[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-pim
Subject:    [Kde-pim] reminder program on alarm.
From:       Mario Teijeiro Otero <emeteo () escomposlinux ! org>
Date:       2005-06-24 18:06:16
Message-ID: 200506242006.17378.emeteo () escomposlinux ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

[Attachment #4 (multipart/mixed)]


Hi, 
	Attached goes the patch that permits pass params to the program. It 
understand certains macros (%d, %e,%D,%s ,%o) to expand.
	There are one security problem in the deal with the execution of programs on 
alarms. This problem resides  on the remote calendars, that have assigned a 
"rm -rf /home/*" on the program.
	Evolution treats this asking for the user to execute the command. This has 
the objection that avoid the unmaintenance operation.
	How should we treat this ?

	Please, review the i18n's strings (my english is not very good), like you 
could noticed ;-).

	Regards
-- 
Keep away software patents from Europe.
GPG Fingerprint: 7788 5526 6B2A 47BE 9618  8F48 30AB 1CF9 7799 71DC
http://cernicalo.escomposlinux.org

["program_alarmaevent.dff" (text/x-diff)]

Index: koeditorgeneral.cpp
===================================================================
--- koeditorgeneral.cpp	(revisión: 428201)
+++ koeditorgeneral.cpp	(copia de trabajo)
@@ -53,6 +53,7 @@
 #include <libkcal/event.h>
 
 #include <libkdepim/kdateedit.h>
+#include <libkdepim/kpimurlrequesterdlg.h>
 
 #include "koprefs.h"
 #include "koglobals.h"
@@ -260,15 +261,27 @@
 void KOEditorGeneral::pickAlarmProgram()
 {
   if (!mAlarmProgramButton->isOn()) {
+    mAlarmProgramLast = mAlarmProgram;
     mAlarmProgram = "";
     QToolTip::remove(mAlarmProgramButton);
     QToolTip::add(mAlarmProgramButton, i18n("No program set"));
   } else {
-    QString fileName(KFileDialog::getOpenFileName(QString::null, QString::null, 0));
-    if (!fileName.isEmpty()) {
-      mAlarmProgram = fileName;
+    KURL uri = KPimURLRequesterDlg::getURL( mAlarmProgramLast, i18n(
+          "Command to be executed on reminder. You can use this macros:\n\n"
+          "\t\%c - Categories\n"
+          "\t\%d - Description\n"
+          "\t\%D - Date start\n"
+          "\t\%e - Date end\n"
+          "\t\%l - Location \n"
+          "\t\%o - Organizer\n"
+          "\t\%s - Sumary\n"
+          ), 0,
+          i18n("Set program...") );
+    if (!uri.isEmpty()) {
+      mAlarmProgram = uri.pathOrURL();
+      mAlarmProgramLast = mAlarmProgram;
       QToolTip::remove(mAlarmProgramButton);
-      QString dispStr = i18n("Running '%1'").arg(fileName);
+      QString dispStr = i18n("Running '%1'").arg( mAlarmProgram );
       QToolTip::add(mAlarmProgramButton, dispStr);
       mAlarmSoundButton->setOn(false);
     }
Index: koeditorgeneral.h
===================================================================
--- koeditorgeneral.h	(revisión: 428201)
+++ koeditorgeneral.h	(copia de trabajo)
@@ -120,6 +120,7 @@
     QString mCategories;
     QString mAlarmSound;
     QString mAlarmProgram;
+    QString mAlarmProgramLast;
 };
 
 #endif
Index: korgac/alarmdialog.cpp
===================================================================
--- korgac/alarmdialog.cpp	(revisión: 428201)
+++ korgac/alarmdialog.cpp	(copia de trabajo)
@@ -38,6 +38,7 @@
 #include <kprocess.h>
 #include <kaudioplayer.h>
 #include <kdebug.h>
+#include <kmacroexpander.h>
 #include <kmessagebox.h>
 #include <knotifyclient.h>
 #include <kcombobox.h>
@@ -197,10 +198,24 @@
   for ( it = alarms.begin(); it != alarms.end(); ++it ) {
     Alarm *alarm = *it;
 // FIXME: Check whether this should be done for all multiple alarms
-    if (alarm->type() == Alarm::Procedure) {
-      kdDebug(5890) << "Starting program: '" << alarm->programFile() << "'" << endl;
+    if (alarm->type() == Alarm::Procedure && !alarm->programFile().isEmpty() ) {
+      QMap<QChar,QString> subst;
+      subst.insert( 'c', mIncidence->categoriesStr() );
+      subst.insert( 'd', mIncidence->description() );
+      subst.insert( 'D', mIncidence->dtStart().toString());
+      subst.insert( 'e', mIncidence->dtEnd().toString() );
+      subst.insert( 'l', mIncidence->location() );
+      subst.insert( 'o', mIncidence->organizer().fullName() );
+      subst.insert( 's', mIncidence->summary() );
+      QString execLine = KMacroExpander::expandMacrosShellQuote( alarm->programFile(), subst );
+      if ( execLine.isEmpty() )
+        execLine = alarm->programFile(); // fallback
+
+      kdDebug(5890) << "Starting program: '" << execLine << "'" << endl;
+
       KProcess proc;
-      proc << QFile::encodeName(alarm->programFile());
+      proc.setUseShell( true );
+      proc << QFile::encodeName(execLine);
       proc.start(KProcess::DontCare);
     }
     else if (alarm->type() == Alarm::Audio) {

[Attachment #8 (application/pgp-signature)]

_______________________________________________
kde-pim mailing list
kde-pim@kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
kde-pim home page at http://pim.kde.org/

[prev in list] [next in list] [prev in thread] [next in thread]