Review Request: Fix sanitization of dbus path in KMainWindow

Matthew Woehlke mw_triad at users.sourceforge.net
Fri Aug 14 17:24:59 BST 2009


Matthew Woehlke wrote:
> As pointed out by Thomas L├╝bking (
> http://permalink.gmane.org/gmane.comp.kde.devel.general/58749 ),
> KMainWindow attempts to sanitize what it will allow in the dbus path.
> However as written it would allow the illegal characters "." and "-"
> to be passed through.

Ping?

Forgetting the intricasies of appName, KMainWindow currently applies the 
following sanitization to objectName():

<replace QChar where !isLetterOrNumber with '_'>

This is wrong because it would allow the illegal characters '.' and '-' 
to pass through. This should either be fixed, or else removed entirely 
on the theory that objectName() can't be invalid to begin with.

Can we please either agree to approve the patch on that basis, or give a 
good reason why it should not be applied? (Rather than leaving the patch 
in perpetual limbo...)

Please do not discuss other questions about the dbus path here; I 
created a different thread[1] for those issues.

1: http://permalink.gmane.org/gmane.comp.kde.devel.general/58753

-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
  ,= ,-_-. =.    Freedom to Use
((_/)o o(\_))  Freedom to Examine
  `-'(. .)`-'  Freedom to Share
      \_/     Freedom to Improve





More information about the kde-core-devel mailing list