* Some Thai UTF-8 notification messages went over the buffer size limit we used for vsnprintf()
* Also, revert part of 645184f11e and use LRE+PDF marks instead:
Don't handle in the code what is better handled in the loc file.
* We now auto resize the height of the Notification dialog according to the
number of lines of the message.
* Also harmonize local RECT variable names according to what we do elsewhere.
With thanks to Itiel
* Fix a potential buffer overflow in lmprintf for RTL languages
* Automatically apply RLE/PDF to all RTL messages, and remove the RLE/PDFs from the .loc
* Fix Windows messing up of multiline RTL tooltips (The trick is, if you want actually
want RTL, you need to *disable* RTL... Sure, Microsoft, that makes a lot of sense?!?)
* Also properly scale the length of the multiline tooltips according to the zoom factor
* Closes#1132
* Whole screen was being refreshed when calling InvalidateRect() in ResizeMoveCtrl()
* Progress bar bounding rectangle could be erased at 0.0%
* No progress was displayed when writing ISOHybrid images in DD mode
* Also fix an issue when write error would not display the error string
* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
it is described per its revision 11, which is the latest revision at the time of this commit,
by disabling Windows prompts, enacted during signature validation, that allow the user to
bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
them that the update failed the signature validation whilst also advising against running it,
is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
vulnerability was reported and the moment it is fixed in our codebase has to do with
the fact that the reporter chose to deviate from standard security practices by not
disclosing the details of the vulnerability with us, be it publicly or privately,
before creating the cert.org report. The only advance notification we received was a
generic note about the use of HTTP vs HTTPS, which, as have established, is not
immediately relevant to addressing the reported vulnerability.
* Closes#1009
* Note: The other vulnerability scenario described towards the end of #1009, which
doesn't have to do with the "lack of CA checking", will be addressed separately.
* Rufus now checks for processes with handles opened on the drives/volumes before
starting the format operation and asks the user if they want to continue.
* This mimics Windows' behaviour when formatting drives, and actually uses the
same message as the one from shell32.dll.mui.
* Closes#773
* Tooltips can only be manipulated from the same thread as the one that created their parent
* Also increase the SetLGP() timeout as this seems to be problematic
* Closes#764
* When compiled with MinGW, this was always disabled due to forcing XP as
the lowest common denominator and using #ifdefs
* This should also help with OFN_NOCHANGEDIR seemingly being ignored
* Sadly, this change also adds ~20KB to our *compressed* size... :(