Review Request 123724: Use QTemporaryFile instead of hardcoding /tmp.
Michael Palimaka
kensington at gentoo.org
Tue May 12 15:53:18 UTC 2015
> On May 12, 2015, 3:49 p.m., Jan Kundrát wrote:
> > Was the old code a part of some release? If yes, this should get a CVE security announcement because it allows a local attacker to e.g. force you to overwirte some of your user's files.
It looks like it was introduced in 999e774b3ce117598df2029364bd10f4347be81c and released in 0.2.0 and later.
- Michael
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/123724/#review80247
-----------------------------------------------------------
On May 12, 2015, 12:49 p.m., Michael Palimaka wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/123724/
> -----------------------------------------------------------
>
> (Updated May 12, 2015, 12:49 p.m.)
>
>
> Review request for KDE Frameworks and KDEPIM.
>
>
> Repository: kpeople
>
>
> Description
> -------
>
> Hardcoding files like this seems like a bad idea.
>
>
> Diffs
> -----
>
> autotests/persondatatests.h 30eeeb5cd647c713f1b438543a54516ced9f3ede
> autotests/persondatatests.cpp 73098d3717509ad80761bbd02000b4ce5060bbb2
> autotests/personsmodeltest.h 5b8879521f334459c4f73c2708b3368c543e40a3
> autotests/personsmodeltest.cpp b19d1baf8a2c2e617d4b6128df29fbab3b8e61a7
>
> Diff: https://git.reviewboard.kde.org/r/123724/diff/
>
>
> Testing
> -------
>
> Tests still pass.
>
>
> Thanks,
>
> Michael Palimaka
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150512/81c02892/attachment.html>
More information about the Kde-frameworks-devel
mailing list