On Mon, Feb 20, 2017 at 9:03 PM, tscv11 <[email protected]> wrote:
First I must say that I am a big fan of Leo! Before this happened I used it
> for python (and reST, of course), HTML, CSS, Asciidoc, and Markdown.
>
Thanks. This is clearly a problem in Leo.
Imo, Leo should open a web page only when it is clear that it is about to
do so.
So here it is: whenever I go to Settings> Edit settings > then Colors or
> Basic Fonts, for example. and select a setting to add to/edit in
> myLeosettings.leo such as 'outline background color', then choose the more
> general settings editing option, and finally enter "2"... internet explorer
> attacks!
>
Not sure what you mean by attacks, but as I said, Leo should definitely
not be opening it.
> 'comodo internet security essentials' reports several pages 'trying to
> open' that it labels as 'suspicious'. I have tried every scan i know of,
> including avast, malwarebytes, spybot search destroy, hitman pro, and MANY
> others. This is the first time I have been unable to get rid (what seems
> to be) malware.
>
Let's do a little sleuthing. I know nothing about the edit-settings menu
(I probably didn't write the code).
leoSettings.leo creates the menu item, in the node:
@settings-->Menus-->@menus-->
@menu Settings-->@menu Edit settings
The body text of that node contains:
Placeholder, populated by SettingsFinder.build_menu()
A cff (clone-find-all-flattened) confirms that there is only one build_menu
command in Leo's core, in leoConfig.py.
This method has lots of wonky code, but nothing suspicious. The first line
is:
settings_menu = self._outline_data_to_python(
self.c.config.getOutlineData("settings-finder-menu"))
A cff on settings-finder-menu shows only the match above in Leo's core.
Looking in leoSettings.leo we find:
@settings-->Menus-->@outline-data settings-finder-menu
There are lots of entries in this tree, all of them simply containing
settings names. Again, nothing suspicious, and nothing, apparently, that
could be hacked.
O
k, so let's find the message, "please enter". It's in
SettingsFinder.find_setting. It calls SF.copy_to_my_settings.
This is weird enough that I want to single-step through
copy_to_my_settings. I put g.pdb() just after g.es(unl).
I don't think there is anything nefarious going on, but we have to be sure.
My guess is that the unl causing the browser should open. This would be a
bad bug. Let's see...
Ok. I went through the steps you mention and dropped into
SF.copy_to_my_settings with pdb as expected.
Single stepping through the code, we can see that the following statement,
at the very end of the method, opens the browser:
g.handleUrl(unl, c=self.c)
The debugger reports that the unl is still:
'C:\\Users\\edreamleo\\.leo\\myLeoSettings.leo#@settings:3-->newHeadline:30-->Body
pane colors:0-->@color body-bg = white:0'
So the bug is in g.handleUrl. I have no idea why it thinks the unl is a
url that should be opened in a browser, but apparently that's what is going
on.
> I thought someone should know.
>
You were quite right to report this. I'll fix this today.
It's too bad you scanned for a virus. This is all Leo's fault.
Edward
--
You received this message because you are subscribed to the Google Groups
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.
