Mercurial Repositories > eric / changeset
changeset
Fixed a security issue using QLabel for showing SSL certificate infos without setting the label's text format to Qt.PlainText.
Wed, 12 Oct 2011 19:39:30 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Wed, 12 Oct 2011 19:39:30 +0200
- changeset 1366
- f2e7957924cb
- parent 1365
- 8f8cad8f989e
- child 1367
- a652a6794953
Fixed a security issue using QLabel for showing SSL certificate infos without setting the label's text format to Qt.PlainText.
--- a/APIs/Python3/eric5.api Mon Oct 10 18:54:15 2011 +0200 +++ b/APIs/Python3/eric5.api Wed Oct 12 19:39:30 2011 +0200 @@ -1256,11 +1256,11 @@ eric5.E5Gui.E5MessageBox.aboutQt?7 eric5.E5Gui.E5MessageBox.critical?4(parent, title, text, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton) eric5.E5Gui.E5MessageBox.information?4(parent, title, text, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton) -eric5.E5Gui.E5MessageBox.okToClearData?4(parent, title, text, saveFunc) +eric5.E5Gui.E5MessageBox.okToClearData?4(parent, title, text, saveFunc, textFormat=Qt.AutoText) eric5.E5Gui.E5MessageBox.question?4(parent, title, text, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton) -eric5.E5Gui.E5MessageBox.retryAbort?4(parent, title, text, icon=Question) +eric5.E5Gui.E5MessageBox.retryAbort?4(parent, title, text, icon=Question, textFormat=Qt.AutoText) eric5.E5Gui.E5MessageBox.warning?4(parent, title, text, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton) -eric5.E5Gui.E5MessageBox.yesNo?4(parent, title, text, icon=Question, yesDefault=False) +eric5.E5Gui.E5MessageBox.yesNo?4(parent, title, text, icon=Question, yesDefault=False, textFormat=Qt.AutoText) eric5.E5Gui.E5ModelMenu.E5ModelMenu.activated?7 eric5.E5Gui.E5ModelMenu.E5ModelMenu.createBaseMenu?4() eric5.E5Gui.E5ModelMenu.E5ModelMenu.createMenu?4(parent, max_, parentMenu=None, menu=None)
--- a/Documentation/Source/eric5.E5Gui.E5MessageBox.html Mon Oct 10 18:54:15 2011 +0200 +++ b/Documentation/Source/eric5.E5Gui.E5MessageBox.html Wed Oct 12 19:39:30 2011 +0200 @@ -120,7 +120,7 @@ <hr /><hr /> <a NAME="__messageBox" ID="__messageBox"></a> <h2>__messageBox</h2> -<b>__messageBox</b>(<i>parent, title, text, icon, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton</i>) +<b>__messageBox</b>(<i>parent, title, text, icon, buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton, textFormat=Qt.AutoText</i>) <p> Private module function to show a modal message box. </p><dl> @@ -144,6 +144,9 @@ <dd> flag indicating the default button (QMessageBox.StandardButton) +</dd><dt><i>textFormat</i></dt> +<dd> +format of the text (Qt.TextFormat) </dd> </dl><dl> <dt>Returns:</dt> @@ -219,7 +222,7 @@ <hr /><hr /> <a NAME="okToClearData" ID="okToClearData"></a> <h2>okToClearData</h2> -<b>okToClearData</b>(<i>parent, title, text, saveFunc</i>) +<b>okToClearData</b>(<i>parent, title, text, saveFunc, textFormat=Qt.AutoText</i>) <p> Function to show a model message box to ask for clearing the data. </p><dl> @@ -236,6 +239,9 @@ <dd> reference to a function performing the save action. It must be a parameterless function returning a flag indicating success. +</dd><dt><i>textFormat</i></dt> +<dd> +format of the text (Qt.TextFormat) </dd> </dl><dl> <dt>Returns:</dt> @@ -279,7 +285,7 @@ <hr /><hr /> <a NAME="retryAbort" ID="retryAbort"></a> <h2>retryAbort</h2> -<b>retryAbort</b>(<i>parent, title, text, icon=Question</i>) +<b>retryAbort</b>(<i>parent, title, text, icon=Question, textFormat=Qt.AutoText</i>) <p> Function to show a model abort/retry message box. </p><dl> @@ -295,6 +301,9 @@ </dd><dt><i>icon=</i></dt> <dd> icon for the dialog (Critical, Information, Question or Warning) +</dd><dt><i>textFormat</i></dt> +<dd> +format of the text (Qt.TextFormat) </dd> </dl><dl> <dt>Returns:</dt> @@ -338,7 +347,7 @@ <hr /><hr /> <a NAME="yesNo" ID="yesNo"></a> <h2>yesNo</h2> -<b>yesNo</b>(<i>parent, title, text, icon=Question, yesDefault=False</i>) +<b>yesNo</b>(<i>parent, title, text, icon=Question, yesDefault=False, textFormat=Qt.AutoText</i>) <p> Function to show a model yes/no message box. </p><dl> @@ -358,6 +367,9 @@ <dd> flag indicating that the Yes button should be the default button (boolean) +</dd><dt><i>textFormat</i></dt> +<dd> +format of the text (Qt.TextFormat) </dd> </dl><dl> <dt>Returns:</dt>
--- a/E5Gui/E5MessageBox.py Mon Oct 10 18:54:15 2011 +0200 +++ b/E5Gui/E5MessageBox.py Wed Oct 12 19:39:30 2011 +0200 @@ -101,7 +101,8 @@ def __messageBox(parent, title, text, icon, - buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton): + buttons=QMessageBox.Ok, defaultButton=QMessageBox.NoButton, + textFormat=Qt.AutoText): """ Private module function to show a modal message box. @@ -113,6 +114,7 @@ (QMessageBox.StandardButtons) @param defaultButton flag indicating the default button (QMessageBox.StandardButton) + @param textFormat format of the text (Qt.TextFormat) @return button pressed by the user (QMessageBox.StandardButton) """ messageBox = QMessageBox(parent) @@ -125,6 +127,7 @@ else: messageBox.setWindowTitle("{0} - {1}".format( QApplication.applicationName(), title)) + messageBox.setTextFormat(textFormat) messageBox.setText(text) messageBox.setStandardButtons(buttons) messageBox.setDefaultButton(defaultButton) @@ -216,7 +219,7 @@ ################################################################################ -def yesNo(parent, title, text, icon=Question, yesDefault=False): +def yesNo(parent, title, text, icon=Question, yesDefault=False, textFormat=Qt.AutoText): """ Function to show a model yes/no message box. @@ -226,17 +229,19 @@ @keyparam icon icon for the dialog (Critical, Information, Question or Warning) @keyparam yesDefault flag indicating that the Yes button should be the default button (boolean) + @param textFormat format of the text (Qt.TextFormat) @return flag indicating the selection of the Yes button (boolean) """ assert icon in [Critical, Information, Question, Warning] res = __messageBox(parent, title, text, icon, - QMessageBox.StandardButtons(QMessageBox.Yes | QMessageBox.No), - yesDefault and QMessageBox.Yes or QMessageBox.No) + QMessageBox.StandardButtons(QMessageBox.Yes | QMessageBox.No), + yesDefault and QMessageBox.Yes or QMessageBox.No, + textFormat) return res == QMessageBox.Yes -def retryAbort(parent, title, text, icon=Question): +def retryAbort(parent, title, text, icon=Question, textFormat=Qt.AutoText): """ Function to show a model abort/retry message box. @@ -244,17 +249,19 @@ @param title caption of the message box (string) @param text text to be shown by the message box (string) @keyparam icon icon for the dialog (Critical, Information, Question or Warning) + @param textFormat format of the text (Qt.TextFormat) @return flag indicating the selection of the Retry button (boolean) """ assert icon in [Critical, Information, Question, Warning] res = __messageBox(parent, title, text, icon, - QMessageBox.StandardButtons(QMessageBox.Retry | QMessageBox.Abort), - QMessageBox.Retry) + QMessageBox.StandardButtons(QMessageBox.Retry | QMessageBox.Abort), + QMessageBox.Retry, + textFormat) return res == QMessageBox.Retry -def okToClearData(parent, title, text, saveFunc): +def okToClearData(parent, title, text, saveFunc, textFormat=Qt.AutoText): """ Function to show a model message box to ask for clearing the data. @@ -263,12 +270,14 @@ @param text text to be shown by the message box (string) @param saveFunc reference to a function performing the save action. It must be a parameterless function returning a flag indicating success. + @param textFormat format of the text (Qt.TextFormat) @return flag indicating that it is ok to clear the data (boolean) """ res = __messageBox(parent, title, text, QMessageBox.Warning, - QMessageBox.StandardButtons( - QMessageBox.Abort | QMessageBox.Discard | QMessageBox.Save), - QMessageBox.Save) + QMessageBox.StandardButtons( + QMessageBox.Abort | QMessageBox.Discard | QMessageBox.Save), + QMessageBox.Save, + textFormat) if res == QMessageBox.Abort: return False if res == QMessageBox.Save:
--- a/Helpviewer/Network/NetworkAccessManager.py Mon Oct 10 18:54:15 2011 +0200 +++ b/Helpviewer/Network/NetworkAccessManager.py Wed Oct 12 19:39:30 2011 +0200 @@ -9,7 +9,7 @@ import os -from PyQt4.QtCore import pyqtSignal, QByteArray +from PyQt4.QtCore import pyqtSignal, QByteArray, Qt from PyQt4.QtGui import QDialog from PyQt4.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkReply try: @@ -245,9 +245,10 @@ certinfos.append(self.__certToString(cert)) ret = E5MessageBox.yesNo(None, self.trUtf8("Certificates"), - self.trUtf8("""<p>Certificates:<br/>{0}<br/>""" - """Do you want to accept all these certificates?</p>""")\ - .format("".join(certinfos))) + self.trUtf8("""Certificates:\n\n{0}\n\n""" + """Do you want to accept all these certificates?""")\ + .format("\n\n".join(certinfos)), + textFormat=Qt.PlainText) if ret: if server not in caMerge: caMerge[server] = [] @@ -287,26 +288,24 @@ @param cert certificate to convert (QSslCertificate) @return formatted string (string) """ - result = "<p>" + result = "" result += self.trUtf8("Name: {0}")\ .format(Utilities.decodeString( cert.subjectInfo(QSslCertificate.CommonName))) - result += self.trUtf8("<br/>Organization: {0}")\ + result += self.trUtf8("\nOrganization: {0}")\ .format(Utilities.decodeString( cert.subjectInfo(QSslCertificate.Organization))) - result += self.trUtf8("<br/>Issuer: {0}")\ + result += self.trUtf8("\nIssuer: {0}")\ .format(Utilities.decodeString( cert.issuerInfo(QSslCertificate.CommonName))) - result += self.trUtf8("<br/>Not valid before: {0}<br/>Valid Until: {1}")\ + result += self.trUtf8("\nNot valid before: {0}\nValid Until: {1}")\ .format(cert.effectiveDate().toString("yyyy-MM-dd"), cert.expiryDate().toString("yyyy-MM-dd")) - result += "</p>" - return result def __getSystemCaCertificates(self):
--- a/Helpviewer/SslInfoDialog.ui Mon Oct 10 18:54:15 2011 +0200 +++ b/Helpviewer/SslInfoDialog.ui Wed Oct 12 19:39:30 2011 +0200 @@ -24,6 +24,9 @@ <property name="text"> <string>This certificated has been blacklisted.</string> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="1" column="0" colspan="2"> @@ -51,6 +54,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="3" column="0"> @@ -71,6 +77,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="4" column="0"> @@ -91,6 +100,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="5" column="0"> @@ -111,6 +123,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="6" column="0" colspan="2"> @@ -138,6 +153,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="8" column="0"> @@ -158,6 +176,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="9" column="0"> @@ -178,6 +199,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="10" column="0" colspan="2"> @@ -205,6 +229,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="12" column="0"> @@ -225,6 +252,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="13" column="0" colspan="2"> @@ -232,6 +262,9 @@ <property name="text"> <string>This certificate is not valid yet or has expired.</string> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="14" column="0" colspan="2"> @@ -259,6 +292,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> <item row="16" column="0"> @@ -279,6 +315,9 @@ <property name="text"> <string/> </property> + <property name="textFormat"> + <enum>Qt::PlainText</enum> + </property> </widget> </item> </layout>
