1. 09 May, 2018 1 commit
    • Carlos Soriano Sánchez's avatar
      general: Don't allow launching binaries or programs in general · 3a22ed5b
      Carlos Soriano Sánchez authored
      For long we used to support that since the desktop was part of Nautilus.
      Also, back then we didn't have a Software app where you are expected to
      installs apps. Back then it was common for apps to be delivered in
      a tarball, nowadays that's out of question.
      
      Now that the desktop is long gone, launching binaries and desktop files
      from within Nautilus is not as useful. Not only that, but we are moving
      towards a more sandboxed system, and we should use the standard and
      system wide support for launching apps based on users choices.
      
      We also are not able to be secure enough to handle this, as we saw in
      the past we allowed untrusted binaries to be launched, and therefore
      we had a CVE (CVE-2017-14604) for Nautilus. We are not being audited
      (afaik) and we are not in a position that we can let this issues slip.
      
      With that altogether, this prevents launching binaries or programs from
      Nautilus.
      
      Closes: #184
      3a22ed5b
  2. 13 Feb, 2018 1 commit
  3. 20 Jan, 2018 1 commit
    • Ernestas Kulik's avatar
      file: don’t thumbnail internally when scaling up · 7aa66bb5
      Ernestas Kulik authored
      When requesting the thumbnail icon of a file, if the requested size is
      more than 25% larger than what the gnome-desktop thumbnail factory gives
      us, the code tries to thumbnail the file using GdkPixbuf to avoid
      possible quality degradation.
      
      After 860f748a, that code path should
      never be executed (but is, because of a missing change to the logic) and
      is safe to remove.
      7aa66bb5
  4. 16 Jan, 2018 1 commit
  5. 05 Jan, 2018 1 commit
  6. 02 Jan, 2018 3 commits
  7. 17 Aug, 2017 1 commit
  8. 15 Feb, 2017 1 commit
  9. 06 Feb, 2017 1 commit
    • Carlos Soriano Sánchez's avatar
      mime-actions: use file metadata for trusting desktop files · 1630f534
      Carlos Soriano Sánchez authored
      Currently we only trust desktop files that have the executable bit
      set, and don't replace the displayed icon or the displayed name until
      it's trusted, which prevents for running random programs by a malicious
      desktop file.
      
      However, the executable permission is preserved if the desktop file
      comes from a compressed file.
      
      To prevent this, add a metadata::trusted metadata to the file once the
      user acknowledges the file as trusted. This adds metadata to the file,
      which cannot be added unless it has access to the computer.
      
      Also remove the SHEBANG "trusted" content we were putting inside the
      desktop file, since that doesn't add more security since it can come
      with the file itself.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=777991
      1630f534
  10. 29 Aug, 2016 1 commit
  11. 25 Apr, 2016 1 commit
    • Carlos Soriano Sánchez's avatar
      general: merge libnautilus-private to src · 7e24f1b2
      Carlos Soriano Sánchez authored
      And fix make distcheck.
      
      Although libnautilus-private seem self contained, it was actually
      depending on the files on src/ for dnd.
      Not only that, but files in libnautilus-private also were depending on
      dnd files, which you can guess it's wrong.
      
      Before the desktop split, this was working because the files were
      distributed, but now was a problem since we reestructured the code, and
      now nautilus being a library make distcheck stop working.
      
      First solution was try to fix this inter dependency of files, but at
      some point I realized that there was no real point on splitting some of
      those files, because for example, is perfectly fine for dnd to need to
      access the window functions, and it's perfectly fine for the widgets
      in the private library to need to access to all dnd functions.
      
      So seems to me the private library of nautilus is somehow an artificial
      split, which provides more problems than solutions.
      
      We needed libnautilus-private to have a private library that we could
      isolate from extensions, but I don't think it worth given the problems
      it provides, and also, this not so good logical split.
      Right now, since with the desktop split we created a libnautilus to be
      used by the desktop part of nautilus, extensions have access to all
      the API of nautilus. We will think in future how this can be handled if
      we want.
      
      So for now, merge the libnautilus-private into src, and let's rethink
      a better logic to split the code and the private parts of nautilus than
      what we had.
      
      Thanks a lot to Rafael Fonseca for helping in get this done.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=765543
      7e24f1b2
  12. 04 Apr, 2016 1 commit
    • Carlos Soriano Sánchez's avatar
      general: remove vim modelines · 1ffb8ca5
      Carlos Soriano Sánchez authored
      Vim and emacs modelines are used to specify some of the code style in the code.
      However, this is misleading and poorly supported since nautilus had a mix of
      code style for some time.
      Also, the mode lines doesn't specify the whole code style, so we will need to
      use a different tool as well to specify the whole code style.
      For that, we can just use a different tool for everything.
      
      So remove the mode lines, and in a short future we will reestyle the nautilus
      code to have a single code style, and use a tool like editorconfig to specify
      the whole code style.
      1ffb8ca5
  13. 24 Feb, 2016 1 commit
    • Carlos Soriano Sánchez's avatar
      general: add another zoom level · fd21c947
      Carlos Soriano Sánchez authored
      In icon view, add a smaller zoom level to be able for dense views,
      and increase the default padding to allow the labels enough space.
      
      Now levels are 48px, 64px, 96px and 128px for icon view, instead of
      only 64px, 96px and 128px, but with the increased padding the 64px and
      48px are useful.
      
      List view also gains a bigger level, and they become 16px, 32px, 48px,
      64px.
      
      Also, adjust the label max width to be larger, but inside the icon
      itself. This fixes the label not taking advantage of all the width the
      icon provides, and also a few cases where icons were misaligned.
      fd21c947
  14. 18 Dec, 2015 1 commit
    • Carlos Soriano Sánchez's avatar
      directory-async: don't modify priv data on cancelled · ec05b0a2
      Carlos Soriano Sánchez authored
      What we are doing:
      Directory starts io.
      It cancels the cancellables associated to each async operation.
      It starts new operations.
      When the new operation finishes, either because it's cancelled or
      because it successfully finished, it modifies the directory private
      data and sets its associated cancellable as NULL to indicate the
      directory that it's all done, so the directory just checks for the
      cancellables in its private data to know if there is some operation
      going on.
      
      However, what can happens is:
      Directory starts io.
      It cancels the cancellables and sets as null to start a new operation.
      It starts a new operation.
      The old operation finishes cancelled, and sets as null the private
      cancellable of the directory.
      Now the directory thinks there is no operation going on, but actually
      the new operation is still going on.
      The directory starts io and checks if there is something to stop, but
      sees there is no cancellable and keeps going.
      Then the new operation finishes and hits an assert when realizes that
      the directory state is inconsistent.
      
      To fix this, don't set as null the cancellable in the private data of
      the directory when the operation has been cancelled.
      
      It's okay to set as null when the operation finishes succesfully, since
      it's ensured that only one operation can be running withouth being
      cancelled.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=759608
      ec05b0a2
  15. 14 Dec, 2015 1 commit
    • Carlos Soriano Sánchez's avatar
      directory-async: set NULL the count progress on cancel · 764958a1
      Carlos Soriano Sánchez authored
      When a file gets moved, nautilus directory cancel the loading of
      the attributes of that file, in case that file is in the work queue
      of that directory, since it will move to another directory.
      
      For that, we cancel the cancellable associated to the async request
      of the attributes of that file.
      
      However, since this is threaded, if some client of the directory kick of
      I/O with the nautilus_directory_async_state_changed and the cancellable
      didn't reach the callback, the file attributes are still going on, and
      we reach an assert when trying to stop them again, since the file
      requesting for those attributes is no longer the one we want to stop
      loading.
      
      This was causing problems when the race kicks in, for example, the
      move to context menu action.
      
      To fix it, apart of cancel the cancellable associated, set the directory
      private data files as null, to avoid trying to stop the already stopped
      request.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=756253
      764958a1
  16. 14 Nov, 2015 1 commit
  17. 14 Oct, 2015 1 commit
  18. 07 Oct, 2015 1 commit
    • Carlos Soriano Sánchez's avatar
      directory-async: keep directory alive · e2c5c42a
      Carlos Soriano Sánchez authored
      Lately we did some changes on the view/slot/window/app
      interaction with the directory/model ownership. That means
      that now most of the times the directory/model is freed when
      it should.
      In this case, when loading the children of a directory reports
      an error, say the user doesn't have permission to access the
      directory, the view unref the directory in the signal callback,
      and any further interaction with it by the directory itself after
      signaling becomes accessing invalid memory.
      
      To avoid this, the directory should have a ref on itself for any
      signal that can cause the owners of it to unref.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=755207
      e2c5c42a
  19. 24 Jan, 2015 1 commit
    • Carlos Soriano's avatar
      nautilus-icon-info: rework zoom levels · 1968379a
      Carlos Soriano authored
      Following a design request and preparing to the port to popovers of
      nautilus, we want to use only 3 zoom levels for each kind of view, so
      the slider makes sense.
      
      Also, following design guidelines, the new zoom levels sizes for icon
      view are 64, 96, 128, with default to 96 and 16, 32, 48 for list view,
      32 being the default
      1968379a
  20. 01 Sep, 2014 1 commit
  21. 30 Aug, 2014 1 commit
  22. 31 Jan, 2014 1 commit
  23. 22 Jan, 2013 1 commit
  24. 17 Dec, 2012 1 commit
  25. 07 Dec, 2012 2 commits
  26. 17 Aug, 2012 2 commits
  27. 08 Aug, 2012 1 commit
  28. 31 May, 2012 1 commit
  29. 08 Mar, 2012 1 commit
  30. 07 Mar, 2012 1 commit
  31. 01 Jul, 2011 2 commits
  32. 04 Apr, 2011 1 commit
  33. 25 Mar, 2011 1 commit
  34. 25 Jan, 2011 1 commit
    • Cosimo Cecchi's avatar
      all: silence new warnings from GCC 4.6 · d4230de8
      Cosimo Cecchi authored
      GCC 4.6 introduced a new warning about variables declared and
      initialized, but not really used in the function body. Remove all of
      these occurrences to build cleanly.
      d4230de8
  35. 31 Oct, 2010 1 commit