Review Request 129844: KRun: deprecate runUrl() in favor of runUrl() with RunFlags

Elvis Angelaccio elvis.angelaccio at kde.org
Sun Jan 15 20:46:03 UTC 2017


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129844/
-----------------------------------------------------------

Review request for KDE Frameworks.


Repository: kio


Description
-------

CVE-2017-5330 shows that `runExecutables = true` can be a dangerous
default for the runUrl() function. We cannot change the default value to
false (while BIC, it would be a change of behavior), so we deprecate the
current runUrl() function in favor of a new runUrl() with a RunFlags
argument replacing the `tempFile` and `runExecutables` arguments.

This new argument cannot take a default value, otherwise the two
runUrl() signatures would be ambiguous and existing code
would not compile.


Diffs
-----

  src/widgets/krun.h 889642160ad960dd7e43d1c6dad2a6f2133e17bf 
  src/widgets/krun.cpp d04a4825e5ea696c1072054c39dc11cc9e5c63f5 

Diff: https://git.reviewboard.kde.org/r/129844/diff/


Testing
-------


Thanks,

Elvis Angelaccio

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170115/c42a5164/attachment.html>


More information about the Kde-frameworks-devel mailing list