mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-04-15 18:18:05 -05:00
4ae926fa8a
We now have an option where a remote window title query returns a well-formed response containing the empty string. This should keep stop any server-side application that was expecting a response from hanging, while not permitting the response to be influenced by an attacker. We also retain the ability to stay schtum. The existing checkbox has thus grown into a set of radio buttons. I've changed the default to the "empty string" response, even in the backward- compatibility mode of loading old settings, which is a change in behaviour; any users who want the old behaviour back will have to explicitly select it. I think this is probably the Right Thing. (The only drawback I can think of is that an attacker could still potentially use the relevant fixed strings for mischief, but we already have other, similar reports.) [originally from svn r7043]