[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Review Request: Fix sanitization of dbus path in KMainWindow
From:       Matthew Woehlke <mw_triad () users ! sourceforge ! net>
Date:       2009-08-14 16:24:59
Message-ID: h6434s$1uf$1 () ger ! gmane ! org
[Download RAW message or body]

Matthew Woehlke wrote:
> As pointed out by Thomas Lübking (
> http://permalink.gmane.org/gmane.comp.kde.devel.general/58749 ),
> KMainWindow attempts to sanitize what it will allow in the dbus path.
> However as written it would allow the illegal characters "." and "-"
> to be passed through.

Ping?

Forgetting the intricasies of appName, KMainWindow currently applies the 
following sanitization to objectName():

<replace QChar where !isLetterOrNumber with '_'>

This is wrong because it would allow the illegal characters '.' and '-' 
to pass through. This should either be fixed, or else removed entirely 
on the theory that objectName() can't be invalid to begin with.

Can we please either agree to approve the patch on that basis, or give a 
good reason why it should not be applied? (Rather than leaving the patch 
in perpetual limbo...)

Please do not discuss other questions about the dbus path here; I 
created a different thread[1] for those issues.

1: http://permalink.gmane.org/gmane.comp.kde.devel.general/58753

-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
  ,= ,-_-. =.    Freedom to Use
((_/)o o(\_))  Freedom to Examine
  `-'(. .)`-'  Freedom to Share
      \_/     Freedom to Improve

[prev in list] [next in list] [prev in thread] [next in thread]