Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.
Also check that the full path actually fits in the buffer.
Reported-by: Samanta Navarro <ferivoz@riseup.net>
This patch adds an explicit wrefresh call. Under some conditions
just flagging the window for redraw does not trigger a redraw and
the user has no other means to force redrawing of a window.
Without this patch resizing the window would sometimes result in
an empty chat window with no way to redraw it.
Tested under uxterm and st on OpenBSD.
This saves 4K in the edit buffers, not to mention all the heap
allocations for the separate mbs buffers!
There might be a way to be more clever about capacities, but I don't
think it's worth it.
Losing tab complete and text macros, for now.
This new implementation works on an instance of a struct and does
not interact with the rest of catgirl, making it possible to copy
into another project. Unlike existing line editing libraries, this
one is entirely abstract and can be rendered externally.
My goal with this library is to be able to implement vi mode. Since
it operates on struct instances rather than globals, it might also
be possible to give catgirl separate line editing buffers for each
window, which would be a nice UX improvement.
Do some extra work by adding the portion before the cursor to the
input window twice, but simplify the interaction with the split
point. This fixes the awkward behaviour when moving the cursor
across colour codes where the code would be partially interpreted
up to the cursor.
Woops! BASE64_SIZE is the size of the string buffer. Somehow ergo
is the only server software (that I know of) to reject the accidental
null byte.
Reported by smlavine.
June McEnroe
Christian Kellermann