commit kdeconnect-kde for openSUSE:Factory

root Wed, 12 Jul 2017 10:37:09 -0700

Hello community,

here is the log from the commit of package kdeconnect-kde for openSUSE:Factory 
checked in at 2017-07-12 19:36:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kdeconnect-kde (Old)
 and      /work/SRC/openSUSE:Factory/.kdeconnect-kde.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "kdeconnect-kde"

Wed Jul 12 19:36:40 2017 rev:5 rq:509687 version:1.0.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/kdeconnect-kde/kdeconnect-kde.changes    
2016-12-29 22:49:55.809051508 +0100
+++ /work/SRC/openSUSE:Factory/.kdeconnect-kde.new/kdeconnect-kde.changes       
2017-07-12 19:36:52.440991592 +0200
@@ -1,0 +2,6 @@
+Wed Jul 12 09:24:58 UTC 2017 - [email protected]
+
+- Add patch to fix unauthenticated HTML injection (kde#382243):
+  * 0001-Treat-device-names-as-plaintext-not-rich-text.patch
+
+-------------------------------------------------------------------

New:
----
  0001-Treat-device-names-as-plaintext-not-rich-text.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ kdeconnect-kde.spec ++++++
--- /var/tmp/diff_new_pack.JXIJeO/_old  2017-07-12 19:36:53.020909674 +0200
+++ /var/tmp/diff_new_pack.JXIJeO/_new  2017-07-12 19:36:53.020909674 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package kdeconnect-kde
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,8 @@
 Source:         
http://download.kde.org/stable/kdeconnect/%{version}/src/%{name}-%{version}.tar.xz
 Source100:      kdeconnect-kde.SuSEfirewall
 Source101:      kdeconnect-kde-firewalld.xml
+# PATCH-FIX-UPSTREAM
+Patch100:       0001-Treat-device-names-as-plaintext-not-rich-text.patch
 BuildRequires:  cmake >= 2.8.12
 BuildRequires:  extra-cmake-modules >= 0.0.9
 BuildRequires:  kf5-filesystem
@@ -70,6 +72,7 @@
 %{lang_package}
 %prep
 %setup -q
+%patch100 -p1
 
 %build
 %cmake_kf5 -d build

++++++ 0001-Treat-device-names-as-plaintext-not-rich-text.patch ++++++
>From 00ea0f6b4af342c6d780573afc9e93a23b3b8937 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <[email protected]>
Date: Wed, 12 Jul 2017 10:51:09 +0200
Subject: [PATCH] Treat device names as plaintext, not rich text

Summary:
Notifications, QML Text and QLabel accept a HTML subset,
which does not make sense for device names.

BUG: 382243

Test Plan:
Sent a pair request and accepted it, device name
now shown as plain text everywhere.

Reviewers: #kde_connect, albertvaka

Subscribers: #kde_connect

Differential Revision: https://phabricator.kde.org/D6640
---
 daemon/kdeconnectd.cpp                          | 2 +-
 kcm/kcm.ui                                      | 3 +++
 plasmoid/package/contents/ui/DeviceDelegate.qml | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/daemon/kdeconnectd.cpp b/daemon/kdeconnectd.cpp
index 0f242c7..696babe 100644
--- a/daemon/kdeconnectd.cpp
+++ b/daemon/kdeconnectd.cpp
@@ -46,7 +46,7 @@ public:
         KNotification* notification = new 
KNotification(QStringLiteral("pairingRequest"));
         notification->setIconName(QStringLiteral("dialog-information"));
         notification->setComponentName(QStringLiteral("kdeconnect"));
-        notification->setText(i18n("Pairing request from %1", 
getDevice(d->deviceLink()->deviceId())->name()));
+        notification->setText(i18n("Pairing request from %1", 
getDevice(d->deviceLink()->deviceId())->name()).toHtmlEscaped());
         notification->setActions(QStringList() << i18n("Accept") << 
i18n("Reject"));
         connect(notification, &KNotification::ignored, d, 
&PairingHandler::rejectPairing);
         connect(notification, &KNotification::action1Activated, d, 
&PairingHandler::acceptPairing);
diff --git a/kcm/kcm.ui b/kcm/kcm.ui
index a58569e..a533cb3 100644
--- a/kcm/kcm.ui
+++ b/kcm/kcm.ui
@@ -156,6 +156,9 @@
               <property name="text">
                <string>Device</string>
               </property>
+              <property name="textFormat">
+               <enum>Qt::PlainText</enum>
+              </property>
              </widget>
             </item>
             <item>
diff --git a/plasmoid/package/contents/ui/DeviceDelegate.qml 
b/plasmoid/package/contents/ui/DeviceDelegate.qml
index e90e021..15b124a 100644
--- a/plasmoid/package/contents/ui/DeviceDelegate.qml
+++ b/plasmoid/package/contents/ui/DeviceDelegate.qml
@@ -44,6 +44,7 @@ PlasmaComponents.ListItem
                 elide: Text.ElideRight
                 text: display
                 Layout.fillWidth: true
+                textFormat: Text.PlainText
             }
 
             //Find my phone
-- 
2.13.2

commit kdeconnect-kde for openSUSE:Factory

Reply via email to