'Re: KSaveFile'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KSaveFile
From:       Julian Rockey <linux () jrockey ! com>
Date:       2004-02-23 21:37:19
Message-ID: 200402232137.22581.linux () jrockey ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


On Monday 23 Feb 2004 13:48, Stephan Kulow wrote:

> Your patch is broken. Now KSaveFile won't create new files anymore as your
> symlink clobbering prevention prevents all files. And I'm not sure if
> QDir::canonialPath is the right way - this is a rather expensive call for
> what you want to achieve. I reverted for now
Ouch. Apologies.
How about a loop using QFileInfo? It doesn't break creation of new files and 
only does one lstat (in QFileInfo::doStat) if it's not a symlink.
cheers
Julian

>
> Greetings, Stephan



["ksavefile-3.patch" (text/x-diff)]

Index: ksavefile.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdecore/ksavefile.cpp,v
retrieving revision 1.14
diff -u -3 -p -r1.14 ksavefile.cpp
--- ksavefile.cpp	23 Feb 2004 16:18:26 -0000	1.14
+++ ksavefile.cpp	23 Feb 2004 20:51:48 -0000
@@ -41,24 +41,34 @@
 KSaveFile::KSaveFile(const QString &filename, int mode)
  : mTempFile(true)
 {
+
+   // follow symbolic link, if any
+   QString real_filename = filename;
+
+   QFileInfo file_info(real_filename);
+   int c=0;
+   while(file_info.isSymLink() && ++c<6) {
+      file_info.setFile( real_filename = file_info.readLink() );
+   }
+
    // we only check here if the directory can be written to
    // the actual filename isn't written to, but replaced later
    // with the contents of our tempfile
-   if (!checkAccess(filename, W_OK))
+   if (!checkAccess(real_filename, W_OK))
    {
       mTempFile.setError(EACCES);
       return;
    }
 
-   if (mTempFile.create(filename, QString::fromLatin1(".new"), mode))
+   if (mTempFile.create(real_filename, QString::fromLatin1(".new"), mode))
    {
-      mFileName = filename; // Set filename upon success
+      mFileName = real_filename; // Set filename upon success
 
       // if we're overwriting an existing file, ensure temp file's
       // permissions are the same as existing file so the existing
       // file's permissions are preserved
       struct stat stat_buf;
-      if ((stat(QFile::encodeName(filename), &stat_buf)==0) 
+      if ((stat(QFile::encodeName(real_filename), &stat_buf)==0)
           && (stat_buf.st_uid == getuid())
           && (stat_buf.st_gid == getgid()))
       {

[Attachment #6 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic