Big documentation shortcoming: QString::arg()
qt-bugs at trolltech.com
qt-bugs at trolltech.com
Wed Jul 10 20:29:25 BST 2002
On Mittwoch, 10 Jul 2002 19:56, Marc Mutz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> Code using multiple QString::arg()'s on a string sequentially can be
> tricked into replacing the wrong parts of texts. If :arg() is used to
> insert (multiple) "user-supplied" strings, then the resulting program
> may be vulnerable to quite a few attacks. A simple test program is
> attached. Try e.g.
> $ testqstring '%1 first text' 'second text'
> 1: s == 1: %1 first text; 2: %2
> 2: s == 1: second text first text; 2:
>
> This is particularly dangerous if this mechnism is used to construct
> command lines to be executed.
> Of course, a careful programmer will never use arg() for this and always
> check the to-be-inserted strings for "%n" and warn if one is found, but
> nonetheless a big fat warning in the documentation of QString::arg()
> should be in order.
>
> Thanks,
> Marc
>
Hi Marc,
I'm afraid this is a bit beyond the scope of the Qt documentation, which is
supposed to explain the purpose of a function and how to use it rather than
the dangers of a function in certain circumstances. We would have to add
big fat warnings in the documentation for every destructor (a'la warning:
calling the destructor deletes the object and may crash your application),
which would definitely not look very nice.
Best regards,
Volker
--
Volker Hilsheimer, Support Manager
Trolltech AS, Waldemar Thranes gt. 98, N-0175 Oslo, Norway
More information about the kde-core-devel
mailing list