X-Git-Url: http://git.megacz.com/?a=blobdiff_plain;f=src%2Forg%2Fxwt%2FPlatform.java;h=02e75dd4fb8eddf7d26661811edf4feb0d47d566;hb=76a3f525433eff7ade457945efa42aa5c1a50b84;hp=8efe59aa9efe7b9c4d1c088e0bdba12717b4143b;hpb=027607da259f292060d80e0ed90d2b0e896acd86;p=org.ibex.core.git

diff --git a/src/org/xwt/Platform.java b/src/org/xwt/Platform.java
index 8efe59a..02e75dd 100644
--- a/src/org/xwt/Platform.java
+++ b/src/org/xwt/Platform.java
@@ -178,7 +178,7 @@ public class Platform {
     /** Returns null if XWT should always use direct connection; otherwise returns a ProxyInfo object with proxy settings */
     protected synchronized HTTP.ProxyInfo _detectProxy() { return null; }
 
-    /** displays a platform-specific "open file" dialog and returns the chosen filename */
+    /** displays a platform-specific "open file" dialog and returns the chosen filename, or null if the user hit cancel */
     protected String _fileDialog(String suggestedFileName, boolean write) { return null; }
 
     /** returns true iff the platform has a case-sensitive filesystem */
@@ -249,25 +249,13 @@ public class Platform {
     /** returns true iff the platform has a case-sensitive filesystem */
     public static boolean isCaseSensitive() { return platform._isCaseSensitive(); }
 
-    /** displays a platform-specific "open file" dialog and returns the chosen filename */
+    /** displays a platform-specific "open file" dialog and returns the chosen filename, or null if the user hit cancel */
     public static String fileDialog(String suggestedFileName, boolean write) {
-        // put ourselves in the background
-        Thread thread = Thread.currentThread();
-        if (!(thread instanceof ThreadMessage)) {
-            if (Log.on) Log.log(Platform.class, "xwt.openFile may only be called from background threads");
-            return null;
-        }
-        ThreadMessage mythread = (ThreadMessage)thread;
-        mythread.setPriority(Thread.MIN_PRIORITY);
-        mythread.done.release();
-
+        if (!ThreadMessage.suspendThread()) return null;
         try {
             return platform._fileDialog(suggestedFileName, write);
         } finally {
-            // okay, let ourselves be brought to the foreground
-            MessageQueue.add(mythread);
-            mythread.setPriority(Thread.NORM_PRIORITY);
-            mythread.go.block();
+            ThreadMessage.resumeThread();
         }
     }
 
@@ -277,6 +265,17 @@ public class Platform {
             if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
             return;
         }
+
+        // check the URL for well-formedness, as a defense against buffer overflow attacks
+        try {
+            String u = url;
+            if (u.startsWith("https")) u = "http" + u.substring(5);
+            new URL(u);
+        } catch (MalformedURLException e) {
+            if (Log.on) Log.log(Platform.class, "URL " + url + " is not well-formed");
+            if (Log.on) Log.log(Platform.class, e);
+        }
+
         if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
         platform._newBrowserWindow(url);
     }