Review Request 125648: Add method to run a script from DBus directly

David Edmundson david at davidedmundson.co.uk
Thu Oct 15 17:31:04 UTC 2015



> On Oct. 15, 2015, 5:26 p.m., Martin Klapetek wrote:
> > shell/shellcorona.cpp, line 1134
> > <https://git.reviewboard.kde.org/r/125648/diff/1/?file=411240#file411240line1134>
> >
> >     Should there be at least some basic input treatment to prevent malicious activity?
> >     
> >     Running arbitrary data without any checking seems dangerous.

>From what? 
If someone is on your session bus, they already have access to all your files, including your plasma script update folder that would run these scripts anyway.


- David


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125648/#review86888
-----------------------------------------------------------


On Oct. 15, 2015, 5:22 p.m., David Edmundson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/125648/
> -----------------------------------------------------------
> 
> (Updated Oct. 15, 2015, 5:22 p.m.)
> 
> 
> Review request for Plasma.
> 
> 
> Repository: plasma-workspace
> 
> 
> Description
> -------
> 
> loadScriptInInteractiveConsole requires user interaction which blocks
> some purposes, like setting the desktop background from an app.
> 
> This runs a given script directly from a passed string without any prompts.
> 
> 
> CCBUG: 217950
> 
> ---
> 
> Questions:
> 
> I also toyed with returning the value of a script as a QDBusVariant, thoughts?
> 
> Should I not run if widgets are locked?
> 
> 
> Diffs
> -----
> 
>   shell/dbus/org.kde.PlasmaShell.xml cf2d0bbfcdb5720bf19d42403ee8c7fd542adecd 
>   shell/shellcorona.h 0e6fe041787b2f75d791b38661b63614e27d33bf 
>   shell/shellcorona.cpp 37d05347d67b7178db4d29a1ac368aacaacf0c0a 
> 
> Diff: https://git.reviewboard.kde.org/r/125648/diff/
> 
> 
> Testing
> -------
> 
> Ran this:
> var allDesktops = desktops();
> print (allDesktops);
> 
> for (i=0;i<allDesktops.length;i++) {
>     d = allDesktops[i];
>     d.wallpaperPlugin = "org.kde.image";
>     d.currentConfigGroup = Array("Wallpaper", "org.kde.image", "General");
>     d.writeConfig("Image", "file:///home/david/pictures/Wallpapers/northern_lights-wide.jpg")
> }
> 
> 
> also ran some with errors, that behaved as expected too.
> 
> 
> Thanks,
> 
> David Edmundson
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20151015/eaf1c8d3/attachment.html>


More information about the Plasma-devel mailing list