be careful with relative paths and symlinks in packages and themes; we don't want widgets referencing random files/resources, just stuff in the given package
svn path=/trunk/KDE/kdebase/workspace/libs/plasma/; revision=848476
This commit is contained in:
parent
3a008feb23
commit
35f8bbcc64
33
package.cpp
33
package.cpp
@ -133,7 +133,13 @@ QString Package::filePath(const char* fileType, const QString& filename) const
|
||||
}
|
||||
|
||||
if (QFile::exists(path)) {
|
||||
return path;
|
||||
// ensure that we don't return files outside of our base path
|
||||
// due to symlink or ../ games
|
||||
QDir dir(path);
|
||||
QString canonicalized = dir.canonicalPath();
|
||||
if (canonicalized.startsWith(d->basePath)) {
|
||||
return path;
|
||||
}
|
||||
}
|
||||
|
||||
kDebug() << path << "does not exist";
|
||||
@ -158,11 +164,16 @@ QStringList Package::entryList(const char* fileType) const
|
||||
|
||||
QDir dir(d->basePath + d->structure->contentsPrefix() + path);
|
||||
|
||||
if (!dir.exists()) {
|
||||
return QStringList();
|
||||
if (dir.exists()) {
|
||||
// ensure that we don't return files outside of our base path
|
||||
// due to symlink or ../ games
|
||||
QString canonicalized = dir.canonicalPath();
|
||||
if (canonicalized.startsWith(d->basePath)) {
|
||||
return dir.entryList(QDir::Files | QDir::Readable);
|
||||
}
|
||||
}
|
||||
|
||||
return dir.entryList(QDir::Files | QDir::Readable);
|
||||
return QStringList();
|
||||
}
|
||||
|
||||
const PackageMetadata* Package::metadata() const
|
||||
@ -362,17 +373,17 @@ bool Package::uninstallPackage(const QString& pluginName,
|
||||
|
||||
QString service = KStandardDirs::locateLocal("services", serviceName + ".desktop");
|
||||
kDebug() << "Removing service file " << service;
|
||||
bool ok = QFile::remove( service );
|
||||
bool ok = QFile::remove(service);
|
||||
|
||||
if ( !ok ) {
|
||||
kWarning() << "Unable to remove " << service;
|
||||
return ok;
|
||||
if (!ok) {
|
||||
kWarning() << "Unable to remove " << service;
|
||||
return ok;
|
||||
}
|
||||
|
||||
KIO::DeleteJob *job = KIO::del( KUrl(targetName) );
|
||||
KIO::DeleteJob *job = KIO::del(KUrl(targetName));
|
||||
if (!job->exec()) {
|
||||
kWarning() << "Could not delete package from:" << targetName << " : " << job->errorString();
|
||||
return false;
|
||||
kWarning() << "Could not delete package from:" << targetName << " : " << job->errorString();
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
10
theme.cpp
10
theme.cpp
@ -283,6 +283,11 @@ QString Theme::themeName() const
|
||||
QString Theme::imagePath(const QString& name) const
|
||||
{
|
||||
// look for a compressed svg file in the theme
|
||||
if (name.contains("../")) {
|
||||
// we don't support relative paths
|
||||
return QString();
|
||||
}
|
||||
|
||||
QString path = d->findInTheme(name + ".svgz", d->themeName);
|
||||
|
||||
if (path.isEmpty()) {
|
||||
@ -360,6 +365,11 @@ QString Theme::wallpaperPath(const QSize &size) const
|
||||
|
||||
bool Theme::currentThemeHasImage(const QString& name) const
|
||||
{
|
||||
if (name.contains("../")) {
|
||||
// we don't support relative paths
|
||||
return false;
|
||||
}
|
||||
|
||||
return !(d->findInTheme(name + ".svgz", d->themeName).isEmpty()) ||
|
||||
!(d->findInTheme(name + ".svg", d->themeName).isEmpty());
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user