Review Request: Fix sanitization of dbus path in KMainWindow

Thomas Lübking thomas.luebking at web.de
Sun Aug 16 14:15:14 BST 2009


Am Friday 14 August 2009 schrieb Matthew Woehlke:
> Forgetting the intricasies of appName, KMainWindow currently applies the
> following sanitization to objectName():
> 
> <replace QChar where !isLetterOrNumber with '_'>
> 
> This is wrong because it would allow the illegal characters '.' and '-'
> to pass through. This should either be fixed, or else removed entirely
> on the theory that objectName() can't be invalid to begin with.

simple test* says:
QObject::setObjectName() (unline the Qt designer ui editor) does /not/ 
restrict the object name *at all*, so the patch fixes a /real/ bug (and not 
just sanitizes a sane string sanitization)

Therefore please apply it to prevent apps from running into this unnecessary 
assert.

on anybodies worries: 
a) if you ever had such object name on a mainwindow it could have never been 
used w/o an assert exit
b) if QChar::isLetter() wouldn't rank "_" as letter it would be replace by "_" 
anyway

I however fear the other thread is the much more driving one.

Thomas

*code attached
-------------- next part --------------
A non-text attachment was scrubbed...
Name: objectnametest.cc
Type: text/x-c++src
Size: 212 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090816/be5b1c7c/attachment.cc>


More information about the kde-core-devel mailing list