1. 05 Feb, 2018 1 commit
    • Marco Martin's avatar
      Make sure device paths are quoted · 9db872df
      Marco Martin authored
      in the case a vfat removable device has $() or `` in its label,
      such as $(touch foo) the quoted command may get executed,
      leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote
      to make sure everything is quoted and not interpreted as a command
      
      BUG:389815
      9db872df
  2. 04 Feb, 2018 1 commit
  3. 01 Feb, 2018 1 commit
  4. 31 Jan, 2018 1 commit
    • David Edmundson's avatar
      Sanitise notification HTML · 5bc696b5
      David Edmundson authored
      Summary:
      Qt labels support a HTML subset, using a completely internal parser in
      QTextDocument.
      
      The Notification spec support an even smaller subset of notification
      elements.
      
      It's important to strip out irrelevant tags that could potentially load
      remote information without user interaction, such as img
      src or even <b style="background:url...
      
      But we want to maintain the basic rich text formatting of bold and
      italics and links.
      
      This parser iterates reads the XML, copying only permissable tags and
      attributes.
      
      A future obvious improvement would be to merge the original regular
      expressions into this stream parser, but I'm trying to minimise
      breakages to get this into 5.12.
      
      Test Plan:
      Moved code into it's own class for easy unit testing
      Tried a bunch of things, including what the old regexes were doing
      
      Also ran notify send with a few options to make sure things worked
      
      Reviewers: #plasma, fvogt
      
      Reviewed By: fvogt
      
      Subscribers: aacid, fvogt, plasma-devel
      
      Tags: #plasma
      
      Differential Revision: https://phabricator.kde.org/D10188
      5bc696b5
  5. 29 Jan, 2018 1 commit
  6. 23 Jan, 2018 1 commit
    • Kai Uwe Broulik's avatar
      [Notifications] Unset Heading default height · 5e230a62
      Kai Uwe Broulik authored
      Plasma's Label has a default height based on the contentHeight of the text.
      However, this interferes with QtQuick Layout's logic and might cause an infinite loop.
      
      This can easily be triggered by sending a notification with a multi-line heading/summary.
      
      CHANGELOG: Fixed a freeze caused by certain notifications
      
      BUG: 381154
      FIXED-IN: 5.12.0
      (cherry picked from commit a3c0565a)
      5e230a62
  7. 17 Jan, 2018 1 commit
  8. 10 Jan, 2018 1 commit
  9. 08 Jan, 2018 1 commit
  10. 28 Dec, 2017 1 commit
  11. 25 Dec, 2017 1 commit
  12. 20 Dec, 2017 1 commit
  13. 25 Oct, 2017 2 commits
  14. 25 Aug, 2017 1 commit
  15. 23 Aug, 2017 1 commit
  16. 22 Aug, 2017 1 commit
    • Eike Hein's avatar
      Fix QSortFilterProxyModelPrivate::updateChildrenMapping crash in libtaskmanager · d2f722a8
      Eike Hein authored and David Edmundson's avatar David Edmundson committed
      Summary:
      TaskGroupingProxyModel uses a simple QVector<QVector<int>> populated
      with source model row indices to represent the task group tree. To
      implement QAbstractItemModel::parent(), its implementation of index()
      encodes row indices of the top-level vector into the internal ids of
      child item model indices. This allows parent() to produce the parent
      model index by simply decoding the parent row from the passed-in child
      index and call index() with that row.
      
      Top-level row indices shift up and down as the list of top-level items
      changes, invalidating those internal ids. QModelIndex is not meant to
      be stored, and the proxy model does take care of updating any persis-
      tent model indexes with new ids, so this should be fine.
      
      However, where it falls apart is that as internal ids are invalidated,
      a QSortFilterProxyModel on top of this proxy (i.e. TasksModel) may end
      up with multiple indexes with identical internal ids in its mappings,
      causing it to mess up its mappings as it uses them (e.g. taking things
      from them). This causes the often-reported crash/assert there.
      
      The fix is to refactor index()/parent() not to rely on row indices as
      internal ids, but instead use pointers to internal data structures
      instead.
      
      This patch achieves this by changing the map to QVector<QVector<int> *>.
      This screams fugly, but the alternative would basically just be to
      create some wrapper struct to hide the fugly appeareance a little,
      which I don't think is worth it.
      
      On the flip side, it saves a QVector::replace() call as a multable
      vector iterator can work directly on a vector without making a copy,
      and it's now no longer necessary to manually update the persistent
      model indices beyond what endRemoveRows() does implicitly.
      
      BUG:381006
      
      Reviewers: #plasma, davidedmundson
      
      Subscribers: plasma-devel
      
      Tags: #plasma
      
      Differential Revision: https://phabricator.kde.org/D7139
      d2f722a8
  17. 19 Aug, 2017 1 commit
  18. 07 Aug, 2017 1 commit
    • Kai Uwe Broulik's avatar
      [Battery Monitor] Fix icon size for InhibitionHint · 03f9ab0f
      Kai Uwe Broulik authored
      In QtQuick Layouts implicit size, which is taken from the SVG's preferred size, takes
      precedence potentially destroying the layout.
      
      Also, it should have been medium to be consistent with the rest.
      
      BUG: 383213
      FIXED-IN: 5.8.8
      03f9ab0f
  19. 24 Jul, 2017 3 commits
  20. 13 Jul, 2017 1 commit
  21. 12 Jul, 2017 1 commit
  22. 20 Jun, 2017 1 commit
    • Harald Sitter's avatar
      fix attachment signals · 774a23fc
      Harald Sitter authored
      Signals did not get changed for Qt5 porting but no one ever noticed because
      they were still in stringy runtime eval syntax :S
      Using proper signals to connect to fixes attaching a new backtrace to
      an existing bug.
      Backport of fix from D6161.
      
      CHANGELOG: Make attaching backtraces to existing bug reports work
      774a23fc
  23. 30 May, 2017 1 commit
  24. 29 May, 2017 1 commit
  25. 26 May, 2017 1 commit
  26. 25 May, 2017 1 commit
  27. 23 May, 2017 1 commit
  28. 22 May, 2017 2 commits
  29. 13 May, 2017 4 commits
  30. 05 May, 2017 1 commit
  31. 27 Apr, 2017 1 commit
    • David Edmundson's avatar
      Revert "launch autostart apps in ksmserver using KRun" · ea3f87c5
      David Edmundson authored
      KRun::runApplication will show blocking error dialogs if it fails to
      find the executable
      This means we don't autostart the next app, which could be fatal if it
      comes before...
      
      Summary:
      ...kwin/plasma
      We shouldn't be having blocking calls in ksmserver it can deadlock
      And even in the best case we'd still end up blocking ksplash for 30
      seconds
      
      We then port to KProcess which was part of the motivation behind the
      patch as it
      has better stdout handling
      
      This reverts commit 0f19e92f.
      
      BUG: 379254
      
      Also added port of autostarting applications to KProcess
      It has better stdout handling
      
      Test Plan: Logged in, still got my main session
      
      Reviewers: #plasma, mart
      
      Reviewed By: mart
      
      Subscribers: plasma-devel
      
      Tags: #plasma
      
      Differential Revision: https://phabricator.kde.org/D5618
      ea3f87c5
  32. 26 Apr, 2017 1 commit
  33. 21 Apr, 2017 1 commit