/[packages]/backports/4/mumble/current/SOURCES/mumble-1.2.3-mga-CVE-2014-3756.patch
ViewVC logotype

Contents of /backports/4/mumble/current/SOURCES/mumble-1.2.3-mga-CVE-2014-3756.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 818074 - (show annotations) (download)
Sat Mar 7 20:25:14 2015 UTC (9 years ago) by daviddavid
File size: 26762 byte(s)
backport mumble from Mageia 4 branch

1 commit e30d7acda6c04b667618ac86f49786cf966a08fb
2 Author: Mikkel Krautz <mikkel@krautz.dk>
3 Date: Tue May 13 20:54:27 2014 +0200
4
5 mumble: fix Mumble-SA-2014-006.
6
7 Usernames and channel names were not properly HTML-escaped
8 when used in Qt widgets that are rich-text enabled.
9
10 This commit fixes that, but also touches various other
11 similar cases where an escaped version is appropriate.
12
13 This commit is based on the following commits from the
14 master branch (Mumble 1.3.0):
15
16 b7d9387bd6dacbad0b2345f03dd8502a51c42f6a
17 1caaec763b91c8a12b11d7ceb37e21622f4da76e
18 a0ebded7df388ce625dfbeb0c2bd65fb782da2a4
19 c52dedce8409da0654fd197690ff95411df3f9b2
20 1f6ddaf35f9583ef72f2d924b76b425ec85fc692
21 73a1a98d16a29c78d85e1c19b8feac7ba22dddfe
22 d58990c374502cfdd4a5f2bd8dbd490f19e9e511
23 b6e17cac696396d5bcbc3391846f9cacb9c072c4
24 9837c4dc2d1d6c60505f7246cd00ffa33ad808a9
25 17fa695b222a8b308438f9283e78dfba931e8712
26 d9ff1e947d4d00f6cd8d38fd04cd87f6e3167028
27
28 Special thanks to Tim Cooper for various of the above
29 patches.
30
31 Rediffed by daviddavid (Mageia Team) for mumble-1.2.3.
32
33 --- mumble-1.2.3/src/mumble/ALSAAudio.cpp.orig 2014-05-16 20:59:15.025347292 +0200
34 +++ mumble-1.2.3/src/mumble/ALSAAudio.cpp 2014-05-16 21:01:08.715796764 +0200
35 @@ -357,7 +357,7 @@
36 snd_pcm_close(capture_handle);
37 capture_handle = NULL;
38 }
39 - g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(QLatin1String(snd_strerror(err))));
40 + g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err)))));
41 return;
42 }
43
44 @@ -492,7 +492,7 @@
45 snd_pcm_writei(pcm_handle, zerobuff, period_size);
46
47 if (! bOk) {
48 - g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(QLatin1String(snd_strerror(err))));
49 + g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err)))));
50 if (pcm_handle) {
51 snd_pcm_close(pcm_handle);
52 pcm_handle = NULL;
53 --- mumble-1.2.3/src/mumble/ASIOInput.cpp.orig 2011-02-19 22:35:16.000000000 +0100
54 +++ mumble-1.2.3/src/mumble/ASIOInput.cpp 2014-05-16 21:04:32.153652669 +0200
55 @@ -265,7 +265,7 @@
56 char err[255];
57 iasio->getErrorMessage(err);
58 SleepEx(10, false);
59 - QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton);
60 + QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton);
61 }
62 iasio->Release();
63 } else {
64 @@ -290,7 +290,7 @@
65 char err[255];
66 iasio->getErrorMessage(err);
67 SleepEx(10, false);
68 - QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton);
69 + QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton);
70 }
71 iasio->Release();
72 } else {
73 --- mumble-1.2.3/src/mumble/ASIOInput.ui.orig 2014-05-16 21:08:49.101309395 +0200
74 +++ mumble-1.2.3/src/mumble/ASIOInput.ui 2014-05-16 21:10:46.486228414 +0200
75 @@ -99,6 +99,9 @@
76 <property name="text">
77 <string/>
78 </property>
79 + <property name="textFormat">
80 + <enum>Qt::PlainText</enum>
81 + </property>
82 </widget>
83 </item>
84 <item row="1" column="0">
85 @@ -119,6 +122,9 @@
86 <property name="text">
87 <string/>
88 </property>
89 + <property name="textFormat">
90 + <enum>Qt::PlainText</enum>
91 + </property>
92 </widget>
93 </item>
94 </layout>
95 --- mumble-1.2.3/src/mumble/AudioConfigDialog.cpp.orig 2011-02-19 22:35:16.000000000 +0100
96 +++ mumble-1.2.3/src/mumble/AudioConfigDialog.cpp 2014-05-16 21:13:36.431827626 +0200
97 @@ -350,7 +350,7 @@
98
99 foreach(audioDevice d, ql) {
100 qcbDevice->addItem(d.first, d.second);
101 - qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole);
102 + qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole);
103 ++idx;
104 }
105
106 @@ -483,7 +483,7 @@
107
108 foreach(audioDevice d, ql) {
109 qcbDevice->addItem(d.first, d.second);
110 - qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole);
111 + qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole);
112 ++idx;
113 }
114 bool canmute = aor->canMuteOthers();
115 --- mumble-1.2.3/src/mumble/AudioOutput.cpp.orig 2014-05-16 21:22:15.179757821 +0200
116 +++ mumble-1.2.3/src/mumble/AudioOutput.cpp 2014-05-16 21:23:08.124486823 +0200
117 @@ -299,7 +299,7 @@
118 if ((sf = AudioOutputSample::loadSndfile(file)) == NULL) {
119 QMessageBox::critical(NULL,
120 tr("Invalid sound file"),
121 - tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(file));
122 + tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(Qt::escape(file)));
123 return QString();
124 }
125 delete sf;
126 --- mumble-1.2.3/src/mumble/Cert.cpp.orig 2014-05-16 21:24:29.461824381 +0200
127 +++ mumble-1.2.3/src/mumble/Cert.cpp 2014-05-16 21:27:26.031265449 +0200
128 @@ -51,6 +51,7 @@
129 grid->addWidget(l, 0, 0, 1, 1, Qt::AlignRight);
130
131 qlSubjectName = new QLabel();
132 + qlSubjectName->setTextFormat(Qt::PlainText);
133 qlSubjectName->setWordWrap(true);
134 grid->addWidget(qlSubjectName, 0, 1, 1, 1);
135
136 @@ -58,6 +59,7 @@
137 grid->addWidget(l, 1, 0, 1, 1, Qt::AlignRight);
138
139 qlSubjectEmail = new QLabel();
140 + qlSubjectEmail->setTextFormat(Qt::PlainText);
141 qlSubjectEmail->setWordWrap(true);
142 grid->addWidget(qlSubjectEmail, 1, 1, 1, 1);
143
144 @@ -65,6 +67,7 @@
145 grid->addWidget(l, 2, 0, 1, 1, Qt::AlignRight);
146
147 qlIssuerName = new QLabel();
148 + qlIssuerName->setTextFormat(Qt::PlainText);
149 qlIssuerName->setWordWrap(true);
150 grid->addWidget(qlIssuerName, 2, 1, 1, 1);
151
152 @@ -100,12 +103,12 @@
153 qlSubjectName->setText(tmpName);
154
155 if (emails.count() > 0)
156 - qlSubjectEmail->setText(emails.join(QLatin1String("<br />")));
157 + qlSubjectEmail->setText(emails.join(QLatin1String("\n")));
158 else
159 qlSubjectEmail->setText(tr("(none)"));
160
161 if (qscCert.expiryDate() <= QDateTime::currentDateTime())
162 - qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(qscCert.expiryDate().toString(Qt::SystemLocaleDate)));
163 + qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(Qt::escape(qscCert.expiryDate().toString(Qt::SystemLocaleDate))));
164 else
165 qlExpiry->setText(qscCert.expiryDate().toString(Qt::SystemLocaleDate));
166
167 --- mumble-1.2.3/src/mumble/ConnectDialog.cpp.orig 2014-05-16 21:30:16.767965205 +0200
168 +++ mumble-1.2.3/src/mumble/ConnectDialog.cpp 2014-05-16 21:33:57.459013903 +0200
169 @@ -447,7 +447,7 @@
170 } else if (role == Qt::ToolTipRole) {
171 QStringList qsl;
172 foreach(const QHostAddress &qha, qlAddresses)
173 - qsl << qha.toString();
174 + qsl << Qt::escape(qha.toString());
175
176 double ploss = 100.0;
177
178 @@ -457,18 +457,18 @@
179 QString qs;
180 qs +=
181 QLatin1String("<table>") +
182 - QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), qsName) +
183 - QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), qsHostname);
184 + QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), Qt::escape(qsName)) +
185 + QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), Qt::escape(qsHostname));
186
187 if (! qsBonjourHost.isEmpty())
188 - qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), qsBonjourHost);
189 + qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), Qt::escape(qsBonjourHost));
190
191 qs +=
192 QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Port")).arg(usPort) +
193 QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Addresses"), qsl.join(QLatin1String(", ")));
194
195 if (! qsUrl.isEmpty())
196 - qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), qsUrl);
197 + qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), Qt::escape(qsUrl));
198
199 if (uiSent > 0) {
200 qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Packet loss"), QString::fromLatin1("%1% (%2/%3)").arg(ploss, 0, 'f', 1).arg(uiRecv).arg(uiSent));
201 @@ -622,7 +622,7 @@
202 mime->setUrls(urls);
203
204 mime->setText(qs);
205 - mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(qsName));
206 + mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(Qt::escape(qsName)));
207
208 if (itType == FavoriteType)
209 mime->setData(QLatin1String("OriginatedInMumble"), QByteArray());
210 --- mumble-1.2.3/src/mumble/Database.cpp.orig 2014-05-16 21:35:46.167830234 +0200
211 +++ mumble-1.2.3/src/mumble/Database.cpp 2014-05-16 21:36:38.653500893 +0200
212 @@ -88,7 +88,7 @@
213 QFileInfo fi(db.databaseName());
214
215 if (! fi.isWritable()) {
216 - QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(fi.filePath()), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton);
217 + QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(Qt::escape(fi.filePath())), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton);
218 qWarning("Database: Database is read-only");
219 }
220
221 --- mumble-1.2.3/src/mumble/LCD.cpp.orig 2014-05-16 21:38:09.227012321 +0200
222 +++ mumble-1.2.3/src/mumble/LCD.cpp 2014-05-16 21:39:03.958968471 +0200
223 @@ -108,7 +108,7 @@
224 qtwi->setFlags(Qt::ItemIsEnabled |Qt::ItemIsUserCheckable);
225
226 qtwi->setText(0, d->name());
227 - qtwi->setToolTip(0, d->name());
228 + qtwi->setToolTip(0, Qt::escape(d->name()));
229
230 QSize lcdsize = d->size();
231 QString qsSize = QString::fromLatin1("%1x%2").arg(lcdsize.width()).arg(lcdsize.height());
232 --- mumble-1.2.3/src/mumble/Log.cpp.orig 2014-05-16 20:01:17.293295057 +0200
233 +++ mumble-1.2.3/src/mumble/Log.cpp 2014-05-16 21:44:30.732499706 +0200
234 @@ -270,7 +270,7 @@
235 }
236
237 QString Log::formatChannel(::Channel *c) {
238 - return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(c->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
239 + return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(Qt::escape(c->qsName)).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
240 }
241
242 QString Log::formatClientUser(ClientUser *cu, LogColorType t) {
243 @@ -282,10 +282,11 @@
244 }
245
246 if (cu) {
247 + QString name = Qt::escape(cu->qsName);
248 if (cu->qsHash.isEmpty()) {
249 - return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(cu->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
250 + return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(name).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
251 } else {
252 - return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(cu->qsName);
253 + return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(name);
254 }
255 } else {
256 return QString::fromLatin1("<span class='log-server log-%1'>%2</span>").arg(className).arg(tr("the server"));
257 @@ -447,7 +448,7 @@
258 if (qdDate != dt.date()) {
259 qdDate = dt.date();
260 tc.insertBlock();
261 - tc.insertHtml(tr("[Date changed to %1]\n").arg(qdDate.toString(Qt::DefaultLocaleShortDate)));
262 + tc.insertHtml(tr("[Date changed to %1]\n").arg(Qt::escape(qdDate.toString(Qt::DefaultLocaleShortDate))));
263 tc.movePosition(QTextCursor::End);
264 }
265
266 @@ -460,7 +461,7 @@
267 } else if (! g.mw->qteLog->document()->isEmpty()) {
268 tc.insertBlock();
269 }
270 - tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(dt.time().toString(Qt::DefaultLocaleShortDate)), Log::Time));
271 + tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(Qt::escape(dt.time().toString(Qt::DefaultLocaleShortDate))), Log::Time));
272 validHtml(console, true, &tc);
273 tc.movePosition(QTextCursor::End);
274 g.mw->qteLog->setTextCursor(tc);
275 --- mumble-1.2.3/src/mumble/MainWindow.cpp.orig 2014-05-16 20:28:57.462753125 +0200
276 +++ mumble-1.2.3/src/mumble/MainWindow.cpp 2014-05-16 21:54:41.068070219 +0200
277 @@ -638,7 +638,7 @@
278 }
279
280 void MainWindow::openUrl(const QUrl &url) {
281 - g.l->log(Log::Information, tr("Opening URL %1").arg(url.toString()));
282 + g.l->log(Log::Information, tr("Opening URL %1").arg(Qt::escape(url.toString())));
283 if (url.scheme() == QLatin1String("file")) {
284 QFile f(url.toLocalFile());
285 if (! f.exists() || ! f.open(QIODevice::ReadOnly)) {
286 @@ -726,7 +726,7 @@
287 g.s.qsLastServer = name;
288 rtLast = MumbleProto::Reject_RejectType_None;
289 qaServerDisconnect->setEnabled(true);
290 - g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(host, Log::Server)));
291 + g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(host), Log::Server)));
292 g.sh->setConnectionInfo(host, port, user, pw);
293 g.sh->start(QThread::TimeCriticalPriority);
294 }
295 @@ -902,7 +902,7 @@
296 qsDesiredChannel = QString();
297 rtLast = MumbleProto::Reject_RejectType_None;
298 qaServerDisconnect->setEnabled(true);
299 - g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(cd->qsServer, Log::Server)));
300 + g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(cd->qsServer), Log::Server)));
301 g.sh->setConnectionInfo(cd->qsServer, cd->usPort, cd->qsUsername, cd->qsPassword);
302 g.sh->start(QThread::TimeCriticalPriority);
303 }
304 @@ -978,7 +978,7 @@
305 return;
306
307 QMessageBox::StandardButton result;
308 - result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
309 + result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
310
311 if (result == QMessageBox::Yes)
312 g.sh->registerUser(p->uiSession);
313 @@ -1052,7 +1052,7 @@
314 qsVersion.append(tr("<p>No build information or OS version available.</p>"));
315 } else {
316 qsVersion.append(tr("<p>%1 (%2)<br />%3</p>")
317 - .arg(g.sh->qsRelease, g.sh->qsOS, g.sh->qsOSVersion));
318 + .arg(Qt::escape(g.sh->qsRelease), Qt::escape(g.sh->qsOS), Qt::escape(g.sh->qsOSVersion)));
319 }
320
321 QString host, uname, pw;
322 @@ -1061,10 +1061,10 @@
323 g.sh->getConnectionInfo(host,port,uname,pw);
324
325 QString qsControl=tr("<h2>Control channel</h2><p>Encrypted with %1 bit %2<br />%3 ms average latency (%4 deviation)</p><p>Remote host %5 (port %6)</p>").arg(QString::number(qsc.usedBits()),
326 - qsc.name(),
327 + Qt::escape(qsc.name()),
328 QString::fromLatin1("%1").arg(boost::accumulators::mean(g.sh->accTCP), 0, 'f', 2),
329 QString::fromLatin1("%1").arg(sqrt(boost::accumulators::variance(g.sh->accTCP)),0,'f',2),
330 - host,
331 + Qt::escape(host),
332 QString::number(port));
333 QString qsVoice, qsCrypt, qsAudio;
334
335 @@ -1305,9 +1305,9 @@
336 QMessageBox::StandardButton result;
337
338 if (session == g.uiSession)
339 - result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
340 + result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
341 else
342 - result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
343 + result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
344
345 if (result == QMessageBox::Yes) {
346 p = ClientUser::get(session);
347 @@ -1445,7 +1445,7 @@
348 unsigned int session = p->uiSession;
349
350 int ret = QMessageBox::question(this, QLatin1String("Mumble"),
351 - tr("Are you sure you want to reset the comment of user %1?").arg(p->qsName),
352 + tr("Are you sure you want to reset the comment of user %1?").arg(Qt::escape(p->qsName)),
353 QMessageBox::Yes, QMessageBox::No);
354 if (ret == QMessageBox::Yes) {
355 g.sh->setUserComment(session, QString());
356 @@ -1638,7 +1638,7 @@
357
358 int id = c->iId;
359
360 - ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(c->qsName), QMessageBox::Yes, QMessageBox::No);
361 + ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(Qt::escape(c->qsName)), QMessageBox::Yes, QMessageBox::No);
362
363 c = Channel::get(id);
364 if (!c)
365 @@ -2331,7 +2331,7 @@
366
367 if (! g.sh->qlErrors.isEmpty()) {
368 foreach(QSslError e, g.sh->qlErrors)
369 - g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(e.errorString()));
370 + g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(Qt::escape(e.errorString())));
371 if (! g.sh->qscCert.isEmpty()) {
372 QSslCertificate c = g.sh->qscCert.at(0);
373 QString basereason;
374 @@ -2342,7 +2342,7 @@
375 }
376 QStringList qsl;
377 foreach(QSslError e, g.sh->qlErrors)
378 - qsl << QString::fromLatin1("<li>%1</li>").arg(e.errorString());
379 + qsl << QString::fromLatin1("<li>%1</li>").arg(Qt::escape(e.errorString()));
380
381 QMessageBox qmb(QMessageBox::Warning, QLatin1String("Mumble"),
382 tr("<p>%1.<br />The specific errors with this certificate are: </p><ol>%2</ol>"
383 @@ -2402,7 +2402,7 @@
384 bool matched = false;
385
386 if (! reason.isEmpty()) {
387 - g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(reason));
388 + g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(Qt::escape(reason)));
389 } else {
390 g.l->log(Log::ServerDisconnected, tr("Disconnected from server."));
391 }
392 @@ -2522,10 +2522,10 @@
393 if (c == NULL) // If no channel selected fallback to current one
394 c = ClientUser::get(g.uiSession)->cChannel;
395
396 - qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(c->qsName));
397 + qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(Qt::escape(c->qsName)));
398 } else {
399 // User target
400 - qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(p->qsName));
401 + qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(Qt::escape(p->qsName)));
402 }
403
404 updateMenuPermissions();
405 --- mumble-1.2.3/src/mumble/Messages.cpp.orig 2014-05-16 21:56:41.041318202 +0200
406 +++ mumble-1.2.3/src/mumble/Messages.cpp 2014-05-16 22:06:19.729866541 +0200
407 @@ -85,7 +85,7 @@
408
409 void MainWindow::msgReject(const MumbleProto::Reject &msg) {
410 rtLast = msg.type();
411 - g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(u8(msg.reason())));
412 + g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(Qt::escape(u8(msg.reason()))));
413 g.l->setIgnore(Log::ServerDisconnected, 1);
414 }
415
416 @@ -126,7 +126,7 @@
417 ClientUser *p=ClientUser::get(g.uiSession);
418 connect(p, SIGNAL(talkingChanged()), this, SLOT(talkingChanged()));
419
420 - qstiIcon->setToolTip(tr("Mumble: %1").arg(Channel::get(0)->qsName));
421 + qstiIcon->setToolTip(tr("Mumble: %1").arg(Qt::escape(Channel::get(0)->qsName)));
422
423 // Update QActions and menues
424 on_qmServer_aboutToShow();
425 @@ -190,7 +190,7 @@
426 g.s.bTTS = true;
427 quint32 oflags = g.s.qmMessages.value(Log::PermissionDenied);
428 g.s.qmMessages[Log::PermissionDenied] = (oflags | Settings::LogTTS) & (~Settings::LogSoundfile);
429 - g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(u));
430 + g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(Qt::escape(u)));
431 g.s.qmMessages[Log::PermissionDenied] = oflags;
432 g.s.bDeaf = bold;
433 g.s.bTTS = bold2;
434 @@ -215,7 +215,7 @@
435 break;
436 case MumbleProto::PermissionDenied_DenyType_UserName: {
437 if (msg.has_name())
438 - g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(u8(msg.name())));
439 + g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(Qt::escape(u8(msg.name()))));
440 else
441 g.l->log(Log::PermissionDenied, tr("Invalid username."));
442 }
443 @@ -226,7 +226,7 @@
444 break;
445 default: {
446 if (msg.has_reason())
447 - g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(u8(msg.reason())));
448 + g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(Qt::escape(u8(msg.reason()))));
449 else
450 g.l->log(Log::PermissionDenied, tr("Permission denied."));
451 }
452 @@ -469,7 +469,7 @@
453 ACTOR_INIT;
454 SELF_INIT;
455
456 - QString reason = u8(msg.reason());
457 + QString reason = Qt::escape(u8(msg.reason()));
458
459 if (pDst == pSelf) {
460 if (msg.ban())
461 --- mumble-1.2.3/src/mumble/Overlay.cpp.orig 2014-05-16 20:33:30.234704214 +0200
462 +++ mumble-1.2.3/src/mumble/Overlay.cpp 2014-05-16 22:10:06.142642440 +0200
463 @@ -97,7 +97,7 @@
464 #endif
465
466 if (! qlsServer->listen(pipepath)) {
467 - QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(qlsServer->errorString(),pipepath), QMessageBox::Ok, QMessageBox::NoButton);
468 + QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(Qt::escape(qlsServer->errorString()), Qt::escape(pipepath)), QMessageBox::Ok, QMessageBox::NoButton);
469 } else {
470 qWarning() << "Overlay: Listening on" << qlsServer->fullServerName();
471 connect(qlsServer, SIGNAL(newConnection()), this, SLOT(newConnection()));
472 --- mumble-1.2.3/src/mumble/Plugins.cpp.orig 2014-05-16 22:11:26.490854285 +0200
473 +++ mumble-1.2.3/src/mumble/Plugins.cpp 2014-05-16 22:14:38.520260235 +0200
474 @@ -162,7 +162,7 @@
475 i->setCheckState(1, pi->enabled ? Qt::Checked : Qt::Unchecked);
476 i->setText(0, pi->description);
477 if (pi->p->longdesc)
478 - i->setToolTip(0, QString::fromStdWString(pi->p->longdesc()));
479 + i->setToolTip(0, Qt::escape(QString::fromStdWString(pi->p->longdesc())));
480 i->setData(0, Qt::UserRole, pi->filename);
481 }
482 qtwPlugins->setCurrentItem(qtwPlugins->topLevelItem(0));
483 @@ -372,7 +372,7 @@
484 QReadLocker lock(&qrwlPlugins);
485
486 if (prevlocked) {
487 - g.l->log(Log::Information, tr("%1 lost link.").arg(prevlocked->shortname));
488 + g.l->log(Log::Information, tr("%1 lost link.").arg(Qt::escape(prevlocked->shortname)));
489 prevlocked = NULL;
490 }
491
492 @@ -446,7 +446,7 @@
493 if (pi->enabled) {
494 if (pi->p2 ? pi->p2->trylock(pids) : pi->p->trylock()) {
495 pi->shortname = QString::fromStdWString(pi->p->shortname);
496 - g.l->log(Log::Information, tr("%1 linked.").arg(pi->shortname));
497 + g.l->log(Log::Information, tr("%1 linked.").arg(Qt::escape(pi->shortname)));
498 pi->locked = true;
499 bUnlink = false;
500 locked = pi;
501 @@ -629,15 +629,15 @@
502 if (f.open(QIODevice::WriteOnly)) {
503 f.write(qba);
504 f.close();
505 - g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName()));
506 + g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName())));
507 } else {
508 f.setFileName(qsUserPlugins + QLatin1String("/") + fname);
509 if (f.open(QIODevice::WriteOnly)) {
510 f.write(qba);
511 f.close();
512 - g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName()));
513 + g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName())));
514 } else {
515 - g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(f.fileName()));
516 + g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(Qt::escape(f.fileName())));
517 }
518 }
519
520 --- mumble-1.2.3/src/mumble/VersionCheck.cpp.orig 2014-05-16 22:15:52.736692762 +0200
521 +++ mumble-1.2.3/src/mumble/VersionCheck.cpp 2014-05-16 22:17:45.609038256 +0200
522 @@ -151,7 +151,7 @@
523 }
524 } else {
525 fetch.setHost(g.qsRegionalHost);
526 - g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(fetch.toString(), filename));
527 + g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(Qt::escape(fetch.toString()), Qt::escape(filename)));
528
529 QNetworkReply *nrep = Network::get(fetch);
530 connect(nrep, SIGNAL(finished()), this, SLOT(finished()));
531

  ViewVC Help
Powered by ViewVC 1.1.30