github
/
notepad-plus-plus
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,544 Commits
1 Branch
239 Tags
306 MiB
Commit Graph

3544 Commits (a74877f262df410f8e71be6479f349b49b88b5d9)

Author SHA1 Message Date
György Bata c3f96d6b9c Hungarian translation update for 7.6.3 
Close #5287
 2019-02-28 20:19:03 +01:00
Rajendra Singh 2a4a70ed21 Pass the arguments by reference instead of by copy to improve the performance 
Close #5341
 2019-02-28 13:38:03 +01:00
Don HO 3baef49079 Add SHA256 checking of the authentity of used modules 
In order to remove the code signing certificate dependency, SHA256 checking of the authentity of used modules (Scilexer.dll, GUP.exe and nppPluginList.dll) is added.
See the followling link for the detail information:
https://notepad-plus-plus.org/community/topic/17184/remove-code-signing-from-notepad
 2019-02-27 10:14:36 +01:00
Don HO 1f5ba1803f Fix compiling error 2019-02-24 18:21:28 +01:00
Don HO da2d14436c [EU-FOSSA] Enhance the macroable detection to avoid crash 2019-02-24 11:34:27 +01:00
Don HO d7c942ee2f Fix auto-update detection issue due to wrong version number used 2019-02-23 13:06:44 +01:00
Don HO 5085d9c95a [EU-FOSSA] Check string length to copy to avoid crash in purgeMenuItemString function 2019-02-22 19:58:20 +01:00
Don HO eec82cc2a6 [EU-FOSSA] Replace "lstrcpy" by "wcscpy_s" in "BabyGrid.cpp" to avoid the eventual crash 2019-02-22 13:37:11 +01:00
Don HO bd7816755c [EU-FOSSA] Replace lstrcat by wcscat_s to avoid crash 2019-02-22 12:57:58 +01:00
Don HO 70cd3e5ea6 [EU-FOSSA] Check if the command is macroable before playing the recorded macro 
Such situation can happen via the manual modification of shortcut.xml by hackers.
 2019-02-21 20:11:42 +01:00
Don HO 4472620f30 Remove "Get More Plugins" menu item 2019-02-20 09:46:17 +01:00
Don HO b90be4a05b [EURO-FOSSA] Fix a vunerability from "Search on Internet" command 
Restrict the usage of customized search engine on only "http://" or "https://" url schema to avoid whatever application can be launched via "Search on Internet" command.
 2019-02-20 00:34:28 +01:00
Don HO 5bcf55c59e Add stackoverflow as search engine 2019-02-19 13:05:02 +01:00
Don HO 188565fd4a Fix x64 compiling error 2019-02-18 23:23:55 +01:00
Don HO 0adc06322f [EU-FOSSA] Fix buffer overrun in Print dialog 2019-02-18 23:13:28 +01:00
Don HO 194475ce64 [EU-FOSSA] Fix a crash bug on Macro execution with arbitrary parameters 2019-02-18 01:27:26 +01:00
Don HO 011aa960fb Fix a regression on c4ff9f76a3 
Fix a regression on c4ff9f76a3
 2019-02-17 20:13:04 +01:00
Rajendra Singh 3546268c23 Add the capacity to rename non-existing document's tab 
Close #5311
 2019-02-17 18:17:24 +01:00
Don HO c4ff9f76a3 Make "new #" document drag-and-drop operation among instances right. 
New correct behaviour: Dragging out a "new #" document from instance 1 and dropping it into instance 2 makes disappear "new #" document from instance 1, and nothing happens in instance 2.
 2019-02-16 23:47:03 +01:00
Rajendra Singh 17c40213ca Tab context menu bug fixes 
Disable "Open containing Folder in Explorer" and "Open Containing Folder in CMD" commands for document non-exist on hard disk.

Close #5312
 2019-02-16 09:55:12 +01:00
Don HO fbffdd8825 Load nppPluginList.dll as resource instead of binary for the sake of security 
Checck the discussion here:
https://github.com/notepad-plus-plus/nppPluginList/issues/31

More information:
https://blogs.msdn.microsoft.com/oldnewthing/20141120-00/?p=43573
 2019-02-15 00:01:12 +01:00
Rajendra Singh 7aa953c55a Fix a crash (a regression) due to replacement of lstrcpy by wcscpy_s 
Close #5314
 2019-02-14 00:03:37 +01:00
Don HO 501980782f [EU-FOSSA] Check Updater's certificate before launching it 2019-02-13 19:39:39 +01:00
Don HO 1ab1624800 Fix a crash regression due to a bad length count for a replacement of wcscpy_s 2019-02-13 02:22:15 +01:00
Don HO 7fe3cda1d0 [EU-FOSSA] Use wcscpy_s instead of lstrcpy to prevent from buffer overflow 2019-02-11 02:07:04 +01:00
Don HO b381ea5353 Make name more explicite: "Remove Duplicate Lines" to "Remove Consecutive Duplicate Lines" 2019-02-10 13:43:41 +01:00
Don HO ea1fd44ff0 [EURO-FOSSA] Fix stack buffer overflow on strcpy 2019-02-10 04:11:26 +01:00
Don HO 494b4bc0db Fix crash on exit after creating or importing a UDL 
And fix deletion userDefineLang.xml file bug on exit.
 2019-02-09 22:52:13 +01:00
Don HO 58037e07b1 [EU-FOSSA] Fix stack buffer overflow on wsprintf in WordStyle dialog 
Also remove dynamic allocation for CB_GETLBTEXT and use local array instead by controlling buffer size.
 2019-02-09 03:28:52 +01:00
Don HO 0438447194 [EU-FOSSA] Fix stack buffer overflow on LB_GETTEXT 2019-02-08 22:13:12 +01:00
Don HO cdd13ecadc [EU-FOSSA] Fix stack buffer overflow on CB_GETLBTEXT 2019-02-08 12:38:34 +01:00
Don HO dfb9b5e330 Enhance User Defined Language System for supporting more than one UDL file. 
Several UDL xml files can be loaded to allow to manage/share UDL more easily.

1. The old file userDefineLang.xml is kept in its old location and is still used.
2. The new folder userDefineLangs is added beside of the old UDL default file. Any UDL xml file can go into the folder userDefineLangs and will be loaded as UDL.
3. A UDL xml file must contain one (or several) user defined language(s).
4. The created UDL via UDL dialog and imported UDL are saved in  userDefineLang.xml (default UDL file).

https://notepad-plus-plus.org/community/topic/17072/new-enhancement-for-user-defined-language-system
 2019-02-07 23:40:17 +01:00
Don HO 51f10bdba5 Add "Remove Duplicate Lines" feature 
Remove duplicate consecutive lines from whole document.
 2019-02-01 01:00:36 +01:00
Don HO e691370e4f [EU-FOSSA] Fix stack overflow in extractSymbol function 2019-01-31 20:17:59 +01:00
Don HO c906af27b2 [EU-FOSSA] Fix stack overflow in exts2Filters function 2019-01-30 23:33:16 +01:00
Don HO 5eaf67b647 [EU-FOSSA] Fix stack overflow issue on User Define Language dialog 2019-01-30 01:52:18 +01:00
Don HO c314ed1d8a [EU-FOSSA] DLL hijacking of plugins\Config\Config.dll loaded by Notepad++ 2019-01-28 19:54:50 +01:00
Don HO 1a356c2019 Notepas++ 7.6.3 release 2019-01-27 23:13:30 +01:00
Don HO e5108cc0ea Add Markdown language. 
via User Defined Language.
Markdown++: https://github.com/Edditoria/markdown-plus-plus

Included only for Installer.
 2019-01-27 02:53:02 +01:00
Don HO 9fecbae030 Move plugins home from %ProgramData% to %ProgramFiles% for the sake of security 
Whole specs here:
https://notepad-plus-plus.org/community/topic/16996/new-plugins-home-round-2
 2019-01-25 02:10:11 +01:00
Don HO c1bf412f57 [EU-FOSSA] Avoid to execute eventual hijacked binaries from Notepad++ 
If the same name binaries are placed in user's PC and the fake binaries path are set before the system ones:
https://superuser.com/questions/897644/how-does-windows-decide-which-executable-to-run/897645
then the fake ones are executed.
Remove these entries for avoiding to execute eventual hijacked binaries from Notepad++.
 2019-01-22 00:04:06 +01:00
Don HO abf78e84b2 [EU-FOSSA] Fix loading unexpected dll as plugin issue 
Unexpect behaviour: if "<NppDir>\...dll" and/or "<NppDir>\plugins\..dll" exist, they will be loaded because Notepad++ try to load "<NppDir>\pluginName\pluginName.dll" as plugin, in our case "<NppDir>\plugins\..\...dll" and "<NppDir>\plugins\.\..dll" respectively.

The fix is excluding both directories ".." & "." to not load mentionned above unwanted dll.
 2019-01-19 03:30:54 +01:00
Don HO e813f0383b Fix x64 build error 2019-01-19 03:27:08 +01:00
Don HO 4421161848 [EU-FOSSA] Fix stack overflow issue while affecting "ext" field on stylers.xml 2019-01-18 23:09:00 +01:00
Don HO ccdf7d8d8b [EU-FOSSA] Fix stack overflow in XML Parsing 2019-01-18 03:50:20 +01:00
Don HO b9ce848881 [EU-FOSSA] Fix EXE Hijacking of gup.exe launched by Notepad++ 
Notepad++ launches updater (gup.exe) without checking the signature, that makes exe hacking possible.
The fix is to check updater binary's signature before launching it.
 2019-01-18 00:40:01 +01:00
Don HO ac2ac8cb4b Fix x64 build error 2019-01-18 00:34:40 +01:00
Don HO 5b1f530204 [EU-FOSSA] Fix crash issue due to heap overflow in clipboardHistoryPanel.cpp 
When the amount of clipboard data is too important, it makes crash of function WideCharToMultiByte (win32 API).
The remedy is to capture this error to prevent Notepad++ from crash.
 2019-01-17 13:56:41 +01:00
Rajendra Singh 694415f8af Make exception error more clear 
Close #5212
 2019-01-15 09:56:41 +01:00
Don HO 0f936707a2 [EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder" 
Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.

Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd

Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
 2019-01-14 20:20:19 +01:00