[pim/korganizer] /: Remove support for procedure alarms
Volker Krause
null at kde.org
Wed Oct 6 19:27:39 BST 2021
Git commit c2c993e4b32d2b0c3ce45d9449c873058cfa6bd0 by Volker Krause.
Committed on 06/10/2021 at 16:07.
Pushed by vkrause into branch 'master'.
Remove support for procedure alarms
That is, executing a program specified in the iCal alarm. This is outright
dangerous in the context of shared calendars, as it allows externally
controlled content to run code on your local machine.
Procedure alarms are now treated just like regular alarms.
KAlarm still implements this functionality in combination with safe local
calendars, in case someone really can't live without it.
M +2 -5 doc/index.docbook
M +2 -14 korgac/alarmdialog.cpp
https://invent.kde.org/pim/korganizer/commit/c2c993e4b32d2b0c3ce45d9449c873058cfa6bd0
diff --git a/doc/index.docbook b/doc/index.docbook
index 235db4fb8..604333ab2 100644
--- a/doc/index.docbook
+++ b/doc/index.docbook
@@ -1298,11 +1298,8 @@ automatically.</para></listitem>
<para>Use the <guibutton>Configure</guibutton> button to open the
<guilabel>Edit existing reminder</guilabel> dialog. Using this dialog, you can choose
how many minutes, hours or days before or after the events start or end you want to be reminded, you can set
-repeating intervals for your reminders, and create special reminders that display text, send emails, play
-sounds or run programs and scripts.</para>
-<tip><para>If you select to run a specific program or script at the reminder time,
-make sure, however, that you have sufficient rights to run that
-program; if you do not, the program will not run.</para></tip>
+repeating intervals for your reminders, and create special reminders that display text, send emails or play
+sounds.</para>
</listitem>
</varlistentry>
diff --git a/korgac/alarmdialog.cpp b/korgac/alarmdialog.cpp
index c2bd97bc5..61a22fae4 100644
--- a/korgac/alarmdialog.cpp
+++ b/korgac/alarmdialog.cpp
@@ -637,21 +637,9 @@ void AlarmDialog::eventNotification()
Alarm::List::ConstIterator ait;
for (ait = alarms.constBegin(); ait != alarms.constEnd(); ++ait) {
Alarm::Ptr alarm = *ait;
+ // we intentionally ignore Alarm::Procedure here, as that is insecure in the presence of shared calendars
// FIXME: Check whether this should be done for all multiple alarms
- if (alarm->type() == Alarm::Procedure) {
- // FIXME: Add a message box asking whether the procedure should really be executed
- qCDebug(KOALARMCLIENT_LOG) << "Starting program: '" << alarm->programFile() << "'";
-
- QString program = alarm->programFile();
-
- // if the program name contains spaces escape it
- if (program.contains(QLatin1Char(' ')) && !(program.startsWith(QLatin1Char('\"')) && program.endsWith(QLatin1Char('\"')))) {
- program = QLatin1Char('\"') + program + QLatin1Char('\"');
- }
-
- // TODO move alarm->programArguments() as argument of QProcess API ?
- QProcess::startDetached(program + QLatin1Char(' ') + alarm->programArguments(), QStringList());
- } else if (alarm->type() == Alarm::Audio) {
+ if (alarm->type() == Alarm::Audio) {
beeped = true;
Phonon::MediaObject *player = Phonon::createPlayer(Phonon::NotificationCategory, QUrl::fromLocalFile(alarm->audioFile()));
player->setParent(this);
More information about the kde-doc-english
mailing list