[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE_3_2_BRANCH: kdelibs/kdecore
From: Julian Rockey <linux () jrockey ! com>
Date: 2004-02-25 18:33:40
Message-ID: 20040225183340.E59B2993A () office ! kde ! org
[Download RAW message or body]
CVS commit by jrockey:
Avoid symlink clobbering - ported from HEAD.
M +15 -4 ksavefile.cpp 1.10.4.4
--- kdelibs/kdecore/ksavefile.cpp #1.10.4.3:1.10.4.4
@@ -42,8 +42,19 @@ KSaveFile::KSaveFile(const QString &file
: mTempFile(true)
{
+
+ // follow symbolic link, if any
+ QString real_filename = filename;
+
+ QFileInfo file_info(real_filename);
+ int c=0;
+ while(file_info.isSymLink() && ++c<6) {
+ real_filename = file_info.readLink();
+ file_info.setFile( real_filename );
+ }
+
// we only check here if the directory can be written to
// the actual filename isn't written to, but replaced later
// with the contents of our tempfile
- if (!checkAccess(filename, W_OK))
+ if (!checkAccess(real_filename, W_OK))
{
mTempFile.setError(EACCES);
@@ -51,7 +62,7 @@ KSaveFile::KSaveFile(const QString &file
}
- if (mTempFile.create(filename, QString::fromLatin1(".new"), mode))
+ if (mTempFile.create(real_filename, QString::fromLatin1(".new"), mode))
{
- mFileName = filename; // Set filename upon success
+ mFileName = real_filename; // Set filename upon success
// if we're overwriting an existing file, ensure temp file's
@@ -59,5 +70,5 @@ KSaveFile::KSaveFile(const QString &file
// file's permissions are preserved
struct stat stat_buf;
- if ((stat(QFile::encodeName(filename), &stat_buf)==0)
+ if ((stat(QFile::encodeName(real_filename), &stat_buf)==0)
&& (stat_buf.st_uid == getuid())
&& (stat_buf.st_gid == getgid()))
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic