Review Request 129844: KRun: deprecate runUrl() in favor of runUrl() with RunFlags
Elvis Angelaccio
elvis.angelaccio at kde.org
Tue Jan 17 22:31:12 UTC 2017
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129844/
-----------------------------------------------------------
(Updated Jan. 17, 2017, 10:31 p.m.)
Status
------
This change has been marked as submitted.
Review request for KDE Frameworks, Albert Astals Cid and David Faure.
Changes
-------
Submitted with commit 500c20fdd2857d8af2905821e0efb6dbdabe55e8 by Elvis Angelaccio to branch master.
Repository: kio
Description
-------
CVE-2017-5330 shows that `runExecutables = true` can be a dangerous
default for the runUrl() function. We cannot change the default value to
false (while BIC, it would be a change of behavior), so we deprecate the
current runUrl() function in favor of a new runUrl() with a RunFlags
argument replacing the `tempFile` and `runExecutables` arguments.
This new argument cannot take a default value, otherwise the two
runUrl() signatures would be ambiguous and existing code
would not compile.
Diffs
-----
src/widgets/krun.h 889642160ad960dd7e43d1c6dad2a6f2133e17bf
src/widgets/krun.cpp d04a4825e5ea696c1072054c39dc11cc9e5c63f5
Diff: https://git.reviewboard.kde.org/r/129844/diff/
Testing
-------
Builds, tests pass.
Thanks,
Elvis Angelaccio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170117/3b096b7f/attachment.html>
More information about the Kde-frameworks-devel
mailing list