Review Request: Fix sanitization of dbus path in KMainWindow
Matthew Woehlke
mw_triad at users.sourceforge.net
Fri Aug 14 17:24:59 BST 2009
Matthew Woehlke wrote:
> As pointed out by Thomas Lübking (
> http://permalink.gmane.org/gmane.comp.kde.devel.general/58749 ),
> KMainWindow attempts to sanitize what it will allow in the dbus path.
> However as written it would allow the illegal characters "." and "-"
> to be passed through.
Ping?
Forgetting the intricasies of appName, KMainWindow currently applies the
following sanitization to objectName():
<replace QChar where !isLetterOrNumber with '_'>
This is wrong because it would allow the illegal characters '.' and '-'
to pass through. This should either be fixed, or else removed entirely
on the theory that objectName() can't be invalid to begin with.
Can we please either agree to approve the patch on that basis, or give a
good reason why it should not be applied? (Rather than leaving the patch
in perpetual limbo...)
Please do not discuss other questions about the dbus path here; I
created a different thread[1] for those issues.
1: http://permalink.gmane.org/gmane.comp.kde.devel.general/58753
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
,= ,-_-. =. Freedom to Use
((_/)o o(\_)) Freedom to Examine
`-'(. .)`-' Freedom to Share
\_/ Freedom to Improve
More information about the kde-core-devel
mailing list