From: Jihoon Kim <jihoon48.kim@samsung.com>
Date: Thu, 18 Aug 2016 01:40:24 +0000 (+0900)
Subject: edje_entry: Make a result of retrieve_surrounding_cb secure
X-Git-Tag: upstream/1.20.0~4717
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0e35f8454eb993da74bd4fb5d0c089e068b87cbf;p=platform%2Fupstream%2Fefl.git

edje_entry: Make a result of retrieve_surrounding_cb secure

Summary:
Regardless of the password mode of Entry,
_edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text
to any callers who register that callback.

This commit replace plain text with '*'
because current behavior could be a security hole in some case.

Reviewers: woohyun, id213sin, jihoon

Reviewed By: jihoon

Subscribers: cedric, jsuya, z-wony, jpeg

Differential Revision: https://phab.enlightenment.org/D4238
---

diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index fca05a0..dae0192 100644
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -4411,6 +4411,13 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_
 
              if (plain_text)
                {
+                  if (ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA)
+                    {
+                       char *itr = NULL;
+                       for (itr = plain_text; itr && *itr; ++itr)
+                         *itr = '*';
+                    }
+
                   *text = strdup(plain_text);
 
                   free(plain_text);