From a7957f24bac2a6c7fea6f5f2fbfcd77b4db16fa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Mr=C3=A1zek?= Date: Thu, 15 Feb 2018 00:40:23 +0100 Subject: GH-2134 Totally overengineer skin upload input validation * It autocorrects local paths and file:// URLs to valid local paths. * It recognizes other URL schemes as 'remote' and will show an error for them. * The error dialogs have been fixed (they all had titles and content swapped). --- application/dialogs/SkinUploadDialog.cpp | 57 ++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 6 deletions(-) (limited to 'application') diff --git a/application/dialogs/SkinUploadDialog.cpp b/application/dialogs/SkinUploadDialog.cpp index 287aaf7e..93414c6e 100644 --- a/application/dialogs/SkinUploadDialog.cpp +++ b/application/dialogs/SkinUploadDialog.cpp @@ -20,14 +20,59 @@ void SkinUploadDialog::on_buttonBox_accepted() if (prog.execWithTask((Task*)login.get()) != QDialog::Accepted) { //FIXME: recover with password prompt - CustomMessageBox::selectable(this, tr("Failed to login!"), tr("Unknown error"), QMessageBox::Warning)->exec(); + CustomMessageBox::selectable(this, tr("Skin Upload"), tr("Failed to login!"), QMessageBox::Warning)->exec(); close(); return; } - QString fileName = ui->skinPathTextBox->text(); - if (!QFile::exists(fileName)) + QString fileName; + QString input = ui->skinPathTextBox->text(); + QRegExp urlPrefixMatcher("^([a-z]+)://.+$"); + bool isLocalFile = false; + // it has an URL prefix -> it is an URL + if(urlPrefixMatcher.exactMatch(input)) { - CustomMessageBox::selectable(this, tr("Skin file does not exist!"), tr("Unknown error"), QMessageBox::Warning)->exec(); + QUrl fileURL = input; + if(fileURL.isValid()) + { + // local? + if(fileURL.isLocalFile()) + { + isLocalFile = true; + fileName = fileURL.toLocalFile(); + } + else + { + CustomMessageBox::selectable( + this, + tr("Skin Upload"), + tr("Using remote URLs for setting skins is not implemented yet."), + QMessageBox::Warning + )->exec(); + close(); + return; + } + } + else + { + CustomMessageBox::selectable( + this, + tr("Skin Upload"), + tr("You cannot use an invalid URL for uploading skins."), + QMessageBox::Warning + )->exec(); + close(); + return; + } + } + else + { + // just assume it's a path then + isLocalFile = true; + fileName = ui->skinPathTextBox->text(); + } + if (isLocalFile && !QFile::exists(fileName)) + { + CustomMessageBox::selectable(this, tr("Skin Upload"), tr("Skin file does not exist!"), QMessageBox::Warning)->exec(); close(); return; } @@ -43,11 +88,11 @@ void SkinUploadDialog::on_buttonBox_accepted() SkinUploadPtr upload = std::make_shared(this, session, FS::read(fileName), model); if (prog.execWithTask((Task*)upload.get()) != QDialog::Accepted) { - CustomMessageBox::selectable(this, tr("Failed to upload skin!"), tr("Unknown error"), QMessageBox::Warning)->exec(); + CustomMessageBox::selectable(this, tr("Skin Upload"), tr("Failed to upload skin!"), QMessageBox::Warning)->exec(); close(); return; } - CustomMessageBox::selectable(this, tr("Skin uploaded!"), tr("Success"), QMessageBox::Information)->exec(); + CustomMessageBox::selectable(this, tr("Skin Upload"), tr("Success"), QMessageBox::Information)->exec(); close(); } -- cgit v1.2.3