1 |
commit e30d7acda6c04b667618ac86f49786cf966a08fb |
2 |
Author: Mikkel Krautz <mikkel@krautz.dk> |
3 |
Date: Tue May 13 20:54:27 2014 +0200 |
4 |
|
5 |
mumble: fix Mumble-SA-2014-006. |
6 |
|
7 |
Usernames and channel names were not properly HTML-escaped |
8 |
when used in Qt widgets that are rich-text enabled. |
9 |
|
10 |
This commit fixes that, but also touches various other |
11 |
similar cases where an escaped version is appropriate. |
12 |
|
13 |
This commit is based on the following commits from the |
14 |
master branch (Mumble 1.3.0): |
15 |
|
16 |
b7d9387bd6dacbad0b2345f03dd8502a51c42f6a |
17 |
1caaec763b91c8a12b11d7ceb37e21622f4da76e |
18 |
a0ebded7df388ce625dfbeb0c2bd65fb782da2a4 |
19 |
c52dedce8409da0654fd197690ff95411df3f9b2 |
20 |
1f6ddaf35f9583ef72f2d924b76b425ec85fc692 |
21 |
73a1a98d16a29c78d85e1c19b8feac7ba22dddfe |
22 |
d58990c374502cfdd4a5f2bd8dbd490f19e9e511 |
23 |
b6e17cac696396d5bcbc3391846f9cacb9c072c4 |
24 |
9837c4dc2d1d6c60505f7246cd00ffa33ad808a9 |
25 |
17fa695b222a8b308438f9283e78dfba931e8712 |
26 |
d9ff1e947d4d00f6cd8d38fd04cd87f6e3167028 |
27 |
|
28 |
Special thanks to Tim Cooper for various of the above |
29 |
patches. |
30 |
|
31 |
Rediffed by daviddavid (Mageia Team) for mumble-1.2.3. |
32 |
|
33 |
--- mumble-1.2.3/src/mumble/ALSAAudio.cpp.orig 2014-05-16 20:59:15.025347292 +0200 |
34 |
+++ mumble-1.2.3/src/mumble/ALSAAudio.cpp 2014-05-16 21:01:08.715796764 +0200 |
35 |
@@ -357,7 +357,7 @@ |
36 |
snd_pcm_close(capture_handle); |
37 |
capture_handle = NULL; |
38 |
} |
39 |
- g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(QLatin1String(snd_strerror(err)))); |
40 |
+ g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err))))); |
41 |
return; |
42 |
} |
43 |
|
44 |
@@ -492,7 +492,7 @@ |
45 |
snd_pcm_writei(pcm_handle, zerobuff, period_size); |
46 |
|
47 |
if (! bOk) { |
48 |
- g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(QLatin1String(snd_strerror(err)))); |
49 |
+ g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err))))); |
50 |
if (pcm_handle) { |
51 |
snd_pcm_close(pcm_handle); |
52 |
pcm_handle = NULL; |
53 |
--- mumble-1.2.3/src/mumble/ASIOInput.cpp.orig 2011-02-19 22:35:16.000000000 +0100 |
54 |
+++ mumble-1.2.3/src/mumble/ASIOInput.cpp 2014-05-16 21:04:32.153652669 +0200 |
55 |
@@ -265,7 +265,7 @@ |
56 |
char err[255]; |
57 |
iasio->getErrorMessage(err); |
58 |
SleepEx(10, false); |
59 |
- QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton); |
60 |
+ QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton); |
61 |
} |
62 |
iasio->Release(); |
63 |
} else { |
64 |
@@ -290,7 +290,7 @@ |
65 |
char err[255]; |
66 |
iasio->getErrorMessage(err); |
67 |
SleepEx(10, false); |
68 |
- QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton); |
69 |
+ QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton); |
70 |
} |
71 |
iasio->Release(); |
72 |
} else { |
73 |
--- mumble-1.2.3/src/mumble/ASIOInput.ui.orig 2014-05-16 21:08:49.101309395 +0200 |
74 |
+++ mumble-1.2.3/src/mumble/ASIOInput.ui 2014-05-16 21:10:46.486228414 +0200 |
75 |
@@ -99,6 +99,9 @@ |
76 |
<property name="text"> |
77 |
<string/> |
78 |
</property> |
79 |
+ <property name="textFormat"> |
80 |
+ <enum>Qt::PlainText</enum> |
81 |
+ </property> |
82 |
</widget> |
83 |
</item> |
84 |
<item row="1" column="0"> |
85 |
@@ -119,6 +122,9 @@ |
86 |
<property name="text"> |
87 |
<string/> |
88 |
</property> |
89 |
+ <property name="textFormat"> |
90 |
+ <enum>Qt::PlainText</enum> |
91 |
+ </property> |
92 |
</widget> |
93 |
</item> |
94 |
</layout> |
95 |
--- mumble-1.2.3/src/mumble/AudioConfigDialog.cpp.orig 2011-02-19 22:35:16.000000000 +0100 |
96 |
+++ mumble-1.2.3/src/mumble/AudioConfigDialog.cpp 2014-05-16 21:13:36.431827626 +0200 |
97 |
@@ -350,7 +350,7 @@ |
98 |
|
99 |
foreach(audioDevice d, ql) { |
100 |
qcbDevice->addItem(d.first, d.second); |
101 |
- qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole); |
102 |
+ qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole); |
103 |
++idx; |
104 |
} |
105 |
|
106 |
@@ -483,7 +483,7 @@ |
107 |
|
108 |
foreach(audioDevice d, ql) { |
109 |
qcbDevice->addItem(d.first, d.second); |
110 |
- qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole); |
111 |
+ qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole); |
112 |
++idx; |
113 |
} |
114 |
bool canmute = aor->canMuteOthers(); |
115 |
--- mumble-1.2.3/src/mumble/AudioOutput.cpp.orig 2014-05-16 21:22:15.179757821 +0200 |
116 |
+++ mumble-1.2.3/src/mumble/AudioOutput.cpp 2014-05-16 21:23:08.124486823 +0200 |
117 |
@@ -299,7 +299,7 @@ |
118 |
if ((sf = AudioOutputSample::loadSndfile(file)) == NULL) { |
119 |
QMessageBox::critical(NULL, |
120 |
tr("Invalid sound file"), |
121 |
- tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(file)); |
122 |
+ tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(Qt::escape(file))); |
123 |
return QString(); |
124 |
} |
125 |
delete sf; |
126 |
--- mumble-1.2.3/src/mumble/Cert.cpp.orig 2014-05-16 21:24:29.461824381 +0200 |
127 |
+++ mumble-1.2.3/src/mumble/Cert.cpp 2014-05-16 21:27:26.031265449 +0200 |
128 |
@@ -51,6 +51,7 @@ |
129 |
grid->addWidget(l, 0, 0, 1, 1, Qt::AlignRight); |
130 |
|
131 |
qlSubjectName = new QLabel(); |
132 |
+ qlSubjectName->setTextFormat(Qt::PlainText); |
133 |
qlSubjectName->setWordWrap(true); |
134 |
grid->addWidget(qlSubjectName, 0, 1, 1, 1); |
135 |
|
136 |
@@ -58,6 +59,7 @@ |
137 |
grid->addWidget(l, 1, 0, 1, 1, Qt::AlignRight); |
138 |
|
139 |
qlSubjectEmail = new QLabel(); |
140 |
+ qlSubjectEmail->setTextFormat(Qt::PlainText); |
141 |
qlSubjectEmail->setWordWrap(true); |
142 |
grid->addWidget(qlSubjectEmail, 1, 1, 1, 1); |
143 |
|
144 |
@@ -65,6 +67,7 @@ |
145 |
grid->addWidget(l, 2, 0, 1, 1, Qt::AlignRight); |
146 |
|
147 |
qlIssuerName = new QLabel(); |
148 |
+ qlIssuerName->setTextFormat(Qt::PlainText); |
149 |
qlIssuerName->setWordWrap(true); |
150 |
grid->addWidget(qlIssuerName, 2, 1, 1, 1); |
151 |
|
152 |
@@ -100,12 +103,12 @@ |
153 |
qlSubjectName->setText(tmpName); |
154 |
|
155 |
if (emails.count() > 0) |
156 |
- qlSubjectEmail->setText(emails.join(QLatin1String("<br />"))); |
157 |
+ qlSubjectEmail->setText(emails.join(QLatin1String("\n"))); |
158 |
else |
159 |
qlSubjectEmail->setText(tr("(none)")); |
160 |
|
161 |
if (qscCert.expiryDate() <= QDateTime::currentDateTime()) |
162 |
- qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(qscCert.expiryDate().toString(Qt::SystemLocaleDate))); |
163 |
+ qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(Qt::escape(qscCert.expiryDate().toString(Qt::SystemLocaleDate)))); |
164 |
else |
165 |
qlExpiry->setText(qscCert.expiryDate().toString(Qt::SystemLocaleDate)); |
166 |
|
167 |
--- mumble-1.2.3/src/mumble/ConnectDialog.cpp.orig 2014-05-16 21:30:16.767965205 +0200 |
168 |
+++ mumble-1.2.3/src/mumble/ConnectDialog.cpp 2014-05-16 21:33:57.459013903 +0200 |
169 |
@@ -447,7 +447,7 @@ |
170 |
} else if (role == Qt::ToolTipRole) { |
171 |
QStringList qsl; |
172 |
foreach(const QHostAddress &qha, qlAddresses) |
173 |
- qsl << qha.toString(); |
174 |
+ qsl << Qt::escape(qha.toString()); |
175 |
|
176 |
double ploss = 100.0; |
177 |
|
178 |
@@ -457,18 +457,18 @@ |
179 |
QString qs; |
180 |
qs += |
181 |
QLatin1String("<table>") + |
182 |
- QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), qsName) + |
183 |
- QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), qsHostname); |
184 |
+ QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), Qt::escape(qsName)) + |
185 |
+ QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), Qt::escape(qsHostname)); |
186 |
|
187 |
if (! qsBonjourHost.isEmpty()) |
188 |
- qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), qsBonjourHost); |
189 |
+ qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), Qt::escape(qsBonjourHost)); |
190 |
|
191 |
qs += |
192 |
QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Port")).arg(usPort) + |
193 |
QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Addresses"), qsl.join(QLatin1String(", "))); |
194 |
|
195 |
if (! qsUrl.isEmpty()) |
196 |
- qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), qsUrl); |
197 |
+ qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), Qt::escape(qsUrl)); |
198 |
|
199 |
if (uiSent > 0) { |
200 |
qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Packet loss"), QString::fromLatin1("%1% (%2/%3)").arg(ploss, 0, 'f', 1).arg(uiRecv).arg(uiSent)); |
201 |
@@ -622,7 +622,7 @@ |
202 |
mime->setUrls(urls); |
203 |
|
204 |
mime->setText(qs); |
205 |
- mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(qsName)); |
206 |
+ mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(Qt::escape(qsName))); |
207 |
|
208 |
if (itType == FavoriteType) |
209 |
mime->setData(QLatin1String("OriginatedInMumble"), QByteArray()); |
210 |
--- mumble-1.2.3/src/mumble/Database.cpp.orig 2014-05-16 21:35:46.167830234 +0200 |
211 |
+++ mumble-1.2.3/src/mumble/Database.cpp 2014-05-16 21:36:38.653500893 +0200 |
212 |
@@ -88,7 +88,7 @@ |
213 |
QFileInfo fi(db.databaseName()); |
214 |
|
215 |
if (! fi.isWritable()) { |
216 |
- QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(fi.filePath()), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton); |
217 |
+ QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(Qt::escape(fi.filePath())), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton); |
218 |
qWarning("Database: Database is read-only"); |
219 |
} |
220 |
|
221 |
--- mumble-1.2.3/src/mumble/LCD.cpp.orig 2014-05-16 21:38:09.227012321 +0200 |
222 |
+++ mumble-1.2.3/src/mumble/LCD.cpp 2014-05-16 21:39:03.958968471 +0200 |
223 |
@@ -108,7 +108,7 @@ |
224 |
qtwi->setFlags(Qt::ItemIsEnabled |Qt::ItemIsUserCheckable); |
225 |
|
226 |
qtwi->setText(0, d->name()); |
227 |
- qtwi->setToolTip(0, d->name()); |
228 |
+ qtwi->setToolTip(0, Qt::escape(d->name())); |
229 |
|
230 |
QSize lcdsize = d->size(); |
231 |
QString qsSize = QString::fromLatin1("%1x%2").arg(lcdsize.width()).arg(lcdsize.height()); |
232 |
--- mumble-1.2.3/src/mumble/Log.cpp.orig 2014-05-16 20:01:17.293295057 +0200 |
233 |
+++ mumble-1.2.3/src/mumble/Log.cpp 2014-05-16 21:44:30.732499706 +0200 |
234 |
@@ -270,7 +270,7 @@ |
235 |
} |
236 |
|
237 |
QString Log::formatChannel(::Channel *c) { |
238 |
- return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(c->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64())); |
239 |
+ return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(Qt::escape(c->qsName)).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64())); |
240 |
} |
241 |
|
242 |
QString Log::formatClientUser(ClientUser *cu, LogColorType t) { |
243 |
@@ -282,10 +282,11 @@ |
244 |
} |
245 |
|
246 |
if (cu) { |
247 |
+ QString name = Qt::escape(cu->qsName); |
248 |
if (cu->qsHash.isEmpty()) { |
249 |
- return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(cu->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64())); |
250 |
+ return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(name).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64())); |
251 |
} else { |
252 |
- return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(cu->qsName); |
253 |
+ return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(name); |
254 |
} |
255 |
} else { |
256 |
return QString::fromLatin1("<span class='log-server log-%1'>%2</span>").arg(className).arg(tr("the server")); |
257 |
@@ -447,7 +448,7 @@ |
258 |
if (qdDate != dt.date()) { |
259 |
qdDate = dt.date(); |
260 |
tc.insertBlock(); |
261 |
- tc.insertHtml(tr("[Date changed to %1]\n").arg(qdDate.toString(Qt::DefaultLocaleShortDate))); |
262 |
+ tc.insertHtml(tr("[Date changed to %1]\n").arg(Qt::escape(qdDate.toString(Qt::DefaultLocaleShortDate)))); |
263 |
tc.movePosition(QTextCursor::End); |
264 |
} |
265 |
|
266 |
@@ -460,7 +461,7 @@ |
267 |
} else if (! g.mw->qteLog->document()->isEmpty()) { |
268 |
tc.insertBlock(); |
269 |
} |
270 |
- tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(dt.time().toString(Qt::DefaultLocaleShortDate)), Log::Time)); |
271 |
+ tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(Qt::escape(dt.time().toString(Qt::DefaultLocaleShortDate))), Log::Time)); |
272 |
validHtml(console, true, &tc); |
273 |
tc.movePosition(QTextCursor::End); |
274 |
g.mw->qteLog->setTextCursor(tc); |
275 |
--- mumble-1.2.3/src/mumble/MainWindow.cpp.orig 2014-05-16 20:28:57.462753125 +0200 |
276 |
+++ mumble-1.2.3/src/mumble/MainWindow.cpp 2014-05-16 21:54:41.068070219 +0200 |
277 |
@@ -638,7 +638,7 @@ |
278 |
} |
279 |
|
280 |
void MainWindow::openUrl(const QUrl &url) { |
281 |
- g.l->log(Log::Information, tr("Opening URL %1").arg(url.toString())); |
282 |
+ g.l->log(Log::Information, tr("Opening URL %1").arg(Qt::escape(url.toString()))); |
283 |
if (url.scheme() == QLatin1String("file")) { |
284 |
QFile f(url.toLocalFile()); |
285 |
if (! f.exists() || ! f.open(QIODevice::ReadOnly)) { |
286 |
@@ -726,7 +726,7 @@ |
287 |
g.s.qsLastServer = name; |
288 |
rtLast = MumbleProto::Reject_RejectType_None; |
289 |
qaServerDisconnect->setEnabled(true); |
290 |
- g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(host, Log::Server))); |
291 |
+ g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(host), Log::Server))); |
292 |
g.sh->setConnectionInfo(host, port, user, pw); |
293 |
g.sh->start(QThread::TimeCriticalPriority); |
294 |
} |
295 |
@@ -902,7 +902,7 @@ |
296 |
qsDesiredChannel = QString(); |
297 |
rtLast = MumbleProto::Reject_RejectType_None; |
298 |
qaServerDisconnect->setEnabled(true); |
299 |
- g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(cd->qsServer, Log::Server))); |
300 |
+ g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(cd->qsServer), Log::Server))); |
301 |
g.sh->setConnectionInfo(cd->qsServer, cd->usPort, cd->qsUsername, cd->qsPassword); |
302 |
g.sh->start(QThread::TimeCriticalPriority); |
303 |
} |
304 |
@@ -978,7 +978,7 @@ |
305 |
return; |
306 |
|
307 |
QMessageBox::StandardButton result; |
308 |
- result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No); |
309 |
+ result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No); |
310 |
|
311 |
if (result == QMessageBox::Yes) |
312 |
g.sh->registerUser(p->uiSession); |
313 |
@@ -1052,7 +1052,7 @@ |
314 |
qsVersion.append(tr("<p>No build information or OS version available.</p>")); |
315 |
} else { |
316 |
qsVersion.append(tr("<p>%1 (%2)<br />%3</p>") |
317 |
- .arg(g.sh->qsRelease, g.sh->qsOS, g.sh->qsOSVersion)); |
318 |
+ .arg(Qt::escape(g.sh->qsRelease), Qt::escape(g.sh->qsOS), Qt::escape(g.sh->qsOSVersion))); |
319 |
} |
320 |
|
321 |
QString host, uname, pw; |
322 |
@@ -1061,10 +1061,10 @@ |
323 |
g.sh->getConnectionInfo(host,port,uname,pw); |
324 |
|
325 |
QString qsControl=tr("<h2>Control channel</h2><p>Encrypted with %1 bit %2<br />%3 ms average latency (%4 deviation)</p><p>Remote host %5 (port %6)</p>").arg(QString::number(qsc.usedBits()), |
326 |
- qsc.name(), |
327 |
+ Qt::escape(qsc.name()), |
328 |
QString::fromLatin1("%1").arg(boost::accumulators::mean(g.sh->accTCP), 0, 'f', 2), |
329 |
QString::fromLatin1("%1").arg(sqrt(boost::accumulators::variance(g.sh->accTCP)),0,'f',2), |
330 |
- host, |
331 |
+ Qt::escape(host), |
332 |
QString::number(port)); |
333 |
QString qsVoice, qsCrypt, qsAudio; |
334 |
|
335 |
@@ -1305,9 +1305,9 @@ |
336 |
QMessageBox::StandardButton result; |
337 |
|
338 |
if (session == g.uiSession) |
339 |
- result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No); |
340 |
+ result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No); |
341 |
else |
342 |
- result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No); |
343 |
+ result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No); |
344 |
|
345 |
if (result == QMessageBox::Yes) { |
346 |
p = ClientUser::get(session); |
347 |
@@ -1445,7 +1445,7 @@ |
348 |
unsigned int session = p->uiSession; |
349 |
|
350 |
int ret = QMessageBox::question(this, QLatin1String("Mumble"), |
351 |
- tr("Are you sure you want to reset the comment of user %1?").arg(p->qsName), |
352 |
+ tr("Are you sure you want to reset the comment of user %1?").arg(Qt::escape(p->qsName)), |
353 |
QMessageBox::Yes, QMessageBox::No); |
354 |
if (ret == QMessageBox::Yes) { |
355 |
g.sh->setUserComment(session, QString()); |
356 |
@@ -1638,7 +1638,7 @@ |
357 |
|
358 |
int id = c->iId; |
359 |
|
360 |
- ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(c->qsName), QMessageBox::Yes, QMessageBox::No); |
361 |
+ ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(Qt::escape(c->qsName)), QMessageBox::Yes, QMessageBox::No); |
362 |
|
363 |
c = Channel::get(id); |
364 |
if (!c) |
365 |
@@ -2331,7 +2331,7 @@ |
366 |
|
367 |
if (! g.sh->qlErrors.isEmpty()) { |
368 |
foreach(QSslError e, g.sh->qlErrors) |
369 |
- g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(e.errorString())); |
370 |
+ g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(Qt::escape(e.errorString()))); |
371 |
if (! g.sh->qscCert.isEmpty()) { |
372 |
QSslCertificate c = g.sh->qscCert.at(0); |
373 |
QString basereason; |
374 |
@@ -2342,7 +2342,7 @@ |
375 |
} |
376 |
QStringList qsl; |
377 |
foreach(QSslError e, g.sh->qlErrors) |
378 |
- qsl << QString::fromLatin1("<li>%1</li>").arg(e.errorString()); |
379 |
+ qsl << QString::fromLatin1("<li>%1</li>").arg(Qt::escape(e.errorString())); |
380 |
|
381 |
QMessageBox qmb(QMessageBox::Warning, QLatin1String("Mumble"), |
382 |
tr("<p>%1.<br />The specific errors with this certificate are: </p><ol>%2</ol>" |
383 |
@@ -2402,7 +2402,7 @@ |
384 |
bool matched = false; |
385 |
|
386 |
if (! reason.isEmpty()) { |
387 |
- g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(reason)); |
388 |
+ g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(Qt::escape(reason))); |
389 |
} else { |
390 |
g.l->log(Log::ServerDisconnected, tr("Disconnected from server.")); |
391 |
} |
392 |
@@ -2522,10 +2522,10 @@ |
393 |
if (c == NULL) // If no channel selected fallback to current one |
394 |
c = ClientUser::get(g.uiSession)->cChannel; |
395 |
|
396 |
- qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(c->qsName)); |
397 |
+ qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(Qt::escape(c->qsName))); |
398 |
} else { |
399 |
// User target |
400 |
- qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(p->qsName)); |
401 |
+ qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(Qt::escape(p->qsName))); |
402 |
} |
403 |
|
404 |
updateMenuPermissions(); |
405 |
--- mumble-1.2.3/src/mumble/Messages.cpp.orig 2014-05-16 21:56:41.041318202 +0200 |
406 |
+++ mumble-1.2.3/src/mumble/Messages.cpp 2014-05-16 22:06:19.729866541 +0200 |
407 |
@@ -85,7 +85,7 @@ |
408 |
|
409 |
void MainWindow::msgReject(const MumbleProto::Reject &msg) { |
410 |
rtLast = msg.type(); |
411 |
- g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(u8(msg.reason()))); |
412 |
+ g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(Qt::escape(u8(msg.reason())))); |
413 |
g.l->setIgnore(Log::ServerDisconnected, 1); |
414 |
} |
415 |
|
416 |
@@ -126,7 +126,7 @@ |
417 |
ClientUser *p=ClientUser::get(g.uiSession); |
418 |
connect(p, SIGNAL(talkingChanged()), this, SLOT(talkingChanged())); |
419 |
|
420 |
- qstiIcon->setToolTip(tr("Mumble: %1").arg(Channel::get(0)->qsName)); |
421 |
+ qstiIcon->setToolTip(tr("Mumble: %1").arg(Qt::escape(Channel::get(0)->qsName))); |
422 |
|
423 |
// Update QActions and menues |
424 |
on_qmServer_aboutToShow(); |
425 |
@@ -190,7 +190,7 @@ |
426 |
g.s.bTTS = true; |
427 |
quint32 oflags = g.s.qmMessages.value(Log::PermissionDenied); |
428 |
g.s.qmMessages[Log::PermissionDenied] = (oflags | Settings::LogTTS) & (~Settings::LogSoundfile); |
429 |
- g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(u)); |
430 |
+ g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(Qt::escape(u))); |
431 |
g.s.qmMessages[Log::PermissionDenied] = oflags; |
432 |
g.s.bDeaf = bold; |
433 |
g.s.bTTS = bold2; |
434 |
@@ -215,7 +215,7 @@ |
435 |
break; |
436 |
case MumbleProto::PermissionDenied_DenyType_UserName: { |
437 |
if (msg.has_name()) |
438 |
- g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(u8(msg.name()))); |
439 |
+ g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(Qt::escape(u8(msg.name())))); |
440 |
else |
441 |
g.l->log(Log::PermissionDenied, tr("Invalid username.")); |
442 |
} |
443 |
@@ -226,7 +226,7 @@ |
444 |
break; |
445 |
default: { |
446 |
if (msg.has_reason()) |
447 |
- g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(u8(msg.reason()))); |
448 |
+ g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(Qt::escape(u8(msg.reason())))); |
449 |
else |
450 |
g.l->log(Log::PermissionDenied, tr("Permission denied.")); |
451 |
} |
452 |
@@ -469,7 +469,7 @@ |
453 |
ACTOR_INIT; |
454 |
SELF_INIT; |
455 |
|
456 |
- QString reason = u8(msg.reason()); |
457 |
+ QString reason = Qt::escape(u8(msg.reason())); |
458 |
|
459 |
if (pDst == pSelf) { |
460 |
if (msg.ban()) |
461 |
--- mumble-1.2.3/src/mumble/Overlay.cpp.orig 2014-05-16 20:33:30.234704214 +0200 |
462 |
+++ mumble-1.2.3/src/mumble/Overlay.cpp 2014-05-16 22:10:06.142642440 +0200 |
463 |
@@ -97,7 +97,7 @@ |
464 |
#endif |
465 |
|
466 |
if (! qlsServer->listen(pipepath)) { |
467 |
- QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(qlsServer->errorString(),pipepath), QMessageBox::Ok, QMessageBox::NoButton); |
468 |
+ QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(Qt::escape(qlsServer->errorString()), Qt::escape(pipepath)), QMessageBox::Ok, QMessageBox::NoButton); |
469 |
} else { |
470 |
qWarning() << "Overlay: Listening on" << qlsServer->fullServerName(); |
471 |
connect(qlsServer, SIGNAL(newConnection()), this, SLOT(newConnection())); |
472 |
--- mumble-1.2.3/src/mumble/Plugins.cpp.orig 2014-05-16 22:11:26.490854285 +0200 |
473 |
+++ mumble-1.2.3/src/mumble/Plugins.cpp 2014-05-16 22:14:38.520260235 +0200 |
474 |
@@ -162,7 +162,7 @@ |
475 |
i->setCheckState(1, pi->enabled ? Qt::Checked : Qt::Unchecked); |
476 |
i->setText(0, pi->description); |
477 |
if (pi->p->longdesc) |
478 |
- i->setToolTip(0, QString::fromStdWString(pi->p->longdesc())); |
479 |
+ i->setToolTip(0, Qt::escape(QString::fromStdWString(pi->p->longdesc()))); |
480 |
i->setData(0, Qt::UserRole, pi->filename); |
481 |
} |
482 |
qtwPlugins->setCurrentItem(qtwPlugins->topLevelItem(0)); |
483 |
@@ -372,7 +372,7 @@ |
484 |
QReadLocker lock(&qrwlPlugins); |
485 |
|
486 |
if (prevlocked) { |
487 |
- g.l->log(Log::Information, tr("%1 lost link.").arg(prevlocked->shortname)); |
488 |
+ g.l->log(Log::Information, tr("%1 lost link.").arg(Qt::escape(prevlocked->shortname))); |
489 |
prevlocked = NULL; |
490 |
} |
491 |
|
492 |
@@ -446,7 +446,7 @@ |
493 |
if (pi->enabled) { |
494 |
if (pi->p2 ? pi->p2->trylock(pids) : pi->p->trylock()) { |
495 |
pi->shortname = QString::fromStdWString(pi->p->shortname); |
496 |
- g.l->log(Log::Information, tr("%1 linked.").arg(pi->shortname)); |
497 |
+ g.l->log(Log::Information, tr("%1 linked.").arg(Qt::escape(pi->shortname))); |
498 |
pi->locked = true; |
499 |
bUnlink = false; |
500 |
locked = pi; |
501 |
@@ -629,15 +629,15 @@ |
502 |
if (f.open(QIODevice::WriteOnly)) { |
503 |
f.write(qba); |
504 |
f.close(); |
505 |
- g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName())); |
506 |
+ g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName()))); |
507 |
} else { |
508 |
f.setFileName(qsUserPlugins + QLatin1String("/") + fname); |
509 |
if (f.open(QIODevice::WriteOnly)) { |
510 |
f.write(qba); |
511 |
f.close(); |
512 |
- g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName())); |
513 |
+ g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName()))); |
514 |
} else { |
515 |
- g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(f.fileName())); |
516 |
+ g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(Qt::escape(f.fileName()))); |
517 |
} |
518 |
} |
519 |
|
520 |
--- mumble-1.2.3/src/mumble/VersionCheck.cpp.orig 2014-05-16 22:15:52.736692762 +0200 |
521 |
+++ mumble-1.2.3/src/mumble/VersionCheck.cpp 2014-05-16 22:17:45.609038256 +0200 |
522 |
@@ -151,7 +151,7 @@ |
523 |
} |
524 |
} else { |
525 |
fetch.setHost(g.qsRegionalHost); |
526 |
- g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(fetch.toString(), filename)); |
527 |
+ g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(Qt::escape(fetch.toString()), Qt::escape(filename))); |
528 |
|
529 |
QNetworkReply *nrep = Network::get(fetch); |
530 |
connect(nrep, SIGNAL(finished()), this, SLOT(finished())); |
531 |
|