diff --git a/thunar/thunar-action-manager.c b/thunar/thunar-action-manager.c
index 3fcf282701484f9645dd837cd081af5ff0ccf2db..5c4b4cd7df0a02b2d278576c10d329013ed4be1a 100644
--- a/thunar/thunar-action-manager.c
+++ b/thunar/thunar-action-manager.c
@@ -1583,7 +1583,7 @@ thunar_action_manager_append_menu_item (ThunarActionManager *action_mgr,
return xfce_gtk_menu_item_new_from_action_entry (action_entry, G_OBJECT (action_mgr), GTK_MENU_SHELL (menu));
case THUNAR_ACTION_MANAGER_ACTION_EDIT_LAUNCHER:
- if (action_mgr->n_files_to_process == 1 && thunar_file_is_desktop_file (action_mgr->files_to_process->data, NULL))
+ if (action_mgr->n_files_to_process == 1 && thunar_file_is_desktop_file (action_mgr->files_to_process->data))
return xfce_gtk_menu_item_new_from_action_entry (action_entry, G_OBJECT (action_mgr), GTK_MENU_SHELL (menu));
else
return NULL;
diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c
index 78aed85a653b70d7697c03a195144bdc5c170918..58c4c59bddf2f9754ba1435f61fb57972025ca79 100644
--- a/thunar/thunar-file.c
+++ b/thunar/thunar-file.c
@@ -998,7 +998,6 @@ thunar_file_info_reload (ThunarFile *file,
GKeyFile *key_file;
gchar *p;
const gchar *display_name;
- gboolean is_secure = FALSE;
gchar *casefold;
gchar *path;
@@ -1035,8 +1034,8 @@ thunar_file_info_reload (ThunarFile *file,
g_free (path);
}
- /* check if this file is a desktop entry */
- if (thunar_file_is_desktop_file (file, &is_secure) && is_secure)
+ /* check if this file is a desktop entry and we have the permission to execute it */
+ if (thunar_file_is_desktop_file (file) && thunar_file_is_executable (file))
{
/* determine the custom icon and display name for .desktop files */
@@ -1628,12 +1627,10 @@ thunar_file_execute (ThunarFile *file,
uri_list = g_slist_prepend (uri_list, g_file_get_uri (li->data));
uri_list = g_slist_reverse (uri_list);
- if (thunar_file_is_desktop_file (file, &is_secure))
+ if (thunar_file_is_desktop_file (file))
{
- if (thunar_g_vfs_metadata_is_supported ())
- is_secure = is_secure && xfce_g_file_is_trusted (file->gfile, NULL, NULL);
+ is_secure = thunar_file_is_executable (file);
- /* parse file first, even if it is insecure */
key_file = thunar_g_file_query_key_file (file->gfile, NULL, &err);
if (key_file == NULL)
{
@@ -1718,7 +1715,7 @@ thunar_file_execute (ThunarFile *file,
g_free (type);
g_key_file_free (key_file);
}
- else
+ else /* Not a desktop file */
{
/* fake the Exec line */
escaped_location = g_shell_quote (location);
@@ -2994,21 +2991,24 @@ thunar_file_is_ancestor (const ThunarFile *file,
gboolean
thunar_file_is_executable (const ThunarFile *file)
{
- ThunarPreferences *preferences;
- gboolean desktop_can_execute;
- gboolean exec_shell_scripts = FALSE;
- const gchar *content_type;
+ ThunarPreferences *preferences;
+ gboolean exec_shell_scripts = FALSE;
+ const gchar *content_type;
+ const gchar * const *data_dirs;
+ guint i;
+ gchar *path;
+ gboolean exec_bit_set = FALSE;
_thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
if (file->info == NULL)
return FALSE;
- if (thunar_file_is_desktop_file (file, &desktop_can_execute))
- return desktop_can_execute;
- else
+ exec_bit_set = g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE);
+
+ if (!thunar_file_is_desktop_file (file))
{
- if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
+ if (!exec_bit_set)
return FALSE;
/* get the content type of the file */
@@ -3033,6 +3033,36 @@ thunar_file_is_executable (const ThunarFile *file)
return TRUE;
}
+
+ /* desktop files in XDG_DATA_DIRS dont need an executable bit to be executed */
+ if (g_file_is_native (thunar_file_get_file (file)))
+ {
+ data_dirs = g_get_system_data_dirs ();
+ if (G_LIKELY (data_dirs != NULL))
+ {
+ path = g_file_get_path (thunar_file_get_file (file));
+ for (i = 0; data_dirs[i] != NULL; i++)
+ {
+ if (g_str_has_prefix (path, data_dirs[i]))
+ {
+ /* has known prefix, can launch without problems */
+ return TRUE;
+ }
+ }
+ g_free (path);
+ }
+ }
+
+ /* Desktop files outside XDG_DATA_DIRS need to have at least the execute bit set */
+ if (!exec_bit_set)
+ return FALSE;
+
+ /* Additional security measure only applicable if gvfs is installed: */
+ /* Desktop files outside XDG_DATA_DIRS, need to be 'trusted'. */
+ if (thunar_g_vfs_metadata_is_supported ())
+ return xfce_g_file_is_trusted (file->gfile, NULL, NULL);
+ else
+ return TRUE;
}
@@ -3210,69 +3240,21 @@ thunar_file_is_in_recent (const ThunarFile *file)
/**
* thunar_file_is_desktop_file:
* @file : a #ThunarFile.
- * @is_secure : if %NULL do a simple check, else it will set this boolean
- * to indicate if the desktop file is safe see bug #5012
- * for more info.
*
- * Returns %TRUE if @file is a .desktop file. The @is_secure return value
- * will tell if the .desktop file is also secure.
+ * Returns %TRUE if @file is a .desktop file.
*
* Return value: %TRUE if @file is a .desktop file.
**/
gboolean
-thunar_file_is_desktop_file (const ThunarFile *file,
- gboolean *is_secure)
+thunar_file_is_desktop_file (const ThunarFile *file)
{
- const gchar * const *data_dirs;
- guint n;
- gchar *path;
-
_thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
- if (file->info == NULL)
- return FALSE;
-
/* only allow regular files with a .desktop extension */
if (!g_str_has_suffix (file->basename, ".desktop")
|| file->kind != G_FILE_TYPE_REGULAR)
return FALSE;
- /* don't check more if not needed */
- if (is_secure == NULL)
- return TRUE;
-
- /* desktop files outside xdg directories need to be executable for security reasons */
- if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
- {
- /* has +x */
- *is_secure = TRUE;
- }
- else
- {
- /* assume the file is not safe */
- *is_secure = FALSE;
-
- /* deskopt files in xdg directories are also fine... */
- if (g_file_is_native (thunar_file_get_file (file)))
- {
- data_dirs = g_get_system_data_dirs ();
- if (G_LIKELY (data_dirs != NULL))
- {
- path = g_file_get_path (thunar_file_get_file (file));
- for (n = 0; data_dirs[n] != NULL; n++)
- {
- if (g_str_has_prefix (path, data_dirs[n]))
- {
- /* has known prefix, can launch without problems */
- *is_secure = TRUE;
- break;
- }
- }
- g_free (path);
- }
- }
- }
-
return TRUE;
}
diff --git a/thunar/thunar-file.h b/thunar/thunar-file.h
index 8b9a3e405874417d6532a66805074a7e92127513..8955e30c547923324dfa9c6fea6544abbe4652f6 100644
--- a/thunar/thunar-file.h
+++ b/thunar/thunar-file.h
@@ -218,8 +218,7 @@ gboolean thunar_file_is_trash (const ThunarFile
gboolean thunar_file_is_trashed (const ThunarFile *file);
gboolean thunar_file_is_recent (const ThunarFile *file);
gboolean thunar_file_is_in_recent (const ThunarFile *file);
-gboolean thunar_file_is_desktop_file (const ThunarFile *file,
- gboolean *is_secure);
+gboolean thunar_file_is_desktop_file (const ThunarFile *file);
const gchar *thunar_file_get_display_name (const ThunarFile *file) G_GNUC_CONST;
gchar *thunar_file_get_deletion_date (const ThunarFile *file,
diff --git a/thunar/thunar-properties-dialog.c b/thunar/thunar-properties-dialog.c
index 27be9821fe821b03e0bd131cc38a72b0467ce60d..0b3469bb0684390e9cf8291e136ca8f8a855614d 100644
--- a/thunar/thunar-properties-dialog.c
+++ b/thunar/thunar-properties-dialog.c
@@ -1243,8 +1243,7 @@ thunar_properties_dialog_update_single (ThunarPropertiesDialog *dialog)
/* check if the icon may be changed (only for writable .desktop files) */
g_object_ref (G_OBJECT (dialog->icon_image));
gtk_container_remove (GTK_CONTAINER (gtk_widget_get_parent (dialog->icon_image)), dialog->icon_image);
- if (thunar_file_is_writable (file)
- && thunar_file_is_desktop_file (file, NULL))
+ if (thunar_file_is_writable (file) && thunar_file_is_desktop_file (file))
{
gtk_container_add (GTK_CONTAINER (dialog->icon_button), dialog->icon_image);
gtk_widget_show (dialog->icon_button);