--- a/src/gtknotify.c	Fri Nov 19 16:42:07 2004 +0000
+++ b/src/gtknotify.c	Fri Nov 19 20:18:14 2004 +0000
@@ -62,7 +62,7 @@
 email_response_cb(GtkDialog *dialog, gint id, GaimNotifyMailData *data)
 {
 	if (id == 0)
-		gaim_notify_uri(NULL, data->url);
+		gaim_notify_uri(NULL, data->url, TRUE);
 
 	gaim_notify_close(GAIM_NOTIFY_EMAILS, data);
 }
@@ -454,7 +454,7 @@
 #endif /* _WIN32 */
 
 static void *
-gaim_gtk_notify_uri(const char *uri)
+gaim_gtk_notify_uri(const char *uri, gboolean trusted)
 {
 #ifndef _WIN32
 	char *command = NULL;
@@ -599,19 +599,25 @@
 
 #else /* !_WIN32 */
 	/**
-	 * Since this could be potentially dangerous,
-	 * allowing a URI to try to perform some sort of malicious operation,
-	 * we only allow execution when the URI starts with
-	 * "http://", "https://", "ftp://", "mailto:"
+	 * If the URI is not trusted we limit ourselves to the following URI
+	 * types (Execution of an untrusted local file URI could potentially
+	 * be a security risk):
+	 * http, https, ftp, mailto
 	 */
-	if (g_ascii_strncasecmp(uri, "http://", 7) == 0
-			|| g_ascii_strncasecmp(uri, "mailto:", 7) == 0
-			|| g_ascii_strncasecmp(uri, "https://", 8) == 0
-			|| g_ascii_strncasecmp(uri, "ftp://", 6) == 0
-		) {
-		ShellExecute(NULL, NULL, uri, NULL, ".\\", 0);
-	} else {
-		gaim_debug_misc("gtknotify", "Ignoring '%s' URI as it is not recognized as a secure URI.\n", uri);
+	if(!trusted &&
+	   !(g_ascii_strncasecmp(uri, "http://", 7) == 0 ||
+		 g_ascii_strncasecmp(uri, "mailto:", 7) == 0 ||
+		 g_ascii_strncasecmp(uri, "https://", 8) == 0 ||
+		 g_ascii_strncasecmp(uri, "ftp://", 6) == 0)) {
+		gaim_debug_misc("gtknotify",
+						"Ignoring untrusted '%s' URI as it is not recognized as a secure URI.\n",
+						uri);
+	}
+	else {
+		int ret;
+		/* The URI is trusted */
+		if((ret = ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL)) <= 32)
+			gaim_debug_error("gtknotify", "Opening URI: '%s' ShellExecute failure: %d\n", uri, ret);
 	}
 #endif /* !_WIN32 */