[rkward/releases/0.6.4] rkward/windows: In light of recent discussion on mailing list, make it explicit that opening a plugin from a link should never allow the plugin to be auto-submitted.
Thomas Friedrichsmeier
thomas.friedrichsmeier at ruhr-uni-bochum.de
Sun Dec 6 12:27:19 UTC 2015
Git commit 6ffa2e638b0883de15ab64c147a276c643426d8b by Thomas Friedrichsmeier.
Committed on 06/12/2015 at 12:26.
Pushed by tfry into branch 'releases/0.6.4'.
In light of recent discussion on mailing list, make it explicit that opening a plugin from a link should never allow the plugin to be auto-submitted.
M +2 -1 rkward/windows/rkhtmlwindow.cpp
http://commits.kde.org/rkward/6ffa2e638b0883de15ab64c147a276c643426d8b
diff --git a/rkward/windows/rkhtmlwindow.cpp b/rkward/windows/rkhtmlwindow.cpp
index 7beb153..b5ecbf5 100644
--- a/rkward/windows/rkhtmlwindow.cpp
+++ b/rkward/windows/rkhtmlwindow.cpp
@@ -324,7 +324,8 @@ bool RKHTMLWindow::handleRKWardURL (const KUrl &url, RKHTMLWindow *window) {
QString path = url.path ();
if (path.startsWith ('/')) path = path.mid (1);
int sep = path.indexOf ('/');
- RKComponentMap::invokeComponent (path.left (sep), path.mid (sep+1).split ('\n', QString::SkipEmptyParts));
+ // NOTE: These links may originate externally, even from untrusted sources. The submit mode *must* remain "ManualSubmit" for this reason!
+ RKComponentMap::invokeComponent (path.left (sep), path.mid (sep+1).split ('\n', QString::SkipEmptyParts), RKComponentMap::ManualSubmit);
return true;
} else {
if (url.host () == "rhelp") {
More information about the rkward-tracker
mailing list