diff options
Diffstat (limited to 'src/alert.cpp')
| -rw-r--r-- | src/alert.cpp | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/src/alert.cpp b/src/alert.cpp index 48920629e2..4b029840dd 100644 --- a/src/alert.cpp +++ b/src/alert.cpp @@ -2,6 +2,9 @@ // Alert system // +#include <algorithm> +#include <boost/algorithm/string/classification.hpp> +#include <boost/algorithm/string/replace.hpp> #include <boost/foreach.hpp> #include <map> @@ -165,7 +168,7 @@ CAlert CAlert::getAlertByHash(const uint256 &hash) return retval; } -bool CAlert::ProcessAlert() +bool CAlert::ProcessAlert(bool fThread) { if (!CheckSignature()) return false; @@ -229,9 +232,35 @@ bool CAlert::ProcessAlert() // Add to mapAlerts mapAlerts.insert(make_pair(GetHash(), *this)); - // Notify UI if it applies to me + // Notify UI and -alertnotify if it applies to me if(AppliesToMe()) + { uiInterface.NotifyAlertChanged(GetHash(), CT_NEW); + std::string strCmd = GetArg("-alertnotify", ""); + if (!strCmd.empty()) + { + // Alert text should be plain ascii coming from a trusted source, but to + // be safe we first strip anything not in safeChars, then add single quotes around + // the whole string before passing it to the shell: + std::string singleQuote("'"); + // safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything + // even possibly remotely dangerous like & or > + std::string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@"); + std::string safeStatus; + for (std::string::size_type i = 0; i < strStatusBar.size(); i++) + { + if (safeChars.find(strStatusBar[i]) != std::string::npos) + safeStatus.push_back(strStatusBar[i]); + } + safeStatus = singleQuote+safeStatus+singleQuote; + boost::replace_all(strCmd, "%s", safeStatus); + + if (fThread) + boost::thread t(runCommand, strCmd); // thread runs free + else + runCommand(strCmd); + } + } } printf("accepted alert %d, AppliesToMe()=%d\n", nID, AppliesToMe()); |