'branches/stable/extragear/multimedia/amarok/src/magnatunebrowser'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    branches/stable/extragear/multimedia/amarok/src/magnatunebrowser
From:       Jeff Mitchell <kde-dev () emailgoeshere ! com>
Date:       2008-08-13 19:36:29
Message-ID: 1218656189.617140.31960.nullmailer () svn ! kde ! org
[Download RAW message or body]

SVN commit 846626 by mitchell:

This should fix the security vulnerability reported here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765#5

and assigned Secunia ID SA31418.

Big ups to Dwayne Litzenberger for his responsible disclosure (not) and the Debian \
packagers for notifying us of this vulnerability so we  could have a patch prepared \
(not).


 M  +9 -6      magnatunebrowser.cpp  
 M  +2 -0      magnatunebrowser.h  


--- branches/stable/extragear/multimedia/amarok/src/magnatunebrowser/magnatunebrowser.cpp \
#846625:846626 @@ -27,6 +27,7 @@
 #include <kstandarddirs.h> //locate()
 #include <kurl.h>
 #include <kiconloader.h>   //multiTabBar icons
+#include <ktempfile.h>
 
 #include <qsplitter.h>
 #include <qdragobject.h>
@@ -373,12 +374,10 @@
     KIO::StoredTransferJob* const storedJob = static_cast<KIO::StoredTransferJob*>( \
downLoadJob );  QString list = QString( storedJob->data() );
 
+    KTempFile tfile;
+    m_tempFileName = tfile.name();
+    QFile file( m_tempFileName );
 
-    QFile file( "/tmp/album_info.xml" );
-
-    if ( file.exists() )
-        file.remove();
-
     if ( file.open( IO_WriteOnly ) )
     {
         QTextStream stream( &file );
@@ -387,7 +386,7 @@
     }
 
 
-    MagnatuneXmlParser * parser = new MagnatuneXmlParser( "/tmp/album_info.xml" );
+    MagnatuneXmlParser * parser = new MagnatuneXmlParser( m_tempFileName );
     connect( parser, SIGNAL( doneParsing() ), SLOT( doneParsing() ) );
 
     ThreadManager::instance() ->queueJob( parser );
@@ -446,9 +445,13 @@
 
 void MagnatuneBrowser::doneParsing()
 {
+    DEBUG_BLOCK
     updateList();
     updateGenreBox( );
     updateList(); // stupid stupid hack....
+    if( !QFile::remove( m_tempFileName ) )
+        debug() << "Couldn't remove temp file at " << m_tempFileName << endl;
+    m_tempFileName = QString();
 }
 
 void MagnatuneBrowser::updateGenreBox()
--- branches/stable/extragear/multimedia/amarok/src/magnatunebrowser/magnatunebrowser.h \
#846625:846626 @@ -244,6 +244,8 @@
     bool         m_purchaseInProgress;
     bool         m_polished;
 
+    QString      m_tempFileName;
+
     KIO::TransferJob * m_listDownloadJob;
 };
 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic