Skip to content
Permalink
Browse files

[ui] add security warning to the plugin manager's install from ZIP

(cherry-picked from 683df59)
  • Loading branch information
nirvn authored and nyalldawson committed Aug 20, 2018
1 parent 6c3f9b4 commit f198c11600538c693e0547fe706efb5fe6ee5dd3
Showing with 23 additions and 2 deletions.
  1. +23 −2 src/app/pluginmanager/qgspluginmanager.cpp
@@ -30,6 +30,7 @@
#include <QTextStream>
#include <QTimer>
#include <QDesktopServices>
#include <QCheckBox>

#include "qgis.h"
#include "qgisapp.h"
@@ -1367,8 +1368,28 @@ void QgsPluginManager::mZipFileWidget_fileChanged( const QString &filePath )

void QgsPluginManager::buttonInstallFromZip_clicked()
{
QgsPythonRunner::run( QStringLiteral( "pyplugin_installer.instance().installFromZipFile(r'%1')" ).arg( mZipFileWidget->filePath() ) );
mZipFileWidget->setFilePath( "" );
QgsSettings settings;
bool showInstallFromZipWarning = settings.value( QStringLiteral( "UI/showInstallFromZipWarning" ), true ).toBool();

QMessageBox msgbox;
if ( showInstallFromZipWarning )
{
msgbox.setText( tr( "Security warning: installing a plugin from an untrusted source can lead to data loss and/or leak. Continue?" ) );
msgbox.setIcon( QMessageBox::Icon::Warning );
msgbox.addButton( QMessageBox::Yes );
msgbox.addButton( QMessageBox::No );
msgbox.setDefaultButton( QMessageBox::No );
QCheckBox *cb = new QCheckBox( tr( "Don't show this again." ) );
msgbox.setCheckBox( cb );
msgbox.exec();
settings.setValue( QStringLiteral( "UI/showInstallFromZipWarning" ), !msgbox.checkBox()->isChecked() );
}

if ( !showInstallFromZipWarning || msgbox.result() == QMessageBox::Yes )
{
QgsPythonRunner::run( QStringLiteral( "pyplugin_installer.instance().installFromZipFile(r'%1')" ).arg( mZipFileWidget->filePath() ) );
mZipFileWidget->setFilePath( "" );
}
}


0 comments on commit f198c11

Please sign in to comment.
You can’t perform that action at this time.