mirror of
https://github.com/raysan5/raylib.git
synced 2026-07-10 15:51:56 -04:00
Compare commits
7 Commits
d631a5a466
...
caadb48e25
| Author | SHA1 | Date | |
|---|---|---|---|
| caadb48e25 | |||
| 3e9fb4757f | |||
| d159739a8b | |||
| f20f61d754 | |||
| 81b740403a | |||
| 3cb8a3d782 | |||
| f8e42cb509 |
@ -52,7 +52,7 @@ Some people ported raylib to other languages in the form of bindings or wrappers
|
|||||||
| [KaylibKit](https://codeberg.org/Kenta/KaylibKit) | 4.5 | [Kotlin/native](https://kotlinlang.org) | Zlib |
|
| [KaylibKit](https://codeberg.org/Kenta/KaylibKit) | 4.5 | [Kotlin/native](https://kotlinlang.org) | Zlib |
|
||||||
| [raylib-lua](https://github.com/TSnake41/raylib-lua) | 5.5 | [Lua](http://www.lua.org) | ISC |
|
| [raylib-lua](https://github.com/TSnake41/raylib-lua) | 5.5 | [Lua](http://www.lua.org) | ISC |
|
||||||
| [raylib-lua-bindings (WIP)](https://github.com/legendaryredfox/raylib-lua-bindings) | 5.5 | [Lua](http://www.lua.org) | ISC |
|
| [raylib-lua-bindings (WIP)](https://github.com/legendaryredfox/raylib-lua-bindings) | 5.5 | [Lua](http://www.lua.org) | ISC |
|
||||||
| [ReiLua](https://github.com/nullstare/ReiLua) | 5.5 | [Lua](http://www.lua.org) | MIT |
|
| [ReiLua](https://github.com/nullstare/ReiLua) | 6.0 | [Lua](http://www.lua.org) | MIT |
|
||||||
| [raylib-lua-sol](https://github.com/RobLoach/raylib-lua-sol) | 5.5 | [Lua](http://www.lua.org) | Zlib |
|
| [raylib-lua-sol](https://github.com/RobLoach/raylib-lua-sol) | 5.5 | [Lua](http://www.lua.org) | Zlib |
|
||||||
| [raylib-luajit](https://github.com/homma/raylib-luajit) | 5.5 | [Lua](http://www.lua.org) | MIT |
|
| [raylib-luajit](https://github.com/homma/raylib-luajit) | 5.5 | [Lua](http://www.lua.org) | MIT |
|
||||||
| [raylib-luajit-generated](https://github.com/james2doyle/raylib-luajit-generated) | 5.5 | [Lua](http://www.lua.org) | MIT |
|
| [raylib-luajit-generated](https://github.com/james2doyle/raylib-luajit-generated) | 5.5 | [Lua](http://www.lua.org) | MIT |
|
||||||
|
|||||||
@ -11,8 +11,4 @@ Most considerations of errors and defects can be handled using the project Issue
|
|||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
Discovered vulnerability can be directly reported using the project Issues and/or Discussions.
|
Discovered vulnerability can be directly reported using the project Issues and/or Discussions. They will be reviewed as soon as possible.
|
||||||
|
|
||||||
_TODO: Tell them where to go, how often they can expect to get an update on a
|
|
||||||
reported vulnerability, what to expect if the vulnerability is accepted or
|
|
||||||
declined, etc._
|
|
||||||
|
|||||||
@ -663,13 +663,22 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if the provided URL is safe
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Avoid calling this function with user input non-validated strings
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
|
{
|
||||||
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
JNIEnv *env = NULL;
|
JNIEnv *env = NULL;
|
||||||
|
|||||||
@ -1181,17 +1181,25 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if you control the URL given
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Only call this function yourself not with user input or make sure to check the string yourself
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
// REF: https://github.com/raysan5/raylib/issues/686
|
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
else
|
|
||||||
{
|
{
|
||||||
char *cmd = (char *)RL_CALLOC(strlen(url) + 32, sizeof(char));
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
char *cmd = (char *)RL_CALLOC(strlen(url) + 16, sizeof(char));
|
||||||
#if defined(_WIN32)
|
#if defined(_WIN32)
|
||||||
sprintf(cmd, "explorer \"%s\"", url);
|
sprintf(cmd, "explorer \"%s\"", url);
|
||||||
#endif
|
#endif
|
||||||
@ -1201,7 +1209,9 @@ void OpenURL(const char *url)
|
|||||||
#if defined(__APPLE__)
|
#if defined(__APPLE__)
|
||||||
sprintf(cmd, "open '%s'", url);
|
sprintf(cmd, "open '%s'", url);
|
||||||
#endif
|
#endif
|
||||||
|
// TODO: Replace system() call by custom process
|
||||||
int result = system(cmd);
|
int result = system(cmd);
|
||||||
|
|
||||||
if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created");
|
if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created");
|
||||||
RL_FREE(cmd);
|
RL_FREE(cmd);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1471,15 +1471,25 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if you control the URL given
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code on target platform
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
else
|
|
||||||
{
|
{
|
||||||
char *cmd = (char *)RL_CALLOC(strlen(url) + 32, sizeof(char));
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
char *cmd = (char *)RL_CALLOC(strlen(url) + 16, sizeof(char));
|
||||||
#if defined(_WIN32)
|
#if defined(_WIN32)
|
||||||
sprintf(cmd, "explorer \"%s\"", url);
|
sprintf(cmd, "explorer \"%s\"", url);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -1341,14 +1341,22 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if the provided URL is safe
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Avoid calling this function with user input non-validated strings
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
// REF: https://github.com/raysan5/raylib/issues/686
|
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
|
{
|
||||||
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
else SDL_OpenURL(url);
|
else SDL_OpenURL(url);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1247,19 +1247,28 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if the provided URL is safe
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Avoid calling this function with user input non-validated strings
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
// REF: https://github.com/raysan5/raylib/issues/686
|
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code on target platform
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
else
|
|
||||||
{
|
{
|
||||||
int len = strlen(url) + 32;
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int len = strlen(url) + 16;
|
||||||
char *cmd = (char *)RL_CALLOC(len, sizeof(char));
|
char *cmd = (char *)RL_CALLOC(len, sizeof(char));
|
||||||
snprintf(cmd, len, "explorer \"%s\"", url);
|
snprintf(cmd, len, "explorer \"%s\"", url);
|
||||||
|
|
||||||
int result = system(cmd);
|
int result = system(cmd);
|
||||||
if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created");
|
if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created");
|
||||||
RL_FREE(cmd);
|
RL_FREE(cmd);
|
||||||
|
|||||||
@ -1014,9 +1014,8 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if the provided URL is safe
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Avoid calling this function with user input non-validated strings
|
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
TRACELOG(LOG_WARNING, "OpenURL() not implemented on target platform");
|
TRACELOG(LOG_WARNING, "OpenURL() not implemented on target platform");
|
||||||
@ -1446,7 +1445,9 @@ int InitPlatform(void)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!eglChooseConfig(platform.device, NULL, NULL, 0, &numConfigs))
|
// WARNING: Providing framebufferAttribs is not logically necessary,
|
||||||
|
// but it may prevent segfaults on some nvidia drivers
|
||||||
|
if (!eglChooseConfig(platform.device, framebufferAttribs, NULL, 0, &numConfigs))
|
||||||
{
|
{
|
||||||
TRACELOG(LOG_WARNING, "DISPLAY: Failed to get EGL config count: 0x%x", eglGetError());
|
TRACELOG(LOG_WARNING, "DISPLAY: Failed to get EGL config count: 0x%x", eglGetError());
|
||||||
return -1;
|
return -1;
|
||||||
@ -2732,4 +2733,4 @@ static void SetupFramebuffer(int width, int height)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// EOF
|
// EOF
|
||||||
|
|||||||
@ -352,14 +352,22 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if you control the URL given.
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action.
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Only call this function yourself not with user input or make sure to check the string yourself.
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
// Ref: https://github.com/raysan5/raylib/issues/686
|
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code on target platform
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
|
{
|
||||||
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// TODO: Load url using default browser
|
// TODO: Load url using default browser
|
||||||
|
|||||||
@ -968,13 +968,22 @@ double GetTime(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open URL with default system browser (if available)
|
// Open URL with default system browser (if available)
|
||||||
// NOTE: This function is only safe to use if the provided URL is safe
|
// WARNING: This function is only safe to use if you control the URL given,
|
||||||
// A user could craft a malicious string performing another action
|
// a user could craft a malicious string to perform and undesired action
|
||||||
// Avoid calling this function with user input non-validated strings
|
// NOTE: Some safety checks have been added to mitigate security issues
|
||||||
void OpenURL(const char *url)
|
void OpenURL(const char *url)
|
||||||
{
|
{
|
||||||
// Security check to (partially) avoid malicious code on target platform
|
// Security check to (partially) avoid malicious code
|
||||||
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
|
if ((strchr(url, '\'') != NULL) || (strchr(url, '\"') != NULL))
|
||||||
|
{
|
||||||
|
// Filter characters: ' and "
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'\"] characters");
|
||||||
|
}
|
||||||
|
else if ((strncmp(url, "http://", 7) != 0) && (strncmp(url, "https://", 8) != 0))
|
||||||
|
{
|
||||||
|
// Only allow URL starting with "http://" or "https://" protocols
|
||||||
|
TRACELOG(LOG_WARNING, "SYSTEM: Provided URL must start with 'http://' or 'https://' protocols");
|
||||||
|
}
|
||||||
else emscripten_run_script(TextFormat("window.open('%s', '_blank')", url));
|
else emscripten_run_script(TextFormat("window.open('%s', '_blank')", url));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1844,8 +1844,6 @@ void SetConfigFlags(unsigned int flags)
|
|||||||
FLAG_SET(CORE.Window.flags, flags);
|
FLAG_SET(CORE.Window.flags, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
// void OpenURL(const char *url); // Defined per platform
|
|
||||||
|
|
||||||
//----------------------------------------------------------------------------------
|
//----------------------------------------------------------------------------------
|
||||||
// Module Functions Definition: Logging system
|
// Module Functions Definition: Logging system
|
||||||
//----------------------------------------------------------------------------------
|
//----------------------------------------------------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user