1. 21 May, 2018 1 commit
    • Carlos Soriano's avatar
      general: Revert to allow running binaries and scripts · ac886102
      Carlos Soriano authored
      Recently we removed the ability to launch binaries and scripts in
      commit 3a22ed5b.
      
      A few cases appeared that we need to support, specially for enterprise
      and content creators. Specifically, cases similar to #434
      
      This also shows that is hard to predict cases like these, as some
      complex setups might be needed for specific workflows.
      
      This commits allow to run binaries and scripts as before, and further
      investigation in these cases need to be done if we ever want to tweak
      the workflow of running binaries.
      
      More discussion about improving binaries/script handling is being
      proposed and discussed in #443
      ac886102
  2. 18 May, 2018 1 commit
    • Ernestas Kulik's avatar
      general: Clean up headers and their inclusions · e686c297
      Ernestas Kulik authored
      This commit removes redundant header inclusions and tries to optimize
      headers by using forward declarations of types in headers. Such
      optimization should generally make builds speedier in that changes in
      certain headers will not cause unrelated sources to be rebuilt.
      e686c297
  3. 13 May, 2018 1 commit
  4. 09 May, 2018 2 commits
    • Carlos Soriano Sánchez's avatar
      general: Don't allow launching binaries or programs in general · 3a22ed5b
      Carlos Soriano Sánchez authored
      For long we used to support that since the desktop was part of Nautilus.
      Also, back then we didn't have a Software app where you are expected to
      installs apps. Back then it was common for apps to be delivered in
      a tarball, nowadays that's out of question.
      
      Now that the desktop is long gone, launching binaries and desktop files
      from within Nautilus is not as useful. Not only that, but we are moving
      towards a more sandboxed system, and we should use the standard and
      system wide support for launching apps based on users choices.
      
      We also are not able to be secure enough to handle this, as we saw in
      the past we allowed untrusted binaries to be launched, and therefore
      we had a CVE (CVE-2017-14604) for Nautilus. We are not being audited
      (afaik) and we are not in a position that we can let this issues slip.
      
      With that altogether, this prevents launching binaries or programs from
      Nautilus.
      
      Closes: #184
      3a22ed5b
    • Carlos Soriano Sánchez's avatar
      83483358
  5. 23 Apr, 2018 3 commits
  6. 31 Mar, 2018 1 commit
  7. 01 Mar, 2018 1 commit
    • Ernestas Kulik's avatar
      general: don’t shadow variables · 6286e0a0
      Ernestas Kulik authored
      Shadowing variables is error-prone, since one might mean to refer to a
      variable that was declared earlier, but has the same name. Additionally,
      being more strict about variable scoping can help make the code more
      readable.
      6286e0a0
  8. 13 Feb, 2018 1 commit
  9. 21 Nov, 2017 2 commits
  10. 11 Aug, 2017 1 commit
  11. 09 Aug, 2017 1 commit
    • Carlos Soriano Sánchez's avatar
      general: Add mime type support for archives · 1bdc4042
      Carlos Soriano Sánchez authored
      Until now archives were managed only if activated from Nautilus itself
      and if a setting was set.
      
      There are two main problems with this.
      1- Archives opened in other apps cannot be handled by Nautilus
      2- Users cannot use the regular mime type handling for setting Nautilus
      as the app handling archives, or unsetting it.
      
      This patch add support for archives mime types handled by gnome-autoar
      and removes the UI and setting used in the previous version.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=771424
      1bdc4042
  12. 13 May, 2017 2 commits
  13. 06 Feb, 2017 1 commit
    • Carlos Soriano Sánchez's avatar
      mime-actions: use file metadata for trusting desktop files · 1630f534
      Carlos Soriano Sánchez authored
      Currently we only trust desktop files that have the executable bit
      set, and don't replace the displayed icon or the displayed name until
      it's trusted, which prevents for running random programs by a malicious
      desktop file.
      
      However, the executable permission is preserved if the desktop file
      comes from a compressed file.
      
      To prevent this, add a metadata::trusted metadata to the file once the
      user acknowledges the file as trusted. This adds metadata to the file,
      which cannot be added unless it has access to the computer.
      
      Also remove the SHEBANG "trusted" content we were putting inside the
      desktop file, since that doesn't add more security since it can come
      with the file itself.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=777991
      1630f534
  14. 30 Nov, 2016 1 commit
  15. 22 Nov, 2016 1 commit
  16. 21 Nov, 2016 2 commits
    • Carlos Soriano Sánchez's avatar
    • Carlos Soriano Sánchez's avatar
      mime-actions: support admin backend · 5db7a295
      Carlos Soriano Sánchez authored
      Until now Nautilus was not able to handle files where the user had
      no permissions. An error was reported.
      The only way for a user to handle those files were to start Nautilus
      with sudo, which is something that shoudl be avoided for security
      reasons.
      
      On Wayland, is not even possible to launch an application with sudo,
      so this is no longer available and therefor no way to handle files
      with no permissions.
      
      On 3.22 gvfs added an admin backend with integration with Polkit,
      so a file withouth permissions can be accessed using this backend
      if the user has the root password.
      
      Add support for the admin backend in Nautilus, where a file will
      be opened using it if cannot be read.
      
      There still work to do, basically implement the operations with
      this backend too and refactor the code to be able to open from
      nautilus application command line also a file withouth permissions.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=773937
      5db7a295
  17. 12 Nov, 2016 1 commit
  18. 02 Sep, 2016 1 commit
    • Alexandru Pandelea's avatar
      mime-actions: Fix shift+control+down seg fault on a folder · 5815ba1c
      Alexandru Pandelea authored
      Using this shortcut on one or more folders causes segmentation fault.
      
      In order to solve this, if there is a directory that needs to be
      activated, the NEW_WINDOW flag is set, so that the initial window will
      be closed and a new one will be created. After a new window is created,
      the CLOSE_BEHIND flag is disabled,so that the window will not be closed.
      The flags NEW_TAB is also set there(unless we want all directories
      opened in new windows), in order for new tabs to open in the newly
      created window.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=755711
      5815ba1c
  19. 29 Aug, 2016 1 commit
  20. 22 Aug, 2016 1 commit
  21. 04 May, 2016 1 commit
  22. 26 Apr, 2016 1 commit
  23. 25 Apr, 2016 1 commit
    • Carlos Soriano Sánchez's avatar
      general: merge libnautilus-private to src · 7e24f1b2
      Carlos Soriano Sánchez authored
      And fix make distcheck.
      
      Although libnautilus-private seem self contained, it was actually
      depending on the files on src/ for dnd.
      Not only that, but files in libnautilus-private also were depending on
      dnd files, which you can guess it's wrong.
      
      Before the desktop split, this was working because the files were
      distributed, but now was a problem since we reestructured the code, and
      now nautilus being a library make distcheck stop working.
      
      First solution was try to fix this inter dependency of files, but at
      some point I realized that there was no real point on splitting some of
      those files, because for example, is perfectly fine for dnd to need to
      access the window functions, and it's perfectly fine for the widgets
      in the private library to need to access to all dnd functions.
      
      So seems to me the private library of nautilus is somehow an artificial
      split, which provides more problems than solutions.
      
      We needed libnautilus-private to have a private library that we could
      isolate from extensions, but I don't think it worth given the problems
      it provides, and also, this not so good logical split.
      Right now, since with the desktop split we created a libnautilus to be
      used by the desktop part of nautilus, extensions have access to all
      the API of nautilus. We will think in future how this can be handled if
      we want.
      
      So for now, merge the libnautilus-private into src, and let's rethink
      a better logic to split the code and the private parts of nautilus than
      what we had.
      
      Thanks a lot to Rafael Fonseca for helping in get this done.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=765543
      7e24f1b2
  24. 14 Apr, 2016 3 commits
  25. 04 Apr, 2016 1 commit
    • Carlos Soriano Sánchez's avatar
      general: remove vim modelines · 1ffb8ca5
      Carlos Soriano Sánchez authored
      Vim and emacs modelines are used to specify some of the code style in the code.
      However, this is misleading and poorly supported since nautilus had a mix of
      code style for some time.
      Also, the mode lines doesn't specify the whole code style, so we will need to
      use a different tool as well to specify the whole code style.
      For that, we can just use a different tool for everything.
      
      So remove the mode lines, and in a short future we will reestyle the nautilus
      code to have a single code style, and use a tool like editorconfig to specify
      the whole code style.
      1ffb8ca5
  26. 29 Mar, 2016 1 commit
    • Razvan Chitu's avatar
      do not switch focus to new tabs · 9028e332
      Razvan Chitu authored
      In Nautilus, when a location is opened in a new tab, the new tab gets
      automatically focused. This behavior is not consistent with other tab-based
      applications, such as browsers - Epiphany, Firefox, Chromium to name a few. It
      is also a regression, since this behavior was not present in 3.14. In order to
      fix this, set a flag so the new tab is not made active.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=764035
      9028e332
  27. 07 Feb, 2016 1 commit
  28. 03 Feb, 2016 1 commit
  29. 11 Dec, 2015 1 commit
  30. 02 Dec, 2015 1 commit
    • Carlos Soriano Sánchez's avatar
      directory: assume recent as local · bfd0b4bf
      Carlos Soriano Sánchez authored
      We were assuming trash and native_path as local, but not recent,
      which is wrong.
      So assume recent as local, with the benefit that we can use it
      for mime type polling and remove some dead code now.
      bfd0b4bf
  31. 16 Nov, 2015 2 commits