Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add Utils::String::toHtmlEscaped
  • Loading branch information
Chocobo1 authored and sledgehammer999 committed Mar 3, 2017
1 parent eba45a0 commit 6ca3e4f
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 8 deletions.
5 changes: 3 additions & 2 deletions src/base/logger.cpp
@@ -1,6 +1,7 @@
#include "logger.h"

#include <QDateTime>
#include "base/utils/string.h"

Logger* Logger::m_instance = 0;

Expand Down Expand Up @@ -36,7 +37,7 @@ void Logger::addMessage(const QString &message, const Log::MsgType &type)
{
QWriteLocker locker(&lock);

Log::Msg temp = { msgCounter++, QDateTime::currentMSecsSinceEpoch(), type, message };
Log::Msg temp = { msgCounter++, QDateTime::currentMSecsSinceEpoch(), type, Utils::String::toHtmlEscaped(message) };
m_messages.push_back(temp);

if (m_messages.size() >= MAX_LOG_MESSAGES)
Expand All @@ -49,7 +50,7 @@ void Logger::addPeer(const QString &ip, bool blocked, const QString &reason)
{
QWriteLocker locker(&lock);

Log::Peer temp = { peerCounter++, QDateTime::currentMSecsSinceEpoch(), ip, blocked, reason };
Log::Peer temp = { peerCounter++, QDateTime::currentMSecsSinceEpoch(), Utils::String::toHtmlEscaped(ip), blocked, Utils::String::toHtmlEscaped(reason) };
m_peers.push_back(temp);

if (m_peers.size() >= MAX_LOG_MESSAGES)
Expand Down
9 changes: 9 additions & 0 deletions src/base/utils/string.cpp
Expand Up @@ -211,3 +211,12 @@ bool Utils::String::slowEquals(const QByteArray &a, const QByteArray &b)

return (diff == 0);
}

QString Utils::String::toHtmlEscaped(const QString &str)
{
#ifdef QBT_USES_QT5
return str.toHtmlEscaped();
#else
return Qt::escape(str);
#endif
}
2 changes: 2 additions & 0 deletions src/base/utils/string.h
Expand Up @@ -47,6 +47,8 @@ namespace Utils
// Taken from https://crackstation.net/hashing-security.htm
bool slowEquals(const QByteArray &a, const QByteArray &b);

QString toHtmlEscaped(const QString &str);

bool naturalCompareCaseSensitive(const QString &left, const QString &right);
bool naturalCompareCaseInsensitive(const QString &left, const QString &right);
}
Expand Down
5 changes: 3 additions & 2 deletions src/gui/deletionconfirmationdlg.h
Expand Up @@ -35,8 +35,9 @@
#include <QPushButton>
#include "ui_confirmdeletiondlg.h"
#include "base/preferences.h"
#include "guiiconprovider.h"
#include "base/utils/misc.h"
#include "base/utils/string.h"
#include "guiiconprovider.h"

class DeletionConfirmationDlg : public QDialog, private Ui::confirmDeletionDlg {
Q_OBJECT
Expand All @@ -45,7 +46,7 @@ class DeletionConfirmationDlg : public QDialog, private Ui::confirmDeletionDlg {
DeletionConfirmationDlg(QWidget *parent, const int &size, const QString &name, bool defaultDeleteFiles): QDialog(parent) {
setupUi(this);
if (size == 1)
label->setText(tr("Are you sure you want to delete '%1' from the transfer list?", "Are you sure you want to delete 'ubuntu-linux-iso' from the transfer list?").arg(name));
label->setText(tr("Are you sure you want to delete '%1' from the transfer list?", "Are you sure you want to delete 'ubuntu-linux-iso' from the transfer list?").arg(Utils::String::toHtmlEscaped(name)));
else
label->setText(tr("Are you sure you want to delete these %1 torrents from the transfer list?", "Are you sure you want to delete these 5 torrents from the transfer list?").arg(QString::number(size)));
// Icons
Expand Down
4 changes: 2 additions & 2 deletions src/gui/properties/peerlistwidget.cpp
Expand Up @@ -401,7 +401,7 @@ QStandardItem* PeerListWidget::addPeer(const QString& ip, BitTorrent::TorrentHan
m_listModel->setData(m_listModel->index(row, PeerListDelegate::CONNECTION), peer.connectionType());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::FLAGS), peer.flags());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::FLAGS), peer.flagsDescription(), Qt::ToolTipRole);
m_listModel->setData(m_listModel->index(row, PeerListDelegate::CLIENT), peer.client());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::CLIENT), Utils::String::toHtmlEscaped(peer.client()));
m_listModel->setData(m_listModel->index(row, PeerListDelegate::PROGRESS), peer.progress());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::DOWN_SPEED), peer.payloadDownSpeed());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::UP_SPEED), peer.payloadUpSpeed());
Expand Down Expand Up @@ -432,7 +432,7 @@ void PeerListWidget::updatePeer(const QString &ip, BitTorrent::TorrentHandle *co
m_listModel->setData(m_listModel->index(row, PeerListDelegate::PORT), peer.address().port);
m_listModel->setData(m_listModel->index(row, PeerListDelegate::FLAGS), peer.flags());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::FLAGS), peer.flagsDescription(), Qt::ToolTipRole);
m_listModel->setData(m_listModel->index(row, PeerListDelegate::CLIENT), peer.client());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::CLIENT), Utils::String::toHtmlEscaped(peer.client()));
m_listModel->setData(m_listModel->index(row, PeerListDelegate::PROGRESS), peer.progress());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::DOWN_SPEED), peer.payloadDownSpeed());
m_listModel->setData(m_listModel->index(row, PeerListDelegate::UP_SPEED), peer.payloadUpSpeed());
Expand Down
4 changes: 2 additions & 2 deletions src/gui/properties/propertieswidget.cpp
Expand Up @@ -314,12 +314,12 @@ void PropertiesWidget::loadTorrentInfos(BitTorrent::TorrentHandle *const torrent
label_total_size_val->setText(Utils::Misc::friendlyUnit(m_torrent->totalSize()));

// Comment
comment_text->setText(Utils::Misc::parseHtmlLinks(m_torrent->comment()));
comment_text->setText(Utils::Misc::parseHtmlLinks(Utils::String::toHtmlEscaped(m_torrent->comment())));

// URL seeds
loadUrlSeeds();

label_created_by_val->setText(m_torrent->creator());
label_created_by_val->setText(Utils::String::toHtmlEscaped(m_torrent->creator()));

// List files in torrent
PropListModel->model()->setupModelData(m_torrent->info());
Expand Down

1 comment on commit 6ca3e4f

@carnil
Copy link

@carnil carnil commented on 6ca3e4f Mar 6, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2017-6503

Please sign in to comment.