[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdenox/konq-embed/dropin
From: Luciano Montanaro <mikelima () cirulla ! net>
Date: 2005-04-08 9:39:02
Message-ID: 20050408093902.45CC4494 () office ! kde ! org
[Download RAW message or body]
CVS commit by montanaro:
Implement authorization stuff.
M +32 -3 kapplication.cpp 1.10
M +4 -4 kapplication.h 1.13
--- kdenox/konq-embed/dropin/kapplication.cpp #1.9:1.10
@@ -3,4 +3,5 @@
Copyright (C) 2003 Luciano Montanaro <mikelima@cirulla.net>
Copyright (C) 2001 Dirk Mueller <mueller@kde.org>
+ Copyright (C) 2005 Fastweb SpA
This library is free software; you can redistribute it and/or
@@ -24,7 +25,10 @@
#include "dcopclient.h"
#include "kstandarddirs.h"
+#include "kio/kprotocolinfo.h"
#include <unistd.h>
#include <qfile.h>
+#include <qdir.h>
+
#include <assert.h>
@@ -98,8 +102,8 @@ bool checkAccess(const QString& pathname
- if (!access( QFile::encodeName(pathname), F_OK)) // if it already exists
+ if (!access(QFile::encodeName(pathname), F_OK)) // if it already exists
return false;
- //strip the filename (everything until '/' from the end
+ // strip the filename (everything until '/' from the end
QString dirName(pathname);
int pos = dirName.findRev('/');
@@ -110,5 +114,5 @@ bool checkAccess(const QString& pathname
accessOK = access( QFile::encodeName(dirName), W_OK );
- // -?- Can I write to the accessed diretory
+ // -?- Can I write to the accessed directory
if ( accessOK == 0 )
return true; // Yes
@@ -143,4 +147,29 @@ uint KApplication::keyboardModifiers()
}
+bool
+KApplication::authorizeURLAction(const QString & action,
+ const KURL & _baseURL,
+ const KURL & _destURL)
+{
+ // Very simple authorization, for now: block access to the file: protocol,
+ // allow anything else.
+ if (_destURL.isEmpty())
+ return true;
+
+ bool result = true;
+
+ KURL baseURL(_baseURL);
+ baseURL.setPath(QDir::cleanDirPath(baseURL.path()));
+ QString baseClass = KProtocolInfo::protocolClass(baseURL.protocol());
+ KURL destURL(_destURL);
+ destURL.setPath(QDir::cleanDirPath(destURL.path()));
+ QString destClass = KProtocolInfo::protocolClass(destURL.protocol());
+
+ if (baseClass != ":local" && destClass == ":local") {
+ return false;
+ }
+
+ return result;
+}
#include "kapplication.moc"
--- kdenox/konq-embed/dropin/kapplication.h #1.12:1.13
@@ -3,4 +3,5 @@
Copyright (C) 2003 Luciano Montanaro <mikelima@cirulla.net>
Copyright (C) 2001 Dirk Mueller <mueller@kde.org>
+ Copyright (C) 2005 Fastweb SpA
This library is free software; you can redistribute it and/or
@@ -73,7 +74,6 @@ public:
// Needed by KHTML 3.1
- bool authorizeURLAction(const QString &, const KURL &, const KURL &) {
- return true;
- }
+ // This needs to be properly implemented, otherwise we open our box to attacks.
+ bool authorizeURLAction(const QString &, const KURL &, const KURL &);
// ### extension
@@ -133,5 +133,5 @@ private:
// ### FIXME: checkAccess copyright by Kalle!
-bool checkAccess( const QString &pathname, int mode);
+bool checkAccess(const QString &pathname, int mode);
#endif
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic