From b96c0ab1bd63ed42f4f95fa1b180a010666145c9 Mon Sep 17 00:00:00 2001
From: Wonki Kim <wonki_.kim@samsung.com>
Date: Wed, 17 Aug 2016 19:32:28 +0900
Subject: [PATCH] edje_entry: Make a result of surrounding_text_cb secure

Regardless of the password mode of Entry,
_edje_entry_imf_retrieve_surrounding_cb alwalys passes plain_text
to any callers who register that callback.

This commit replace plain text with '*'
because current behavior could be a security hole in some case.

https://phab.enlightenment.org/D4238

Change-Id: If27d32a950c0036907ca0e811cb24a1212a77c7f
Signed-off-by: Wonki Kim <wonki_.kim@samsung.com>
---
 src/lib/edje/edje_entry.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index 0dfcd5b..e890fe7 100644
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -4394,6 +4394,12 @@ _edje_entry_imf_retrieve_surrounding_cb(void *data, Ecore_IMF_Context *ctx EINA_
 
              if (plain_text)
                {
+                  if(ecore_imf_context_input_hint_get(ctx) & ECORE_IMF_INPUT_HINT_SENSITIVE_DATA)
+                    {
+                       char *itr = NULL;
+                       for (itr = plain_text; itr && *itr; itr++)
+                          *itr = '*';
+                    }
                   if (en->have_selection)
                     {
                        buf = eina_strbuf_new();
-- 
2.7.4