harden link checker before accepting click

[claws.git] / src / textview.c

diff --git a/src/textview.c b/src/textview.c
index c63c5d9c19b5b6a0bd524fcbeec79714dc749dfd..74ba34dfa604620bf34cadb25351b76ef91d2d11 100644 (file)
--- a/src/textview.c
+++ b/src/textview.c
@@ -2847,7 +2847,7 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri)
        gboolean retval = TRUE;
 
        if (is_uri_string(uri->uri) == FALSE)
-               return TRUE;
+               return FALSE;
 
        visible_str = textview_get_visible_uri(textview, uri);
        if (visible_str == NULL)
@@ -2884,6 +2884,8 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri)
                if (aval == G_ALERTALTERNATE)
                        retval = TRUE;
        }
+       if (strlen(uri->uri) > get_uri_len(uri->uri))
+               retval = FALSE;
 
        g_free(visible_str);