Attachment #34473 for bug #77944

View | Details | Raw Unified | Return to bug 77944
Collapse All | Expand All





bool Instance::run(QFile *a_file)
{
  // Check whether extension is *.kmdr
  if (!m_uiFileName.fileName().endsWith(".kmdr")) {
    KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
           "Kommander will only run Kommander scripts with a clear identity.</qt>"),
           i18n("Wrong Extension"));
    return false;
  }
  
  // Check whether file is not in some temporary directory.
  QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
  tmpDirs += KGlobal::dirs()->resourceDirs("cache");
  tmpDirs.append("/tmp/");
  tmpDirs.append("/var/tmp/");
  
  bool inTemp = false;
  for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
    if (m_uiFileName.directory().startsWith(*I))
      inTemp = true;
        
  if (inTemp)
  {
     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
         " This may mean that it was run from a KMail attachment or from a webpage. "
         "<p>Any script contained in this dialog will have write access to all of your home directory; "
         "<b>running such dialogs may be dangerous: </b>"
         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
       return false;
  }
  
  /* add runtime arguments */
  if (m_cmdArguments) {
    QString args;

    KommanderWidget::setGlobal("ARGS", args);
  }
  KommanderWidget::setGlobal("ARGCOUNT", QString("%1").arg(m_cmdArguments));
     
  if (m_uiFileName.directory().startsWith(locateLocal("tmp", "") + "/") ||
      m_uiFileName.directory().startsWith("/tmp/"))
  {
     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
         " This may mean that it was run from a KMail attachment or from a webpage. "
         "<p>Any script contained in this dialog will have write access to all of your home directory; "
         "<b>running such dialogs may be dangerous: </b>"
         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
       return false;
  }
  
  if (!m_uiFileName.isEmpty()) 
  {
    KommanderWidget::setGlobal("_KDDIR", m_uiFileName.directory());

Return to bug 77944

Lines 131-136 bool Instance::build(QFile *a_file) Link Here

(-)instance.cpp (-12 / +30 lines)
131		131
132	bool Instance::run(QFile *a_file)	132	bool Instance::run(QFile *a_file)
133	{	133	{
		134	// Check whether extension is *.kmdr
		135	if (!m_uiFileName.fileName().endsWith(".kmdr")) {
		136	KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
		137	"Kommander will only run Kommander scripts with a clear identity.</qt>"),
		138	i18n("Wrong Extension"));
		139	return false;
		140	}
		141
		142	// Check whether file is not in some temporary directory.
		143	QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
		144	tmpDirs += KGlobal::dirs()->resourceDirs("cache");
		145	tmpDirs.append("/tmp/");
		146	tmpDirs.append("/var/tmp/");
		147
		148	bool inTemp = false;
		149	for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
		150	if (m_uiFileName.directory().startsWith(*I))
		151	inTemp = true;
		152
		153	if (inTemp)
		154	{
		155	if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
		156	" This may mean that it was run from a KMail attachment or from a webpage. "
		157	"<p>Any script contained in this dialog will have write access to all of your home directory; "
		158	"<b>running such dialogs may be dangerous: </b>"
		159	"<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
		160	return false;
		161	}
		162
134	/* add runtime arguments */	163	/* add runtime arguments */
135	if (m_cmdArguments) {	164	if (m_cmdArguments) {
136	QString args;	165	QString args;
Lines 143-160 bool Instance::run(QFile *a_file) Link Here
143	KommanderWidget::setGlobal("ARGS", args);	172	KommanderWidget::setGlobal("ARGS", args);
144	}	173	}
145	KommanderWidget::setGlobal("ARGCOUNT", QString("%1").arg(m_cmdArguments));	174	KommanderWidget::setGlobal("ARGCOUNT", QString("%1").arg(m_cmdArguments));
146		175
147	if (m_uiFileName.directory().startsWith(locateLocal("tmp", "") + "/") \|\|
148	m_uiFileName.directory().startsWith("/tmp/"))
149	{
150	if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
151	" This may mean that it was run from a KMail attachment or from a webpage. "
152	"<p>Any script contained in this dialog will have write access to all of your home directory; "
153	"<b>running such dialogs may be dangerous: </b>"
154	"<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
155	return false;
156	}
157
158	if (!m_uiFileName.isEmpty())	176	if (!m_uiFileName.isEmpty())
159	{	177	{
160	KommanderWidget::setGlobal("_KDDIR", m_uiFileName.directory());	178	KommanderWidget::setGlobal("_KDDIR", m_uiFileName.directory());