mirror of
https://github.com/mRemoteNG/mRemoteNG.git
synced 2026-02-26 03:58:45 +08:00
Compare commits
2 Commits
copilot/fi
...
copilot/fi
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
860a7689c5 | ||
|
|
b65686823c |
@@ -64,7 +64,9 @@ namespace mRemoteNG.App
|
||||
{
|
||||
try
|
||||
{
|
||||
Process.Start(new ProcessStartInfo(fileName: downloadUrl) { UseShellExecute = true });
|
||||
if (!string.IsNullOrEmpty(downloadUrl) &&
|
||||
downloadUrl.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
|
||||
Process.Start(new ProcessStartInfo(fileName: downloadUrl) { UseShellExecute = true });
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
@@ -204,6 +204,11 @@ namespace mRemoteNG.UI.Menu
|
||||
|
||||
private static void OpenUrl(string url)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(url) ||
|
||||
(!url.StartsWith("https://", StringComparison.OrdinalIgnoreCase) &&
|
||||
!url.StartsWith("http://", StringComparison.OrdinalIgnoreCase)))
|
||||
return;
|
||||
|
||||
var startInfo = new ProcessStartInfo
|
||||
{
|
||||
FileName = url,
|
||||
|
||||
@@ -99,6 +99,13 @@ namespace mRemoteNG.UI.Window
|
||||
return;
|
||||
}
|
||||
|
||||
// Only allow http/https URLs to prevent exploitation via custom URI schemes
|
||||
if (!linkUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
|
||||
!linkUri.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var startInfo = new ProcessStartInfo
|
||||
{
|
||||
FileName = linkUri.ToString(),
|
||||
|
||||
Reference in New Issue
Block a user