Review Request 129844: KRun: deprecate runUrl() in favor of runUrl() with RunFlags
Elvis Angelaccio
elvis.angelaccio at kde.org
Sun Jan 15 20:46:03 UTC 2017
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129844/
-----------------------------------------------------------
Review request for KDE Frameworks.
Repository: kio
Description
-------
CVE-2017-5330 shows that `runExecutables = true` can be a dangerous
default for the runUrl() function. We cannot change the default value to
false (while BIC, it would be a change of behavior), so we deprecate the
current runUrl() function in favor of a new runUrl() with a RunFlags
argument replacing the `tempFile` and `runExecutables` arguments.
This new argument cannot take a default value, otherwise the two
runUrl() signatures would be ambiguous and existing code
would not compile.
Diffs
-----
src/widgets/krun.h 889642160ad960dd7e43d1c6dad2a6f2133e17bf
src/widgets/krun.cpp d04a4825e5ea696c1072054c39dc11cc9e5c63f5
Diff: https://git.reviewboard.kde.org/r/129844/diff/
Testing
-------
Thanks,
Elvis Angelaccio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170115/c42a5164/attachment.html>
More information about the Kde-frameworks-devel
mailing list