Mercurial Repositories > eric / changeset
changeset
The last security fix has been redone to better comply with the old behavior but improving security.
Sun, 16 Oct 2011 13:35:19 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Sun, 16 Oct 2011 13:35:19 +0200
- changeset 1367
- a652a6794953
- parent 1366
- f2e7957924cb
- child 1368
- 4489ee4feb59
The last security fix has been redone to better comply with the old behavior but improving security.
--- a/Helpviewer/Network/NetworkAccessManager.py Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/Network/NetworkAccessManager.py Sun Oct 16 13:35:19 2011 +0200 @@ -245,10 +245,9 @@ certinfos.append(self.__certToString(cert)) ret = E5MessageBox.yesNo(None, self.trUtf8("Certificates"), - self.trUtf8("""Certificates:\n\n{0}\n\n""" - """Do you want to accept all these certificates?""")\ - .format("\n\n".join(certinfos)), - textFormat=Qt.PlainText) + self.trUtf8("""<p>Certificates:<br/>{0}<br/>""" + """Do you want to accept all these certificates?</p>""")\ + .format("".join(certinfos))) if ret: if server not in caMerge: caMerge[server] = [] @@ -288,23 +287,25 @@ @param cert certificate to convert (QSslCertificate) @return formatted string (string) """ - result = "" + result = "<p>" result += self.trUtf8("Name: {0}")\ - .format(Utilities.decodeString( - cert.subjectInfo(QSslCertificate.CommonName))) + .format(Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.CommonName)))) - result += self.trUtf8("\nOrganization: {0}")\ - .format(Utilities.decodeString( - cert.subjectInfo(QSslCertificate.Organization))) + result += self.trUtf8("<br/>Organization: {0}")\ + .format(Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.Organization)))) - result += self.trUtf8("\nIssuer: {0}")\ - .format(Utilities.decodeString( - cert.issuerInfo(QSslCertificate.CommonName))) + result += self.trUtf8("<br/>Issuer: {0}")\ + .format(Qt.escape(Utilities.decodeString( + cert.issuerInfo(QSslCertificate.CommonName)))) - result += self.trUtf8("\nNot valid before: {0}\nValid Until: {1}")\ - .format(cert.effectiveDate().toString("yyyy-MM-dd"), - cert.expiryDate().toString("yyyy-MM-dd")) + result += self.trUtf8("<br/>Not valid before: {0}<br/>Valid Until: {1}")\ + .format(Qt.escape(cert.effectiveDate().toString("yyyy-MM-dd")), + Qt.escape(cert.expiryDate().toString("yyyy-MM-dd"))) + + result += "</p>" return result
--- a/Helpviewer/SslCertificatesDialog.py Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/SslCertificatesDialog.py Sun Oct 16 13:35:19 2011 +0200 @@ -67,15 +67,15 @@ @param cert certificate to insert (QSslCertificate) """ # step 1: extract the info to be shown - organisation = Utilities.decodeString( - cert.subjectInfo(QSslCertificate.Organization)) + organisation = Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.Organization))) if organisation is None or organisation == "": organisation = self.trUtf8("(Unknown)") - commonName = Utilities.decodeString( - cert.subjectInfo(QSslCertificate.CommonName)) + commonName = Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.CommonName))) if commonName is None or commonName == "": commonName = self.trUtf8("(Unknown common name)") - expiryDate = cert.expiryDate().toString("yyyy-MM-dd") + expiryDate = Qt.escape(cert.expiryDate().toString("yyyy-MM-dd")) # step 2: create the entry items = self.serversCertificatesTree.findItems(organisation, @@ -249,15 +249,15 @@ @param cert certificate to insert (QSslCertificate) """ # step 1: extract the info to be shown - organisation = Utilities.decodeString( - cert.subjectInfo(QSslCertificate.Organization)) + organisation = Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.Organization))) if organisation is None or organisation == "": organisation = self.trUtf8("(Unknown)") - commonName = Utilities.decodeString( - cert.subjectInfo(QSslCertificate.CommonName)) + commonName = Qt.escape(Utilities.decodeString( + cert.subjectInfo(QSslCertificate.CommonName))) if commonName is None or commonName == "": commonName = self.trUtf8("(Unknown common name)") - expiryDate = cert.expiryDate().toString("yyyy-MM-dd") + expiryDate = Qt.escape(cert.expiryDate().toString("yyyy-MM-dd")) # step 2: create the entry items = self.caCertificatesTree.findItems(organisation,
--- a/Helpviewer/SslInfoDialog.py Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/SslInfoDialog.py Sun Oct 16 13:35:19 2011 +0200 @@ -7,7 +7,7 @@ Module implementing a dialog to show SSL certificate infos. """ -from PyQt4.QtCore import QCryptographicHash, QDateTime +from PyQt4.QtCore import QCryptographicHash, QDateTime, Qt from PyQt4.QtGui import QDialog from PyQt4.QtNetwork import QSslCertificate @@ -50,8 +50,10 @@ certificate.issuerInfo(QSslCertificate.Organization))) self.issuerOrganizationalUnitLabel.setText(self.__certificateString( certificate.issuerInfo(QSslCertificate.OrganizationalUnitName))) - self.effectiveLabel.setText(certificate.effectiveDate().toString("yyyy-MM-dd")) - self.expiresLabel.setText(certificate.expiryDate().toString("yyyy-MM-dd")) + self.effectiveLabel.setText(Qt.escape( + certificate.effectiveDate().toString("yyyy-MM-dd"))) + self.expiresLabel.setText(Qt.escape( + certificate.expiryDate().toString("yyyy-MM-dd"))) self.sha1Label.setText(self.__formatHexString( str(certificate.digest(QCryptographicHash.Sha1).toHex(), encoding="ascii"))) self.md5Label.setText(self.__formatHexString( @@ -74,7 +76,7 @@ if txt is None or txt == "": return self.trUtf8("<not part of the certificate>") - return Utilities.decodeString(txt) + return Qt.escape(Utilities.decodeString(txt)) def __serialNumber(self, cert): """ @@ -110,7 +112,7 @@ hexList.append(hexString[:2]) hexString = hexString[2:] - return ':'.join(hexList) + return Qt.escape(':'.join(hexList)) def __hasExpired(self, effectiveDate, expiryDate): """
--- a/Helpviewer/SslInfoDialog.ui Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/SslInfoDialog.ui Sun Oct 16 13:35:19 2011 +0200 @@ -24,9 +24,6 @@ <property name="text"> <string>This certificated has been blacklisted.</string> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="1" column="0" colspan="2"> @@ -54,9 +51,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="3" column="0"> @@ -77,9 +71,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="4" column="0"> @@ -100,9 +91,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="5" column="0"> @@ -123,9 +111,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="6" column="0" colspan="2"> @@ -153,9 +138,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="8" column="0"> @@ -176,9 +158,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="9" column="0"> @@ -199,9 +178,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="10" column="0" colspan="2"> @@ -229,9 +205,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="12" column="0"> @@ -252,9 +225,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="13" column="0" colspan="2"> @@ -262,9 +232,6 @@ <property name="text"> <string>This certificate is not valid yet or has expired.</string> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="14" column="0" colspan="2"> @@ -292,9 +259,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> <item row="16" column="0"> @@ -315,9 +279,6 @@ <property name="text"> <string/> </property> - <property name="textFormat"> - <enum>Qt::PlainText</enum> - </property> </widget> </item> </layout>
--- a/Helpviewer/UrlBar/SslLabel.py Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/UrlBar/SslLabel.py Sun Oct 16 13:35:19 2011 +0200 @@ -30,7 +30,6 @@ self.setFocusPolicy(Qt.NoFocus) self.setCursor(Qt.ArrowCursor) - self.setTextFormat(Qt.PlainText) def mouseReleaseEvent(self, evt): """
--- a/Helpviewer/UrlBar/UrlBar.py Wed Oct 12 19:39:30 2011 +0200 +++ b/Helpviewer/UrlBar/UrlBar.py Sun Oct 16 13:35:19 2011 +0200 @@ -146,11 +146,11 @@ QSslCertificate is not None: sslInfo = self.__browser.page().getSslInfo() if sslInfo is not None: - org = Utilities.decodeString( - sslInfo.subjectInfo(QSslCertificate.Organization)) + org = Qt.escape(Utilities.decodeString( + sslInfo.subjectInfo(QSslCertificate.Organization))) if org == "": - cn = Utilities.decodeString( - sslInfo.subjectInfo(QSslCertificate.CommonName)) + cn = Qt.escape(Utilities.decodeString( + sslInfo.subjectInfo(QSslCertificate.CommonName))) if cn != "": org = cn.split(".", 1)[1] if org == "":
