AW: KConfig and $HOME

Nhuh Put nhuh.put at web.de
Wed Oct 17 16:54:48 BST 2007


> Von: Oswald Buddenhagen
> Gesendet: Mittwoch, 17. Oktober 2007 12:10
> An: kde-core-devel at kde.org
> Betreff: Re: KConfig and $HOME
> 
> On Wed, Oct 17, 2007 at 04:33:06AM -0500, Thomas Braxton wrote:
> > I also changed readEntry<QString>/readEntry<QStringList> to behave
> > like KDE3 and expand env vars if [$e] was specified.
> >
> why only the QString variants? *all* readEntry variants should
> understand [$e] - and this is also the kde3 behavior (except for the
> *Untranslated variants, but this is most probably not intentional).
> 
> there is some confusion with [$e] vs. list handling.
> - kde3 expands before splitting. this may lead to spurious splits.
> - your code expands after splitting. this makes scripting lists
>   impossible. also, shell statements containing the separator char will
>   be torn apart, which is highly unexpected.
> 

I would really like to remove the possibility to execute shell statements and stick to environment variables. It's very hard to get it platform independent and I can't find any places where it's actually used or could be used. It's also a security problem, because next nobody will expect the possibility to run code in config files. Also, except for $HOME, there is no real write support, you have to edit the config files manually afaik. 
And about parsing expand statements in the normal readEntry methods, I also don't really like it. It will only lead to unexpected and inconsistent behaviour. If expansion is needed, readPathEntry can be used.

> i think the proper solution is expanding first and introducing an
> additional escape to separator-quote the expanded string:
> 
> $ export VAR="foo;bar"
> $ cat foorc
> # note that this contains additional low-level quoting
> # "foo" "bar"
> ListKey1[$e]=$VAR
> # "foo" "bar"
> ListKey2[$e]=$(echo "foo;bar")
> # "foo;bar"
> ListKey3[$e]=$\\VAR
> # "foo;bar"
> ListKey4[$e]=$\\(echo "foo;bar")
> 
> --
> Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
> --
> Chaos, panic, and disorder - my work here is done.





More information about the kde-core-devel mailing list