--nextPart3821314.Ek721EJxTU
Content-Type: multipart/mixed;
  boundary="Boundary-02=_Z1hpJhkK0B1kvL3"
Content-Transfer-Encoding: 7bit


--Boundary-02=_Z1hpJhkK0B1kvL3
Content-Type: multipart/alternative;
  boundary="Boundary-01=_Z1hpJqZ1jNmoNtR"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_Z1hpJqZ1jNmoNtR
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi all,

Based on feedback of the current version of KRun's .desktop files permissio=
ns=20
upgrade dialog, I've been working on reducing the text to the minimum=20
necessary while making it clear what is about to be run.  This is my result=
s=20
right now (the hard part has been getting the QTextEdit to a sane size -- t=
he=20
attached patch has a hack to try and get a decent padding).

The following two screenshots are for a sane Exec=3D line, and a malicious/=
crazy=20
Exec=3D line respectively.  The dialog is limited in maximum size (with the=
=20
exec-line widget limited in minimum size) to hopefully prevent hiding text=
=20
while still being more-or-less not completely ugly.

http://purinchu.net/dumping-ground/krun8.png
http://purinchu.net/dumping-ground/krun9.png

The attached code is from a sample application but would basically go into=
=20
krun to replace the code already there.

Comments?  If it's better I'll go ahead and commit at some point tomorrow=20
(with more revisions if necessary) and I'll move on to some other touchups =
I=20
want to perform:

=46or instance, for "untrusted" .desktop files I'd do:
=2D Don't show custom icons (probably via KService::icon, but not=20
KService::property)
=2D Show the real filename and not the encoded Name=3D

And in addition I think we should avoid doing mime-type detection to "sniff=
"=20
out .desktop files, at least as far as icon views are concerned.

I've left open the possibility of an auto-upgrade script for existing .desk=
top=20
files (assuming user says OK) but I don't intend to implement one myself,=20
preferring instead to get our perms dialog to be polished and shiny.

=46inally, I'd like to backport to KDE 4.2 once we have the dialog finalize=
d and=20
the code is working well.  I know that David has committed some fixes to th=
e=20
initial patch set so there were things overlooked before.  Is anyone having=
=20
issues using the latest kdelibs from trunk?  If so please let me know so we=
=20
can get those ironed out in support of backporting.

Regards,
 - Michael Pyne

--Boundary-01=_Z1hpJqZ1jNmoNtR
Content-Type: text/html;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'Droid Sans Mono'; font-size:10pt; font-weight:400; font-style:normal;">Hi all,<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Based on feedback of the current version of KRun's .desktop files permissions upgrade dialog, I've been working on reducing the text to the minimum necessary while making it clear what is about to be run.  This is my results right now (the hard part has been getting the QTextEdit to a sane size -- the attached patch has a hack to try and get a decent padding).<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The following two screenshots are for a sane Exec= line, and a malicious/crazy Exec= line respectively.  The dialog is limited in maximum size (with the exec-line widget limited in minimum size) to hopefully prevent hiding text while still being more-or-less not completely ugly.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>http://purinchu.net/dumping-ground/krun8.png<br>
http://purinchu.net/dumping-ground/krun9.png<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The attached code is from a sample application but would basically go into krun to replace the code already there.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Comments?  If it's better I'll go ahead and commit at some point tomorrow (with more revisions if necessary) and I'll move on to some other touchups I want to perform:<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>For instance, for "untrusted" .desktop files I'd do:<br>
- Don't show custom icons (probably via KService::icon, but not KService::property)<br>
- Show the real filename and not the encoded Name=<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>And in addition I think we should avoid doing mime-type detection to "sniff" out .desktop files, at least as far as icon views are concerned.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I've left open the possibility of an auto-upgrade script for existing .desktop files (assuming user says OK) but I don't intend to implement one myself, preferring instead to get our perms dialog to be polished and shiny.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Finally, I'd like to backport to KDE 4.2 once we have the dialog finalized and the code is working well.  I know that David has committed some fixes to the initial patch set so there were things overlooked before.  Is anyone having issues using the latest kdelibs from trunk?  If so please let me know so we can get those ironed out in support of backporting.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Regards,<br>
 - Michael Pyne</p></body></html>
--Boundary-01=_Z1hpJqZ1jNmoNtR--

--Boundary-02=_Z1hpJhkK0B1kvL3
Content-Type: text/x-c++src;
  charset="UTF-8";
  name="window.cpp"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="window.cpp"

#include "window.h"

#include <QtGui>

#include <klocale.h>
#include <klineedit.h>
#include <kdebug.h>
#include <kmessagebox.h>
#include <kstandarddirs.h>
#include <kdialog.h>
#include <kservice.h>

class SecureMessageDialog : public KDialog
{
    public:
    SecureMessageDialog(QWidget *parent) : KDialog(parent), m_textEdit(0)
    {
    }

    void setTextEdit(QPlainTextEdit *textEdit)
    {
        m_textEdit = textEdit;
    }

    protected:
    virtual void showEvent(QShowEvent* e)
    {
        // Now that we're shown, use our width to calculate a good
        // bounding box for the text, and resize m_textEdit appropriately.
        KDialog::showEvent(e);

        if(!m_textEdit)
            return;

        QSize fudge(20, 24); // About what it sounds like

        // Form rect with a lot of height for bounding.  Use no more than
        // 5 lines.
        QRect curRect(m_textEdit->rect());
        QFontMetrics metrics(fontMetrics());
        curRect.setHeight(5 * metrics.lineSpacing());
        curRect.setWidth(qMax(curRect.width(), 300)); // At least 300 pixels ok?

        QString text(m_textEdit->toPlainText());
        curRect = metrics.boundingRect(curRect, Qt::TextWordWrap | Qt::TextSingleLine, text);

        // Scroll bars interfere.  If we don't think there's enough room, enable
        // the vertical scrollbar however.
        m_textEdit->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff);
        if(curRect.height() < m_textEdit->height()) { // then we've got room
            m_textEdit->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff);
            m_textEdit->setMaximumHeight(curRect.height() + fudge.height());
        }

        m_textEdit->setMinimumSize(curRect.size() + fudge);
        m_textEdit->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Minimum);
        updateGeometry();
    }

    private:
    QPlainTextEdit *m_textEdit;
};

Window::Window(QWidget *parent) :
    KMainWindow(parent)
{
    QWidget *centralWidget = new QWidget(this);
    setCentralWidget(centralWidget);

    QVBoxLayout *layout = new QVBoxLayout;
    centralWidget->setLayout(layout);

    QPushButton *click = new QPushButton("Click", centralWidget);
    layout->addWidget(click);
    connect(click, SIGNAL(clicked()), SLOT(leClick()));

    QPushButton *quit = new QPushButton("Quit", centralWidget);
    layout->addWidget(quit);
    connect(quit, SIGNAL(clicked()), SLOT(close()));
}

void Window::leClick()
{
    KService::Ptr service(KService::serviceByDesktopName("konqbrowser"));

    QString serviceName = service->name();
    if(serviceName.isEmpty())
        serviceName = service->genericName();

    KGuiItem continueItem = KStandardGuiItem::cont();

    SecureMessageDialog *baseDialog = new SecureMessageDialog(this);
//    baseDialog->setButtons(KDialog::Ok | KDialog::Cancel | KDialog::Details);
    baseDialog->setButtons(KDialog::Ok | KDialog::Cancel);
    baseDialog->setButtonGuiItem(KDialog::Ok, continueItem);
    baseDialog->setDefaultButton(KDialog::Cancel);   // NoDefault doesn't work?
    baseDialog->setCaption(i18nc("Warning about executing unknown .desktop file", "Warning"));

    // Dialog will have explanatory text with a disabled lineedit with the
    // Exec= to make it visually distinct.
    QWidget *baseWidget = new QWidget(baseDialog);
    QHBoxLayout *mainLayout = new QHBoxLayout(baseWidget);

    QLabel *iconLabel = new QLabel(baseWidget);
    QPixmap warningIcon(KIconLoader::global()->loadIcon("dialog-warning", KIconLoader::NoGroup, KIconLoader::SizeHuge));
    mainLayout->addWidget(iconLabel);
    iconLabel->setPixmap(warningIcon);

    QVBoxLayout *contentLayout = new QVBoxLayout;
    QString warningMessage = i18nc("program name follows in a line edit below",
                                   "This will start the program:");

    QLabel *message = new QLabel(warningMessage, baseWidget);
    contentLayout->addWidget(message);

    // We can use KStandardDirs::findExe to resolve relative pathnames
    // but that gets rid of the command line arguments.
    QString program = KStandardDirs::realFilePath(service->exec());

    QPlainTextEdit *textEdit = new QPlainTextEdit(baseWidget);
    textEdit->setPlainText(program);
    textEdit->setReadOnly(true);
    contentLayout->addWidget(textEdit);

    QLabel *footerLabel = new QLabel(i18n("If you do not trust this program, click Cancel"));
    contentLayout->addWidget(footerLabel);
    contentLayout->addStretch(0);

    mainLayout->addLayout(contentLayout);

    baseDialog->setMainWidget(baseWidget);
    baseDialog->setTextEdit(textEdit);

    // Constrain maximum size.  Minimum size set in
    // the dialog's show event.
    QSize screenSize = QApplication::desktop()->screen()->size();
    baseDialog->resize(screenSize.width() / 4, 50);
    baseDialog->setMaximumHeight(screenSize.height() / 3);
    baseDialog->setMaximumWidth(screenSize.width() / 10 * 8);

    int result = baseDialog->exec();
    if (result != KDialog::Accepted) {
        return;
    }
}

#include "window.moc"

--Boundary-02=_Z1hpJhkK0B1kvL3--

--nextPart3821314.Ek721EJxTU
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAkmmHVwACgkQqjQYp5Omm0pB1wCfW6SwuKBWKWwy/CNSUvxmeABo
0hsAnRztdXG+gy6RyUCISoWCxxhOm0Qe
=l5gZ
-----END PGP SIGNATURE-----

--nextPart3821314.Ek721EJxTU--