From kde-core-devel Fri Aug 14 16:24:59 2009 From: Matthew Woehlke Date: Fri, 14 Aug 2009 16:24:59 +0000 To: kde-core-devel Subject: Re: Review Request: Fix sanitization of dbus path in KMainWindow Message-Id: X-MARC-Message: https://marc.info/?l=kde-core-devel&m=125026714229777 Matthew Woehlke wrote: > As pointed out by Thomas Lübking ( > http://permalink.gmane.org/gmane.comp.kde.devel.general/58749 ), > KMainWindow attempts to sanitize what it will allow in the dbus path. > However as written it would allow the illegal characters "." and "-" > to be passed through. Ping? Forgetting the intricasies of appName, KMainWindow currently applies the following sanitization to objectName(): This is wrong because it would allow the illegal characters '.' and '-' to pass through. This should either be fixed, or else removed entirely on the theory that objectName() can't be invalid to begin with. Can we please either agree to approve the patch on that basis, or give a good reason why it should not be applied? (Rather than leaving the patch in perpetual limbo...) Please do not discuss other questions about the dbus path here; I created a different thread[1] for those issues. 1: http://permalink.gmane.org/gmane.comp.kde.devel.general/58753 -- Matthew Please do not quote my e-mail address unobfuscated in message bodies. -- ,= ,-_-. =. Freedom to Use ((_/)o o(\_)) Freedom to Examine `-'(. .)`-' Freedom to Share \_/ Freedom to Improve