[Kde-bindings] kdelibs

Ian Reinhart Geiser geiseri at kde.org
Fri May 7 18:05:19 UTC 2004


CVS commit by geiseri: 

Patch to handle safe execution of scripts in KDE.
The main patch to KRun will provide the following:
       1) Checks if the script is local.
       2) Checks if the desired file has the executable bit set.
       3) Checks a list of known script mimetypes to see if its 
       able to run it. 
This will allow users to install script based applications writen 
in PyQt or KJSEmbed so that they can be run with KRun.  This will 
also keep scripts from being automaticly executed when they are 
clicked in konqueror from a remote site, or if activated from 
KMail.  This should help insulate us from the ever popular 
"click on this love letter" issue other desktops suffer from.

The changes to the mimetypes are as follows:
       1) New type x-executable-script was added.  This by default
       will cause the file to be opened with a text editor if KRun 
       decides its not something we should run.
       2) Set python,ruby,perl,javascript and shell to inherit this new type.
       3) Changed msdos executables, and python bytecode inherit x-executable.

CCMAIL: pykde at mats.imk.fraunhofer.de
CCMAIL: kde-bindings at kde.org


  A            mimetypes/application/x-executable-script.desktop   1.1
  M +17 -2     kio/kio/krun.cpp   1.249
  M +15 -0     kio/kio/krun.h   1.90
  M +1 -1      mimetypes/application/Makefile.am   1.120
  M +1 -2      mimetypes/application/x-javascript.desktop   1.6
  M +1 -0      mimetypes/application/x-msdos-program.desktop   1.57
  M +1 -1      mimetypes/application/x-perl.desktop   1.212
  M +1 -0      mimetypes/application/x-python-bytecode.desktop   1.216
  M +1 -1      mimetypes/application/x-python.desktop   1.213
  M +1 -0      mimetypes/application/x-ruby.desktop   1.49
  M +1 -1      mimetypes/application/x-shellscript.desktop   1.238


--- kdelibs/kio/kio/krun.h  #1.89:1.90
@@ -295,4 +295,19 @@ public:
   static bool isExecutable( const QString& serviceType );
 
+  /**
+   * Returns wether the @p url of @p mimetype is executable.
+   * To be executable the file must pass the following rules:
+   * -# Must reside on the local filesystem.
+   * -# Must be marked as executable for the user by the filesystem.
+   * -# The mime type must inherit application/x-executable or application/x-executable-script.
+   * To allow a script to run when the above rules are satisfied add the entry
+   * @code
+   * X-KDE-IsAlso=application/x-executable-script
+   * @endcode 
+   * to the mimetype's desktop file.
+   * @since 3.3
+   */
+   static bool isExecutableFile( const KURL& url, const QString &mimetype );
+
 signals:
   /**

--- kdelibs/kio/kio/krun.cpp  #1.248:1.249
@@ -44,4 +44,5 @@
 #include <dcopclient.h>
 #include <qfile.h>
+#include <qfileinfo.h>
 #include <qtextstream.h>
 #include <qdatetime.h>
@@ -84,4 +85,19 @@ pid_t KRun::runURL( const KURL& u, const
 }
 
+bool KRun::isExecutableFile( const KURL& url, const QString &mimetype )
+{
+  if ( !url.isLocalFile() )
+     return false;
+  QFileInfo file( url.path() ); 
+  if ( file.isExecutable() )  // Got a prospective file to run
+  {
+    KMimeType::Ptr mimeType = KMimeType::mimeType( mimetype );
+
+    if ( mimeType->is("application/x-executable") || mimeType->is("application/x-executable-script") )
+      return true;
+  }
+  return false;
+}
+
 // This is called by foundMimeType, since it knows the mimetype of the URL
 pid_t KRun::runURL( const KURL& u, const QString& _mimetype, bool tempFile, bool runExecutables )
@@ -100,6 +116,5 @@ pid_t KRun::runURL( const KURL& u, const
       return KDEDesktopMimeType::run( u, true );
   }
-  else if ( _mimetype == "application/x-executable"  ||
-            _mimetype == "application/x-shellscript")
+  else if ( isExecutableFile(u, _mimetype) )
   {
     if ( u.isLocalFile() && runExecutables)

--- kdelibs/mimetypes/application/Makefile.am  #1.119:1.120
@@ -8,5 +8,5 @@
         x-gzpostscript.desktop postscript.desktop octet-stream.desktop \
         x-shellscript.desktop x-desktop.desktop \
-        x-executable.desktop x-archive.desktop x-lha.desktop \
+        x-executable.desktop x-executable-script.desktop x-archive.desktop x-lha.desktop \
         x-tbz.desktop x-tgz.desktop x-awk.desktop \
         x-perl.desktop x-perl-module.desktop x-compress.desktop x-cpio.desktop \

--- kdelibs/mimetypes/application/x-javascript.desktop  #1.5:1.6
@@ -9,4 +9,3 @@
 Comment[ta]=ஜாவா மூலக் கோப்பு
 Comment[xx]=xxJavaScript Filexx
-X-KDE-IsAlso=text/plain
-
+X-KDE-IsAlso=application/x-executable-script

--- kdelibs/mimetypes/application/x-msdos-program.desktop  #1.56:1.57
@@ -63,4 +63,5 @@
 Type=MimeType
 MimeType=application/x-msdos-program
+X-KDE-IsAlso=application/x-executable
 [Property::X-KDE-NativeExtension]
 Type=QString

--- kdelibs/mimetypes/application/x-perl.desktop  #1.211:1.212
@@ -69,5 +69,5 @@
 MimeType=application/x-perl
 Patterns=*.pl;*.PL;*.perl;*.PERL
-X-KDE-IsAlso=text/plain
+X-KDE-IsAlso=application/x-executable-script
 
 [Property::X-KDE-text]

--- kdelibs/mimetypes/application/x-python-bytecode.desktop  #1.215:1.216
@@ -64,2 +64,3 @@
 Comment[zh_TW]=Python 位元碼
 Comment[zu]=Ikhodi le-byte le-Python
+X-KDE-IsAlso=application/x-executable

--- kdelibs/mimetypes/application/x-python.desktop  #1.212:1.213
@@ -68,5 +68,5 @@
 Icon=source_py
 Patterns=*.py;
-X-KDE-IsAlso=text/plain
+X-KDE-IsAlso=application/x-executable-script
 
 [Property::X-KDE-text]

--- kdelibs/mimetypes/application/x-ruby.desktop  #1.48:1.49
@@ -58,4 +58,5 @@
 MimeType=application/x-ruby
 Patterns=*.rb;*.RB;*.ruby;*.RUBY
+X-KDE-IsAlso=application/x-executable-script
 
 [Property::X-KDE-text]

--- kdelibs/mimetypes/application/x-shellscript.desktop  #1.237:1.238
@@ -67,5 +67,5 @@
 MimeType=application/x-shellscript
 Patterns=*.sh;*.csh
-X-KDE-IsAlso=text/plain
+X-KDE-IsAlso=application/x-executable-script
 
 [Property::X-KDE-text]





More information about the Kde-bindings mailing list