From 695bd74ce548bd10f9cbcbf4676adf4ce111c37f Mon Sep 17 00:00:00 2001 From: TheLastProject Date: Sun, 22 Feb 2015 13:21:42 +0100 Subject: [PATCH] Use blacklist for executables, explicitly run executables with QProcess to work around KDE4.4 security measure which disallows running executables --- src/chatlog/content/filetransferwidget.cpp | 3 +-- src/widget/form/filesform.cpp | 8 +------- src/widget/widget.cpp | 20 +++++++++++++++----- src/widget/widget.h | 2 +- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/chatlog/content/filetransferwidget.cpp b/src/chatlog/content/filetransferwidget.cpp index 9dc12042f..550abae0c 100644 --- a/src/chatlog/content/filetransferwidget.cpp +++ b/src/chatlog/content/filetransferwidget.cpp @@ -429,8 +429,7 @@ void FileTransferWidget::handleButton(QPushButton *btn) if(btn->objectName() == "ok") { - if (Widget::confirmExecutableOpen(QFileInfo(fileInfo.filePath))) - QDesktopServices::openUrl(QUrl("file://" + fileInfo.filePath, QUrl::TolerantMode)); + Widget::confirmExecutableOpen(QFileInfo(fileInfo.filePath)); } else if (btn->objectName() == "dir") { diff --git a/src/widget/form/filesform.cpp b/src/widget/form/filesform.cpp index 9373b5552..5a108fcf6 100644 --- a/src/widget/form/filesform.cpp +++ b/src/widget/form/filesform.cpp @@ -20,7 +20,6 @@ #include #include #include -#include FilesForm::FilesForm() : QObject() @@ -82,10 +81,5 @@ void FilesForm::onFileActivated(QListWidgetItem* item) { ListWidgetItem* tmp = dynamic_cast (item); - if (!Widget::confirmExecutableOpen(QFileInfo(tmp->path))) - return; - - QUrl url = QUrl::fromLocalFile(tmp->path); - qDebug() << "Opening '" << url << "'"; - QDesktopServices::openUrl(url); + Widget::confirmExecutableOpen(QFileInfo(tmp->path)); } diff --git a/src/widget/widget.cpp b/src/widget/widget.cpp index 476ad41b9..9e5c70993 100644 --- a/src/widget/widget.cpp +++ b/src/widget/widget.cpp @@ -59,6 +59,8 @@ #include #include #include +#include +#include #include #ifdef Q_OS_ANDROID @@ -498,17 +500,25 @@ void Widget::onTransferClicked() activeChatroomWidget = nullptr; } -bool Widget::confirmExecutableOpen(const QFileInfo file) +void Widget::confirmExecutableOpen(const QFileInfo file) { - if (file.isExecutable()) + static const QStringList dangerousExtensions = { "app", "bat", "com", "cpl", "dmg", "exe", "hta", "jar", "js", "jse", "lnk", "msc", "msh", "msh1", "msh1xml", "msh2", "msh2xml", "mshxml", "msi", "msp", "pif", "ps1", "ps1xml", "ps2", "ps2xml", "psc1", "psc2", "py", "reg", "scf", "sh", "src", "vb", "vbe", "vbs", "ws", "wsc", "wsf", "wsh" }; + + if (dangerousExtensions.contains(file.suffix())) { if(!GUI::askQuestion(tr("Executable file", "popup title"), tr("You have asked qTox to open an executable file. Executable files can potentially damage your computer. Are you sure want to open this file?", "popup text"), false, true)) { - return false; + return; } + + // The user wants to run this file, so make it executable and run it + QFile(file.filePath()).setPermissions(file.permissions() | QFile::ExeOwner | QFile::ExeUser | QFile::ExeGroup | QFile::ExeOther); + QProcess::startDetached(file.filePath()); + } + else + { + QDesktopServices::openUrl(QUrl("file://" + file.filePath(), QUrl::TolerantMode)); } - - return true; } void Widget::onIconClick(QSystemTrayIcon::ActivationReason reason) diff --git a/src/widget/widget.h b/src/widget/widget.h index eaa3342ef..6ccf8e929 100644 --- a/src/widget/widget.h +++ b/src/widget/widget.h @@ -70,7 +70,7 @@ public: virtual void changeEvent(QEvent *event); virtual void resizeEvent(QResizeEvent *event); - static bool confirmExecutableOpen(const QFileInfo file); + static void confirmExecutableOpen(const QFileInfo file); void clearAllReceipts(); void reloadHistory();