--Boundary-00=_0/ew+fZG1YUcFqh Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Description: clearsigned data Content-Disposition: inline -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This question is aimed at anyone here that can help with some issues I'm having packaging up the KIO_exec package. I'm building a new set of packages that will hopefully be in Mandrake cooker contrib soon that will add a kio_exec protocol to Konqueror (GPL'd stuff from Lycoris Linux) and a new centralized HTML based system control panel (custom designed). The KIO_exec package is giving me a little bit of a problem though. I've got it rebuilt OK, once I figured out all the flags needed to get it working with libqt compiled with threads. However I think I've found a possible bug in the code. Now KDE 3.1.1 keeps informing me when I click on the link (or even type the path into the location bar), it keeps informing me that the URL is insecure. however this HTML is a LOCAL page that I created, thus as far as the code's test is concerned, should be safe. I've checked the code and found that the message is coming from the kio_execProtocol::checkReferrer(const KURL& url) method starting on line 112 of exec.cpp. This is not helpful at all since the kio_exec KIO-slave is designed to execute local executables from local html files without a warning about security. This causes the Lycoris control center to be nearly useless on 3.1.1 in it's current form due to the warnings popping up. Near as I can tell, the test that happens to check whether this is a local or remote URL is constantly failing. This is making the exec protocol think that the file is ALWAYS from an insecure location. The exec.cpp, exec.h, and exec.protocol are attached below. - -- Gary L. Greene, Jr. Sent from uriel.gvsu.edu 01:47:16 up 1 day, 1:54, 7 users, load average: 0.24, 0.21, 0.14 ============================================================ Founder and president of the Grand Valley Linux Users Group. -==- PHONE : 331-0562 EMAIL : greeneg@student.gvsu.edu ============================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+we/0yPw381UL7WcRArHiAJ0QCsZXXZPQ0xRyrJgYcwyc+qKCMACgk/Gt cpDTr/tXbDLmy0lPcHe3Oww= =OjFZ -----END PGP SIGNATURE----- --Boundary-00=_0/ew+fZG1YUcFqh Content-Type: text/x-c++src; charset="iso-8859-1"; name="exec.cpp" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="exec.cpp" /*************************************************************************** exec.cpp - description ------------------- begin : Tue Feb 26 21:24:00 EST 2002 author : Jason Mott copyright : (C) 2002 by Redmond Linux Corp email : jmott@users.sourceforge.net ***************************************************************************/ /*************************************************************************** * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * ***************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "exec.h" using namespace KIO; extern "C" { int kdemain( int argc, char **argv ) { KInstance instance( "kio_exec" ); kdDebug(7101) << "*** Starting kio_exec " << endl; if (argc != 4) { kdDebug(7101) << "Usage: kio_exec protocol domain-socket1 domain-socket2" << endl; exit(-1); } kio_execProtocol slave(argv[2], argv[3]); slave.dispatchLoop(); kdDebug(7101) << "*** kio_exec Done" << endl; return 0; } } kio_execProtocol::kio_execProtocol(const QCString &pool_socket, const QCString &app_socket) : SlaveBase("kio_exec", pool_socket, app_socket) { kdDebug() << "kio_execProtocol::kio_execProtocol()" << endl; } /* ---------------------------------------------------------------------------------- */ kio_execProtocol::~kio_execProtocol() { kdDebug() << "kio_execProtocol::~kio_execProtocol()" << endl; } /* ---------------------------------------------------------------------------------- */ void kio_execProtocol::get(const KURL& url ) { kdDebug() << "kio_exec::get(const KURL& url)" << endl ; KURL referrer_url(metaData("referrer")); if ( checkReferrer(referrer_url) ) { QString queryStr = url.query(); queryStr.remove(0,1); // take off the "?" at the begining. queryStr.replace(QRegExp("\\+"), "%20"); // "+" is valid as a space, but decode_string doesn't recognize it. QStringList args = QStringList::split(QChar(' '),KURL::decode_string(queryStr)); QString executable = url.path(); executable.remove(0,1); // Get rid of begining "/", kdeinitExec() doesn't work with it there. infoMessage(i18n("Executing %1 ...").arg( executable ) ); KApplication::kdeinitExec(executable,args); } if (referrer_url.isValid()) { redirection(referrer_url); // this makes it so the browser stays where it was. // otherwise we either get a hang or a blank page. // of course in the case of no referrer, it's a blank page. } data(QByteArray()); finished(); } /* ---------------------------------------------------------------------------------- */ bool kio_execProtocol::checkReferrer(const KURL& url) { if ( url.isValid() && url.isLocalFile() ) { return true; } QString warning = i18n("The URL you are about to follow\nexecutes an application on your system,\nbut the URL is from an insecure source.\n\nWould you like to execute anyway?"); int answer = messageBox( WarningYesNo, warning, i18n("Insecure Protocol!")); if (answer == KMessageBox::Yes) { return true; } else { return false; } } /* --------------------------------------------------------------------------- */ void kio_execProtocol::mimetype(const KURL & /*url*/) { mimeType("text/html"); finished(); } /* --------------------------------------------------------------------------- */ --Boundary-00=_0/ew+fZG1YUcFqh Content-Type: text/x-chdr; charset="iso-8859-1"; name="exec.h" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="exec.h" /*************************************************************************** exec.h - description ------------------- begin : Tue Feb 26 21:24:00 EST 2002 author : Jason Mott copyright : (C) 2002 by Redmond Linux Corp email : jmott@users.sourceforge.net ***************************************************************************/ /*************************************************************************** * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * ***************************************************************************/ #ifndef __exec_h__ #define __exec_h__ #include #include #include #include #include class QCString; class kio_execProtocol : public KIO::SlaveBase { public: kio_execProtocol(const QCString &pool_socket, const QCString &app_socket); virtual ~kio_execProtocol(); virtual void mimetype(const KURL& url); virtual void get(const KURL& url); protected: bool checkReferrer(const KURL& url); }; #endif --Boundary-00=_0/ew+fZG1YUcFqh Content-Type: text/plain; charset="iso-8859-1"; name="exec.protocol" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="exec.protocol" [Protocol] exec=kio_exec protocol=exec input=none output=none reading=true defaultMimetype=text/html Icon=exec Description=A kioslave for exec --Boundary-00=_0/ew+fZG1YUcFqh--