Note on CreateURLMoniker

F-IN-BOX for Delphi / Builder C++ / VCL
jpierce
Posts: 23
Joined: Thu Jan 11, 2007 4:22 pm

Note on CreateURLMoniker

Postby jpierce » Wed Nov 12, 2008 7:38 pm

While trying to track down that threading issue, I noticed that f-in-box uses CreateURLMoniker. I was just wondering if you were familiar with a couple things MSDN says about it:

http://msdn.microsoft.com/en-us/library/ms775102(VS.85).aspx

Deprecated. Do not use. Creates a URL moniker from a full URL string, or from a base context URL moniker and a partial URL string.
...
Security Alert This function does not correctly interpret percent encoded octets in Microsoft Windows file paths or "file://" scheme Uniform Resource Identifiers (URIs). On systems with Microsoft Internet Explorer 6 and earlier, calling CreateURLMoniker with the output of a previous call might produce a result that is not equivalent. Since CreateURLMoniker can produce results that are not equivalent to the input, its use can result in security problems.

Use CreateURLMonikerEx with the URL_MK_UNIFORM flag to ensure that Windows file paths and "file://" URIs are interpreted correctly with regard to percent encoded octets; and that the result is equivalent to the input. To correctly extract a Windows file path from the result of CreateURLMoniker, use the PathCreateFromUrl function.
...


No real question here, just wanted to bring it up if you didn't notice it. It's a bit obscure so it'd be easy to miss something like this coming up.

Softanics
Site Admin
Posts: 1402
Joined: Sat Sep 18, 2004 3:03 am
Location: Russia, St. Petersburg
Contact:

Re: Note on CreateURLMoniker

Postby Softanics » Wed Nov 12, 2008 7:53 pm

jpierce wrote:No real question here, just wanted to bring it up if you didn't notice it. It's a bit obscure so it'd be easy to miss something like this coming up.


Really interesting, I will read it more.

Thank you!
Best regards, Artem A. Razin,
F-IN-BOX support
Ask your question here: http://www.f-in-box.com/support.html


Return to “Delphi / Builder / VCL Edition”

Who is online

Users browsing this forum: No registered users and 20 guests

cron