edje_entry: Make a result of surrounding_text_cb secure

Regardless of the password mode of Entry,
_edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text
to any callers who register that callback.

This commit replace plain text with '*'
because current behavior could be a security hole in some case.

https://phab.enlightenment.org/D4238

Change-Id: If27d32a950c0036907ca0e811cb24a1212a77c7f
Signed-off-by: Wonki Kim <wonki_.kim@samsung.com>

diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index 0dfcd5b..e890fe7 100644 (file)
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -4394,6 +4394,12 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_
 
              if (plain_text)
                {
+                  if(ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA)
+                    {
+                       char *itr = NULL;
+                       for (itr = plain_text; itr && *itr; itr++)
+                          *itr = '*';
+                    }
                   if (en->have_selection)
                     {
                        buf = eina_strbuf_new();