- if (flags & TNY_HEADER_FLAG_DELETED)
- g_object_set (G_OBJECT (renderer), "pixbuf",
- get_pixbuf_for_flag (TNY_HEADER_FLAG_DELETED), NULL);
- else if (flags & TNY_HEADER_FLAG_SEEN)
- g_object_set (G_OBJECT (renderer), "pixbuf",
- get_pixbuf_for_flag (TNY_HEADER_FLAG_SEEN), NULL);
- else
- g_object_set (G_OBJECT (renderer), "pixbuf",
- get_pixbuf_for_flag (0), NULL); /* ughh, FIXME */
+ /* We have to limit the size of the text. Otherwise Pango
+ could cause freezes trying to render too large texts. This
+ prevents DoS attacks with specially malformed emails */
+ if (g_utf8_validate(text, -1, NULL)) {
+ if (g_utf8_strlen (text, -1) > MODEST_HEADER_VIEW_MAX_TEXT_LENGTH) {
+ /* UTF-8 bytes are 4 bytes length in the worst case */
+ newtext = g_malloc0 (MODEST_HEADER_VIEW_MAX_TEXT_LENGTH * 4);
+ g_utf8_strncpy (newtext, text, MODEST_HEADER_VIEW_MAX_TEXT_LENGTH);
+ text = newtext;
+ }
+ } else {
+ if (strlen (text) > MODEST_HEADER_VIEW_MAX_TEXT_LENGTH) {
+ newtext = g_malloc0 (MODEST_HEADER_VIEW_MAX_TEXT_LENGTH);
+ strncpy (newtext, text, MODEST_HEADER_VIEW_MAX_TEXT_LENGTH);
+ text = newtext;
+ }
+ }
+
+ bold_is_active_color = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (renderer), BOLD_IS_ACTIVE_COLOR));
+ if (bold_is_active_color) {
+ color = g_object_get_data (G_OBJECT (renderer), ACTIVE_COLOR);
+ }
+
+#ifdef MODEST_TOOLKIT_HILDON2
+ weight = PANGO_WEIGHT_NORMAL;
+#else
+ weight = (bold_is_active_color || (flags & TNY_HEADER_FLAG_SEEN)) ? PANGO_WEIGHT_NORMAL: PANGO_WEIGHT_ULTRABOLD;
+#endif
+ strikethrough = (flags & TNY_HEADER_FLAG_DELETED) ? TRUE:FALSE;
+ g_object_freeze_notify (G_OBJECT (renderer));
+ g_object_set (G_OBJECT (renderer),
+ "text", text,
+ "weight", weight,
+ "strikethrough", (flags &TNY_HEADER_FLAG_DELETED) ? TRUE : FALSE,
+ NULL);
+ if (bold_is_active_color && color) {
+ if (flags & TNY_HEADER_FLAG_SEEN) {
+ g_object_set (G_OBJECT (renderer),
+ "foreground-set", FALSE,
+ NULL);
+ } else {
+ g_object_set (G_OBJECT (renderer),
+ "foreground-gdk", color,
+ "foreground-set", TRUE,
+ NULL);
+ }
+ }
+
+ if (newtext)
+ g_free (newtext);
+
+ g_object_thaw_notify (G_OBJECT (renderer));