Commit 683b6688 authored by David Edmundson's avatar David Edmundson
Browse files

Validate timezone name before setting

This patch ensures that the symlink /etc/localtime always points to a
file in /usr/share/timezones and not an arbitrary file in a user's home
directory.
parent e608fbd8
......@@ -114,6 +114,13 @@ int ClockHelper::date( const QString& newdate, const QString& olddate )
int ClockHelper::tz( const QString& selectedzone )
{
int ret = 0;
//only allow letters, numbers hyphen underscore plus and forward slash
//allowed pattern taken from time-util.c in systemd
if (!QRegExp("[a-zA-Z0-9-_+/]*").exactMatch(selectedzone)) {
return ret;
}
QString val;
#if defined(USE_SOLARIS) // MARCO
KTemporaryFile tf;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment