It's also to be decided that in what parts of DC++ needs these chars to be filtered. Possible areas are user list, chat, hub window, queue, transferview for nicks and hub names but also there's search results, file list, finished download windows for shared files and the name (path) of downloaded files themseves. The latter list is about trickery with file names and I think DC++ should handle these the way some web browsers and e-mail clients do (e.g. Mozilla products). It seems to be best to get rid of these chars in the lib level, right after they received so they cannot cause any trouble in the ui level and in saved files.
-- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1425276 Title: The Unicode mirror character and possibly other similar ones can be used for nick spoofing in ADC hubs Status in DC++: Confirmed Bug description: Basically what's described at http://stackoverflow.com/questions/3115204/unicode-mirror-character used by some recent malware to trick with file extensions seems to be working for DC++, too. See the attached screenshot. It produces various other funny effects throughout the DC++ interface where the nick is displayed alone or in conjunction with other text/data. For other possible problematic chars cologic suggests that anything in http://www.fileformat.info/info/unicode/block/general_punctuation/list.htm from U+2000 to U+206F inclusive is pretty suspect. Some look like they have legitimate use, though, (U+2030 to U+205E inclusive, for example). But, minimally, filtering out a few of the codepoints from that block: LEFT-TO-RIGHT OVERRIDE (U+202D), RIGHT-TO-LEFT OVERRIDE (U+202E), LEFT-TO-RIGHT EMBEDDING (U+202A), RIGHT-TO-LEFT EMBEDDING (U+202B), POP DIRECTIONAL FORMATTING (U+202C), etc. Also here's a handy list of possible other suspects: http://kb.mozillazine.org/Network.IDN.blacklist_chars To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1425276/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : [email protected] Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
