd/cddb.cpp:1.40.2.1 Tue Nov 6 07:07:47 2001 +++ kdemultimedia/kscd/cddb.cpp Sat Dec 7 06:09:45 2002 @@ -72,21 +72,6 @@ protocol_level=1; // for direct connections assuming CDDB protocol level 1 - // get current user/host name - struct utsname uts; - - uname(&uts); - domainname = uts.nodename; - - - if(domainname.isEmpty()) - domainname = "somemachine.nowhere.org"; - - pw = getpwuid(getuid()); - if (pw) - username = pw->pw_name; - else - username = "anonymous"; //printf("cddb info: host[%s] port[%d] connected[%d] readonly[%d] timeout[%d]\n", host, port, connected, readonly, timeout); //printf("attemping to connect to cddb...\n"); //fflush(stdout); @@ -156,18 +141,21 @@ void CDDB::cddbgetServerList(QString& _server) { - char ser [CDDB_FIELD_BUFFER_LEN]; - char por [CDDB_FIELD_BUFFER_LEN]; - char proto [CDDB_FIELD_BUFFER_LEN]; - char extra [CDDB_FIELD_BUFFER_LEN]; + protocol = UNKNOWN; - sscanf(_server.ascii(),"%s %s %s %s",ser,proto,por,extra); - - hostname = ser; - port = atoi(por); - cgi = extra; + QStringList fields = QStringList::split(' ', _server); + + if (fields.count() > 0) + hostname = fields[0]; + if (fields.count() > 1) { + fields[1].truncate(20); + protocol = decodeTransport(fields[1].ascii()); + } + if (fields.count() > 2) + port = fields[2].toInt(); + if (fields.count() > 3) + cgi = fields[3]; - protocol=decodeTransport(proto); kdDebug() << "GETTING SERVERLIST\n" << endl; @@ -196,18 +184,22 @@ void CDDB::cddb_connect(QString& _server) { - char ser[CDDB_FIELD_BUFFER_LEN]; - char por[CDDB_FIELD_BUFFER_LEN]; - char proto[CDDB_FIELD_BUFFER_LEN]; - char extra[CDDB_FIELD_BUFFER_LEN]; - - sscanf(_server.ascii(),"%s %s %s %s",ser,proto,por,extra); - - hostname = ser; - port = atoi(por); - cgi = extra; - protocol = decodeTransport(proto); - + protocol = UNKNOWN; + + QStringList fields = QStringList::split(' ', _server); + + if (fields.count() > 0) + hostname = fields[0]; + if (fields.count() > 1) { + fields[1].truncate(20); + protocol = decodeTransport(fields[1].ascii()); + } + if (fields.count() > 2) + port = fields[2].toInt(); + if (fields.count() > 3) + cgi = fields[3]; + + mode = REGULAR; if(protocol==CDDBP) { @@ -293,7 +285,7 @@ QString identification; prot.setNum(protocol_level); - identification="&hello="+username+"+"+domainname+"+Kscd+"+KSCDVERSION+"&proto="+prot; + identification=QString("&hello=anonymous+kde+Kscd+")+KSCDVERSION+"&proto="+prot; prt.setNum(port); QString base = "http://"+hostname+":"+prt; @@ -515,28 +507,31 @@ break; case HTTP_REQUEST: - //Parse responce and check numeric code. - char proto [CDDB_FIELD_BUFFER_LEN]; - char code [CDDB_FIELD_BUFFER_LEN]; - sscanf(lastline.ascii(),"%s %s",proto,code); - if(strcmp(code,"200")==0) - { - if(use_http_proxy) - { - state=HTTP_HEADER; - kdDebug() << "HTTP request is OK. Reading HTTP header.\n" << endl; - } else { - state=saved_state; - kdDebug() << "HTTP request is OK. Mooving on.\n" << endl; - } - } else { - kdDebug() << "HTTP error: " << lastline << "\n" << endl; - if(saved_state==SERVER_LIST_WAIT) - { - emit get_server_list_failed(); - } - state=CDDB_DONE; //TODO: some error state - } + { + // Parse response and check numeric code. + QString code; + QStringList fields = QStringList::split(' ', lastline); + if (fields.count() > 1) + code = fields[1]; + if(code == "200") + { + if(use_http_proxy) + { + state = HTTP_HEADER; + kdDebug() << "HTTP request is OK. Reading HTTP header.\n" << endl; + } else { + state = saved_state; + kdDebug() << "HTTP request is OK. Mooving on.\n" << endl; + } + } else { + kdDebug() << "HTTP error: " << lastline << "\n" << endl; + if (saved_state == SERVER_LIST_WAIT) + { + emit get_server_list_failed(); + } + state = CDDB_DONE; //TODO: some error state + } + } break; case INIT: @@ -547,9 +542,7 @@ QString hellostr; // cddb hello username hostname clientname version - hellostr = QString("cddb hello %1 %2 Kscd %3\n") - .arg(username) - .arg(domainname) + hellostr = QString("cddb hello anonymous kde Kscd %1\n") .arg(KSCDVERSION); kdDebug() << "hellostr: " << hellostr << "\n" << endl; @@ -742,24 +735,22 @@ void CDDB::parse_serverlist_entry() { - char serv [CDDB_FIELD_BUFFER_LEN]; - char po [CDDB_FIELD_BUFFER_LEN]; - char proto [CDDB_FIELD_BUFFER_LEN]; - char extra [CDDB_FIELD_BUFFER_LEN]; - - QCString tempstr; + QString tempstr; + QStringList sl = QStringList::split(' ', lastline); if(protocol_level<3) { - sscanf(lastline.ascii(),"%s %s",serv,po); - tempstr = tempstr.sprintf("%s cddbp %s -",serv,po); - serverlist.append(tempstr); + if (sl.count() > 1) { + tempstr = sl[0] + " cddbp " + sl[1] + " -"; + serverlist.append(tempstr); + } } else { - sscanf(lastline.ascii(),"%s %s %s %s",serv,proto,po,extra); - tempstr = tempstr.sprintf("%s %s %s %s",serv,proto,po,extra); - // transport tr=decodeTransport(proto); - // if(tr==CDDBP || tr==CDDBHTTP) - serverlist.append(tempstr); + if (sl.count() > 3) { + tempstr = sl[0] + " " + sl[1] + " " + sl[2] + " " + sl[3]; + // transport tr=decodeTransport(proto); + // if(tr==CDDBP || tr==CDDBHTTP) + serverlist.append(tempstr); + } } } // parse_serverlist_entry @@ -1187,16 +1178,12 @@ bool CDDB::normalize_server_list_entry(QString &entry) { - char serv [CDDB_FIELD_BUFFER_LEN]; - char proto[CDDB_FIELD_BUFFER_LEN]; - char po [CDDB_FIELD_BUFFER_LEN]; - char extra[CDDB_FIELD_BUFFER_LEN]; + QStringList sl = QStringList::split(' ', entry); - if(sscanf(entry.ascii(),"%s %s %s %s",serv,proto,po,extra)==2) + if(sl.count() == 2) { // old format - sprintf(extra,"%s cddbp %s -",serv, proto); - entry=extra; + entry = sl[0] + " cddbp " + sl[1] + " -"; return true; } else { // Otherwise let us leave the item unchanged. Index: kdemultimedia/kscd/cddb.h diff -u kdemultimedia/kscd/cddb.h:1.24 kdemultimedia/kscd/cddb.h:1.24.2.1 --- kdemultimedia/kscd/cddb.h:1.24 Sun Jun 10 14:45:37 2001 +++ kdemultimedia/kscd/cddb.h Sat Dec 7 06:09:45 2002 @@ -149,9 +149,6 @@ void get_server_list_failed(); private: - - QString domainname; - QString username; QStringList inexact_list; QTimer starttimer; Index: kdemultimedia/kscd/kscd.cpp diff -u kdemultimedia/kscd/kscd.cpp:1.134 kdemultimedia/kscd/kscd.cpp:1.134.2.2 --- kdemultimedia/kscd/kscd.cpp:1.134 Fri Jul 27 13:35:28 2001 +++ kdemultimedia/kscd/kscd.cpp Tue Feb 26 10:16:42 2002 @@ -1247,7 +1247,7 @@ void KSCD::volChanged( int vol ) { - if(volstartup) + if(volstartup || !cddrive_is_ok) return; QString str; @@ -1912,10 +1912,14 @@ static int connected = 0; updateDialog = _updateDialog; - + if( !cd || cd->length == 0) { + kdDebug()<<" CD length seems to be zoom" <length); - QString fmt; if(dml.hour() > 0) fmt.sprintf("%02d:%02d:%02d",dml.hour(),dml.minute(),dml.second()); @@ -1923,10 +1927,8 @@ fmt.sprintf("%02d:%02d",dml.minute(),dml.second()); totaltimelabel->setText(fmt); - get_pathlist(pathlist); cddb.setPathList(pathlist); - if(!connected){ connect(&cddb,SIGNAL(cddb_ready()),this,SLOT(cddb_ready())); connect(&cddb,SIGNAL(cddb_failed()),this,SLOT(cddb_failed())); @@ -1937,7 +1939,6 @@ connected = 1; } led_on(); - bool res = cddb.local_query( cddb_discid(), xmcd_data, Index: kdemultimedia/kscd/libwm/cddb.c diff -u kdemultimedia/kscd/libwm/cddb.c:1.4 kdemultimedia/kscd/libwm/cddb.c:1.4.4.2 --- kdemultimedia/kscd/libwm/cddb.c:1.4 Thu Nov 2 06:51:10 2000 +++ kdemultimedia/kscd/libwm/cddb.c Fri Dec 13 11:25:58 2002 @@ -322,14 +322,16 @@ t2 = t; if(*t2 == ' ') t2++; - strcpy(cd->cdname,t2); + strncpy(cd->cdname,t2,sizeof(cd->cdname)-1); + cd->cdname[sizeof(cd->cdname)-1]='\0'; for(t2=t;*t2;t2++) { if((*t2 == ' ') && (*(t2+1) == 0)) *t2=0; } - strcpy(cd->artist,t); + strncpy(cd->artist,t,sizeof(cd->artist)-1); + cd->artist[sizeof(cd->artist)-1]='\0'; } if('T' == type) @@ -420,7 +422,7 @@ extern int cur_ntracks; int status; - char category[20]; + char category[21]; unsigned int id; strcpy(cddb.cddb_server,"localhost:888"); @@ -471,7 +473,7 @@ */ if(status == 200) /* Exact match */ { - sscanf(tempbuf,"%d %s %08x",&status,category,&id); + sscanf(tempbuf,"%d %20s %08x",&status,category,&id); cddbp_read(category,id); connect_read_entry(); } @@ -480,7 +482,7 @@ * Hack: always use first. */ { connect_getline(tempbuf); - sscanf(tempbuf,"%s %08x",category,&id); + sscanf(tempbuf,"%20s %08x",category,&id); while(strcmp(tempbuf,".")) connect_getline(tempbuf); cddbp_read(category,id); @@ -519,7 +521,7 @@ { connect_close(); connect_open(); - sscanf(tempbuf,"%d %s %08x",&status,category,&id); + sscanf(tempbuf,"%d %20s %08x",&status,category,&id); http_read(category,id); connect_read_entry(); } @@ -528,7 +530,7 @@ * Hack: always use first. */ { connect_getline(tempbuf); - sscanf(tempbuf,"%s %08x",category,&id); + sscanf(tempbuf,"%20s %08x",category,&id); while(strcmp(tempbuf,".")) connect_getline(tempbuf); connect_close(); Index: kdemultimedia/kscd/libwm/cdinfo.c diff -u kdemultimedia/kscd/libwm/cdinfo.c:1.2 kdemultimedia/kscd/libwm/cdinfo.c:1.2.6.1 --- kdemultimedia/kscd/libwm/cdinfo.c:1.2 Tue May 30 17:18:44 2000 +++ kdemultimedia/kscd/libwm/cdinfo.c Fri Dec 13 11:25:58 2002 @@ -544,11 +544,13 @@ { if (strcmp(cd->artist, artist)) info_modified = 1; - strcpy(cd->artist, artist); + strncpy(cd->artist, artist,sizeof(cd->artist)-1); + cd->artist[sizeof(cd->artist)-1]='\0'; if (strcmp(cd->cdname, cdname)) info_modified = 1; - strcpy(cd->cdname, cdname); + strncpy(cd->cdname, cdname,sizeof(cd->cdname)-1); + cd->cdname[sizeof(cd->cdname)-1]='\0'; if (!!cd->autoplay != !!autoplay) info_modified = 1; Index: kdemultimedia/kscd/libwm/database.c diff -u kdemultimedia/kscd/libwm/database.c:1.2 kdemultimedia/kscd/libwm/database.c:1.2.6.1 --- kdemultimedia/kscd/libwm/database.c:1.2 Tue May 30 17:18:44 2000 +++ kdemultimedia/kscd/libwm/database.c Fri Dec 6 17:52:10 2002 @@ -503,7 +503,7 @@ if (b != '\n') { keyword[0] = b; - fscanf(fp, "%s", &keyword[1]); + fscanf(fp, "%62s", &keyword[1]); } if (keyword[0] == '\0') /* Blank line. */ { @@ -923,7 +923,7 @@ else if (! strcmp(keyword, "playlist")) { getc(fp); - fscanf(fp, "%s", listname); + fscanf(fp, "%63s", listname); /* XXX take this out at some point */ if (! strcmp(listname, "Default"))