Overview

File 0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch of Package kde-cli-tools5.openSUSE_Leap_42.1_Update

From 5eda179a099ba68a20dc21dc0da63e85a565a171 Mon Sep 17 00:00:00 2001
From: Martin Sandsmark <martin.sandsmark@kde.org>
Date: Fri, 9 Sep 2016 09:05:57 +0200
Subject: [PATCH] Make sure people are not trying to sneak invisible characters
 on the kdesu label

i18n: Sorry for the new string

CCMAIL: kde-i18n-doc@kde.org
---
 kdesu/kdesu.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

Index: kde-cli-tools-5.5.5/kdesu/kdesu.cpp
===================================================================
--- kde-cli-tools-5.5.5.orig/kdesu/kdesu.cpp
+++ kde-cli-tools-5.5.5/kdesu/kdesu.cpp
@@ -146,6 +146,10 @@ int main(int argc, char *argv[])
     {
         KMessageBox::sorry(0, i18n("Cannot execute command '%1'.", QString::fromUtf8(command)));
     }
+    if (result == -2)
+    {
+        KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains invalid characters.", QString::fromLocal8Bit(command)));
+    }
 
     return result;
 }
@@ -371,6 +375,12 @@ static int startApp(QCommandLineParser&
         qDebug() << "Don't need password!!\n";
     }
 
+    for (const QChar character : QString::fromLocal8Bit(command)) {
+        if (!character.isPrint() && character.category() != QChar::Other_Surrogate) {
+            return -2;
+        }
+    }
+
     // Start the dialog
     QString password;
     if (needpw)
openSUSE Build Service is sponsored by
Places