Review Request: Fix sanitization of dbus path in KMainWindow

Matthew Woehlke mw_triad at users.sourceforge.net
Tue Aug 18 01:15:58 BST 2009


Thomas L├╝bking wrote:
> static inline bool isIdentifier(char c)
> {  // the order btw is [a-zA-Z_0-9]
>     return (c > 96 && c < 123) || (c > 64 && c < 91) ||
>                c == '_' || (c > 47 && c < 58);
> }

...did I mention yet I think this should be in QChar? :-)

> QByteArray ascii = o.objectName().toAscii();
> const int n = ascii.length();
> const char *data = ascii.data();
> for (int i = 0; i <  n; ++i)
>    qDebug() << isIdentifier(data[i]);

Okay, well you beat Thiago to it... (and me griping about laziness, 
even). How about this? (Mind the broken line-wrapping.)

Index: widgets/kmainwindow.cpp
===================================================================
--- widgets/kmainwindow.cpp     (revision 1012587)
+++ widgets/kmainwindow.cpp     (working copy)
@@ -306,6 +306,12 @@
      return false;
  }

+static bool isIdentifier(char c)
+{  // the order btw is [a-zA-Z_0-9]
+    return (c > 96 && c < 123) || (c > 64 && c < 91) ||
+               c == '_' || (c > 47 && c < 58);
+}
+
  void KMainWindowPrivate::polish(KMainWindow *q)
  {
      // Set a unique object name. Required by session management, 
window management, and for the dbus interface.
@@ -363,11 +369,11 @@
      q->winId(); // workaround for setWindowRole() crashing, and set 
also window role, just in case TT
      q->setWindowRole( s ); // will keep insisting that object name 
suddenly should not be used for window role

-    QString pathname = q->objectName();
+    QString pathname = QString( q->objectName().toAscii() );
      // Clean up for dbus usage: any non-alphanumeric char should be 
turned into '_'
      const int len = pathname.length();
      for ( int i = 0; i < len; ++i ) {
-        if ( !( pathname[i].isLetter() || pathname[i].isDigit() ) )
+        if ( !isIdentifier( pathname[i].toAscii() ) )
              pathname[i] = QLatin1Char('_');
      }
      pathname = '/' + qApp->applicationName() + '/' + pathname;


-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
Some people are like Slinkies... not really good for anything, but they 
still bring a smile to your face when you push them down a flight of 
stairs. -- Gordon Wolfe





More information about the kde-core-devel mailing list