'.desktop file permissions dialog update'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    .desktop file permissions dialog update
From:       Michael Pyne <mpyne () purinchu ! net>
Date:       2009-02-26 4:40:56
Message-ID: 200902252341.00934.mpyne () purinchu ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (multipart/alternative)]


Hi all,

Based on feedback of the current version of KRun's .desktop files permissions 
upgrade dialog, I've been working on reducing the text to the minimum 
necessary while making it clear what is about to be run.  This is my results 
right now (the hard part has been getting the QTextEdit to a sane size -- the 
attached patch has a hack to try and get a decent padding).

The following two screenshots are for a sane Exec= line, and a malicious/crazy 
Exec= line respectively.  The dialog is limited in maximum size (with the 
exec-line widget limited in minimum size) to hopefully prevent hiding text 
while still being more-or-less not completely ugly.

http://purinchu.net/dumping-ground/krun8.png
http://purinchu.net/dumping-ground/krun9.png

The attached code is from a sample application but would basically go into 
krun to replace the code already there.

Comments?  If it's better I'll go ahead and commit at some point tomorrow 
(with more revisions if necessary) and I'll move on to some other touchups I 
want to perform:

For instance, for "untrusted" .desktop files I'd do:
- Don't show custom icons (probably via KService::icon, but not 
KService::property)
- Show the real filename and not the encoded Name=

And in addition I think we should avoid doing mime-type detection to "sniff" 
out .desktop files, at least as far as icon views are concerned.

I've left open the possibility of an auto-upgrade script for existing .desktop 
files (assuming user says OK) but I don't intend to implement one myself, 
preferring instead to get our perms dialog to be polished and shiny.

Finally, I'd like to backport to KDE 4.2 once we have the dialog finalized and 
the code is working well.  I know that David has committed some fixes to the 
initial patch set so there were things overlooked before.  Is anyone having 
issues using the latest kdelibs from trunk?  If so please let me know so we 
can get those ironed out in support of backporting.

Regards,
 - Michael Pyne

[Attachment #7 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Droid Sans Mono'; font-size:10pt; \
font-weight:400; font-style:normal;">Hi all,<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Based on feedback of \
the current version of KRun's .desktop files permissions upgrade dialog, I've been \
working on reducing the text to the minimum necessary while making it clear what is \
about to be run.  This is my results right now (the hard part has been getting the \
QTextEdit to a sane size -- the attached patch has a hack to try and get a decent \
padding).<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>The following two screenshots are for a sane Exec= line, \
and a malicious/crazy Exec= line respectively.  The dialog is limited in maximum size \
(with the exec-line widget limited in minimum size) to hopefully prevent hiding text \
while still being more-or-less not completely ugly.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>http://purinchu.net/dumping-ground/krun8.png<br> \
http://purinchu.net/dumping-ground/krun9.png<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The attached code is \
from a sample application but would basically go into krun to replace the code \
already there.<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>Comments?  If it's better I'll go ahead \
and commit at some point tomorrow (with more revisions if necessary) and I'll move on \
to some other touchups I want to perform:<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>For instance, for \
                "untrusted" .desktop files I'd do:<br>
- Don't show custom icons (probably via KService::icon, but not \
                KService::property)<br>
- Show the real filename and not the encoded Name=<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>And in addition I think we should avoid doing mime-type \
detection to "sniff" out .desktop files, at least as far as icon views are \
concerned.<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>I've left open the possibility of an auto-upgrade script \
for existing .desktop files (assuming user says OK) but I don't intend to implement \
one myself, preferring instead to get our perms dialog to be polished and shiny.<br> \
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Finally, I'd like to backport to KDE 4.2 once we have the \
dialog finalized and the code is working well.  I know that David has committed some \
fixes to the initial patch set so there were things overlooked before.  Is anyone \
having issues using the latest kdelibs from trunk?  If so please let me know so we \
can get those ironed out in support of backporting.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
                -qt-user-state:0;"><br></p>Regards,<br>
 - Michael Pyne</p></body></html>


["window.cpp" (text/x-c++src)]

#include "window.h"

#include <QtGui>

#include <klocale.h>
#include <klineedit.h>
#include <kdebug.h>
#include <kmessagebox.h>
#include <kstandarddirs.h>
#include <kdialog.h>
#include <kservice.h>

class SecureMessageDialog : public KDialog
{
    public:
    SecureMessageDialog(QWidget *parent) : KDialog(parent), m_textEdit(0)
    {
    }

    void setTextEdit(QPlainTextEdit *textEdit)
    {
        m_textEdit = textEdit;
    }

    protected:
    virtual void showEvent(QShowEvent* e)
    {
        // Now that we're shown, use our width to calculate a good
        // bounding box for the text, and resize m_textEdit appropriately.
        KDialog::showEvent(e);

        if(!m_textEdit)
            return;

        QSize fudge(20, 24); // About what it sounds like

        // Form rect with a lot of height for bounding.  Use no more than
        // 5 lines.
        QRect curRect(m_textEdit->rect());
        QFontMetrics metrics(fontMetrics());
        curRect.setHeight(5 * metrics.lineSpacing());
        curRect.setWidth(qMax(curRect.width(), 300)); // At least 300 pixels ok?

        QString text(m_textEdit->toPlainText());
        curRect = metrics.boundingRect(curRect, Qt::TextWordWrap | \
Qt::TextSingleLine, text);

        // Scroll bars interfere.  If we don't think there's enough room, enable
        // the vertical scrollbar however.
        m_textEdit->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff);
        if(curRect.height() < m_textEdit->height()) { // then we've got room
            m_textEdit->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff);
            m_textEdit->setMaximumHeight(curRect.height() + fudge.height());
        }

        m_textEdit->setMinimumSize(curRect.size() + fudge);
        m_textEdit->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Minimum);
        updateGeometry();
    }

    private:
    QPlainTextEdit *m_textEdit;
};

Window::Window(QWidget *parent) :
    KMainWindow(parent)
{
    QWidget *centralWidget = new QWidget(this);
    setCentralWidget(centralWidget);

    QVBoxLayout *layout = new QVBoxLayout;
    centralWidget->setLayout(layout);

    QPushButton *click = new QPushButton("Click", centralWidget);
    layout->addWidget(click);
    connect(click, SIGNAL(clicked()), SLOT(leClick()));

    QPushButton *quit = new QPushButton("Quit", centralWidget);
    layout->addWidget(quit);
    connect(quit, SIGNAL(clicked()), SLOT(close()));
}

void Window::leClick()
{
    KService::Ptr service(KService::serviceByDesktopName("konqbrowser"));

    QString serviceName = service->name();
    if(serviceName.isEmpty())
        serviceName = service->genericName();

    KGuiItem continueItem = KStandardGuiItem::cont();

    SecureMessageDialog *baseDialog = new SecureMessageDialog(this);
//    baseDialog->setButtons(KDialog::Ok | KDialog::Cancel | KDialog::Details);
    baseDialog->setButtons(KDialog::Ok | KDialog::Cancel);
    baseDialog->setButtonGuiItem(KDialog::Ok, continueItem);
    baseDialog->setDefaultButton(KDialog::Cancel);   // NoDefault doesn't work?
    baseDialog->setCaption(i18nc("Warning about executing unknown .desktop file", \
"Warning"));

    // Dialog will have explanatory text with a disabled lineedit with the
    // Exec= to make it visually distinct.
    QWidget *baseWidget = new QWidget(baseDialog);
    QHBoxLayout *mainLayout = new QHBoxLayout(baseWidget);

    QLabel *iconLabel = new QLabel(baseWidget);
    QPixmap warningIcon(KIconLoader::global()->loadIcon("dialog-warning", \
KIconLoader::NoGroup, KIconLoader::SizeHuge));  mainLayout->addWidget(iconLabel);
    iconLabel->setPixmap(warningIcon);

    QVBoxLayout *contentLayout = new QVBoxLayout;
    QString warningMessage = i18nc("program name follows in a line edit below",
                                   "This will start the program:");

    QLabel *message = new QLabel(warningMessage, baseWidget);
    contentLayout->addWidget(message);

    // We can use KStandardDirs::findExe to resolve relative pathnames
    // but that gets rid of the command line arguments.
    QString program = KStandardDirs::realFilePath(service->exec());

    QPlainTextEdit *textEdit = new QPlainTextEdit(baseWidget);
    textEdit->setPlainText(program);
    textEdit->setReadOnly(true);
    contentLayout->addWidget(textEdit);

    QLabel *footerLabel = new QLabel(i18n("If you do not trust this program, click \
Cancel"));  contentLayout->addWidget(footerLabel);
    contentLayout->addStretch(0);

    mainLayout->addLayout(contentLayout);

    baseDialog->setMainWidget(baseWidget);
    baseDialog->setTextEdit(textEdit);

    // Constrain maximum size.  Minimum size set in
    // the dialog's show event.
    QSize screenSize = QApplication::desktop()->screen()->size();
    baseDialog->resize(screenSize.width() / 4, 50);
    baseDialog->setMaximumHeight(screenSize.height() / 3);
    baseDialog->setMaximumWidth(screenSize.width() / 10 * 8);

    int result = baseDialog->exec();
    if (result != KDialog::Accepted) {
        return;
    }
}

#include "window.moc"


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic