[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Review Request: Fix sanitization of dbus path in KMainWindow
From:       Thomas =?utf-8?q?L=C3=BCbking?= <thomas.luebking () web ! de>
Date:       2009-08-16 13:15:14
Message-ID: 200908161515.14581.thomas.luebking () web ! de
[Download RAW message or body]

Am Friday 14 August 2009 schrieb Matthew Woehlke:
> Forgetting the intricasies of appName, KMainWindow currently applies the
> following sanitization to objectName():
> 
> <replace QChar where !isLetterOrNumber with '_'>
> 
> This is wrong because it would allow the illegal characters '.' and '-'
> to pass through. This should either be fixed, or else removed entirely
> on the theory that objectName() can't be invalid to begin with.

simple test* says:
QObject::setObjectName() (unline the Qt designer ui editor) does /not/ 
restrict the object name *at all*, so the patch fixes a /real/ bug (and not 
just sanitizes a sane string sanitization)

Therefore please apply it to prevent apps from running into this unnecessary 
assert.

on anybodies worries: 
a) if you ever had such object name on a mainwindow it could have never been 
used w/o an assert exit
b) if QChar::isLetter() wouldn't rank "_" as letter it would be replace by "_" 
anyway

I however fear the other thread is the much more driving one.

Thomas

*code attached

["objectnametest.cc" (text/x-c++src)]

#include <QObject>
#include <QtDebug>

main (int argc, char **argv)
{
	if (argc < 2)
		qDebug() << "you forgot the object name";
	else
	{
		QObject o; o.setObjectName(argv[1]);
		qDebug() << o.objectName();
	}
}


[prev in list] [next in list] [prev in thread] [next in thread]