File & input sanitization

This commit is contained in:
Jaidyn Ann 2021-03-03 20:45:46 -06:00
parent 41c25f8420
commit b4cde0e09d
8 changed files with 164 additions and 23 deletions

View File

@ -12,9 +12,6 @@ Important improvements:
so. so.
* _Huge_ problem, but I haven't had luck figuring it out yet… * _Huge_ problem, but I haven't had luck figuring it out yet…
* Move from BLists to BObjectLists where possible * Move from BLists to BObjectLists where possible
* General input sanitization
* File error-handling
* e.g., Utils.cpp's userFileError
* Fix background of Feeds List error status icon (it's black, not transparent) * Fix background of Feeds List error status icon (it's black, not transparent)
* Check if arg is a file or not (treat appropriately) * Check if arg is a file or not (treat appropriately)
* Make UI friendly to whatever font-size you throw at it * Make UI friendly to whatever font-size you throw at it

View File

@ -7,6 +7,7 @@
#include <iostream> #include <iostream>
#include <Alert.h>
#include <Box.h> #include <Box.h>
#include <Button.h> #include <Button.h>
#include <Message.h> #include <Message.h>
@ -51,7 +52,32 @@ EntriesView::MessageReceived(BMessage* msg)
status_t result = ((App*)be_app)->fPreferences->SetEntryDir( status_t result = ((App*)be_app)->fPreferences->SetEntryDir(
fEntryFolderText->Text()); fEntryFolderText->Text());
if (result != B_OK) if (result != B_OK)
userFileError(result, fEntryFolderText->Text()); _FileError(result);
fEntryFolderText->SetText(((App*)be_app)->fPreferences->EntryDir());
break;
}
case kEntryFolderBrowse:
{
entry_ref appsRef;
fEntryFolderPanel = new BFilePanel(B_OPEN_PANEL, NULL, NULL,
B_DIRECTORY_NODE, false, new BMessage(kEntryFolderPath));
fEntryFolderPanel->Show();
fEntryFolderPanel->SetTarget(this);
break;
}
case kEntryFolderPath:
{
entry_ref ref;
if (msg->HasRef("refs") && msg->FindRef("refs", &ref) == B_OK) {
status_t result = ((App*)be_app)->fPreferences->SetEntryDir(
BPath(&ref).Path());
if (result != B_OK)
_FileError(result);
}
fEntryFolderText->SetText(((App*)be_app)->fPreferences->EntryDir());
delete fEntryFolderPanel;
break; break;
} }
case kOpenHtmlRadio: case kOpenHtmlRadio:
@ -70,6 +96,16 @@ EntriesView::MessageReceived(BMessage* msg)
fOpenWithMenuField->MenuItem()->Label()); fOpenWithMenuField->MenuItem()->Label());
break; break;
} }
case kOpenWithBrowse:
{
entry_ref appsRef;
BEntry("/boot/system/apps/").GetRef(&appsRef);
fOpenWithPanel = new BFilePanel(B_OPEN_PANEL, NULL, &appsRef,
B_FILE_NODE, false, new BMessage(kOpenWithPath));
fOpenWithPanel->Show();
fOpenWithPanel->SetTarget(this);
}
case kOpenWithPath: case kOpenWithPath:
{ {
entry_ref ref; entry_ref ref;
@ -81,16 +117,6 @@ EntriesView::MessageReceived(BMessage* msg)
delete fOpenWithPanel; delete fOpenWithPanel;
break; break;
} }
case kOpenWithBrowse:
{
entry_ref appsRef;
BEntry("/boot/system/apps/").GetRef(&appsRef);
fOpenWithPanel = new BFilePanel(B_OPEN_PANEL, NULL, &appsRef,
B_FILE_NODE, false, new BMessage(kOpenWithPath));
fOpenWithPanel->Show();
fOpenWithPanel->SetTarget(this);
}
default: default:
{ {
BGroupView::MessageReceived(msg); BGroupView::MessageReceived(msg);
@ -213,3 +239,29 @@ EntriesView::_PopulateOpenWithMenu()
} }
void
EntriesView::_FileError(status_t result)
{
BPath cfgPath;
find_directory(B_USER_SETTINGS_DIRECTORY, &cfgPath);
if (result == B_NOT_A_DIRECTORY) {
BAlert* alert = new BAlert("Entries Directory", "The path you "
"selected isn't a folder― please choose another path.", "OK",
NULL, NULL, B_WIDTH_AS_USUAL, B_WARNING_ALERT);
alert->Go();
return;
}
userFileError(result, "Entries Directory",
"Couldn't open this folder because no path was specified.\n"
"Please select a new folder.",
"Couldn't open this folder because permission was denied.\n"
"This usually means that you don't have read permissions.\nPlease make "
"sure that your user has read-access to this folder.\nCheck your OS "
"documentation for more information.",
"There is not enough memory available on your system to access the "
"given path.\nPlease try closing a few applications and restarting Pogger.");
}

View File

@ -23,6 +23,7 @@ enum
{ {
kEntryFolderText = 'txef', kEntryFolderText = 'txef',
kEntryFolderBrowse = 'tbef', kEntryFolderBrowse = 'tbef',
kEntryFolderPath = 'txep',
kOpenHtmlRadio = 'rdow', kOpenHtmlRadio = 'rdow',
kOpenUrlRadio = 'roow', kOpenUrlRadio = 'roow',
kOpenWithSelect = 'mnow', kOpenWithSelect = 'mnow',
@ -42,11 +43,14 @@ private:
void _InitInterface(); void _InitInterface();
void _PopulateOpenWithMenu(); void _PopulateOpenWithMenu();
void _FileError(status_t result);
BBox* fSavingBox; BBox* fSavingBox;
BStringView* fEntryFolderLabel; BStringView* fEntryFolderLabel;
BTextControl* fEntryFolderText; BTextControl* fEntryFolderText;
BButton* fEntryFolderBrowseButton; BButton* fEntryFolderBrowseButton;
BFilePanel* fEntryFolderPanel;
BBox* fOpeningBox; BBox* fOpeningBox;
BStringView* fOpenAsLabel; BStringView* fOpenAsLabel;

View File

@ -5,6 +5,7 @@
#include "FeedEditWindow.h" #include "FeedEditWindow.h"
#include <Alert.h>
#include <Button.h> #include <Button.h>
#include <Message.h> #include <Message.h>
#include <LayoutBuilder.h> #include <LayoutBuilder.h>
@ -121,7 +122,7 @@ FeedEditWindow::_InitInterface()
.End(); .End();
} }
#include <iostream>
void void
FeedEditWindow::_SaveFeed() FeedEditWindow::_SaveFeed()
{ {
@ -132,6 +133,24 @@ FeedEditWindow::_SaveFeed()
BString title(fFeedNameText->Text()); BString title(fFeedNameText->Text());
const char* urlString = fFeedUrlText->Text(); const char* urlString = fFeedUrlText->Text();
BUrl url = BUrl(urlString);
if (BString(urlString).IsEmpty() == true) {
BAlert* emptyAlert = new BAlert("Invalid Feed",
"Please enter a URL.", "OK", NULL, NULL,
B_WIDTH_AS_USUAL, B_OFFSET_SPACING, B_WARNING_ALERT);
emptyAlert->Go();
return;
}
if (url.IsValid() == false) {
BAlert* invAlert = new BAlert("Invalid Feed",
"The given URL is invalid. Please make sure you typed it in correctly.",
"OK", NULL, NULL, B_WIDTH_AS_USUAL, B_OFFSET_SPACING, B_WARNING_ALERT);
invAlert->Go();
return;
}
BString filename; BString filename;
if (title.IsEmpty()) if (title.IsEmpty())
filename = BString(urlString); filename = BString(urlString);

View File

@ -5,10 +5,10 @@
#include "Preferences.h" #include "Preferences.h"
#include <iostream>
#include <String.h> #include <String.h>
#include "Util.h"
Preferences::Preferences() { Preferences::Preferences() {
} }
@ -27,9 +27,12 @@ Preferences::Load()
cfgPath.Append("Pogger"); cfgPath.Append("Pogger");
BString filename = BString(cfgPath.Path()).Append("/Settings"); BString filename = BString(cfgPath.Path()).Append("/Settings");
BFile file(filename.String(), B_READ_ONLY); BFile file = BFile(filename.String(), B_READ_ONLY);
status_t result = file.InitCheck(); status_t result = file.InitCheck();
if (result == B_PERMISSION_DENIED || result == B_NO_MEMORY)
_FileError(result);
BMessage storage; BMessage storage;
storage.Unflatten(&file); storage.Unflatten(&file);
@ -68,8 +71,12 @@ Preferences::Save()
BMessage storage; BMessage storage;
BString filename = BString(cfgPath.Path()).Append("/Settings"); BString filename = BString(cfgPath.Path()).Append("/Settings");
BFile file(filename.String(), B_WRITE_ONLY | B_CREATE_FILE | B_ERASE_FILE); BFile file = BFile(filename.String(), B_WRITE_ONLY | B_CREATE_FILE | B_ERASE_FILE);
status_t result = file.InitCheck(); status_t result = file.InitCheck();
if (result != B_OK) {
_FileError(result);
return;
}
storage.AddString("entryDir", fEntryDir.String()); storage.AddString("entryDir", fEntryDir.String());
storage.AddString("openWith", fOpenWith.String()); storage.AddString("openWith", fOpenWith.String());
@ -128,7 +135,10 @@ Preferences::EntryDir()
status_t status_t
Preferences::SetEntryDir(const char* path) Preferences::SetEntryDir(const char* path)
{ {
status_t testStatus = BEntry(path).InitCheck(); status_t testStatus = BDirectory(path).InitCheck();
if (BDirectory(path).IsDirectory() == false)
return B_NOT_A_DIRECTORY;
if (testStatus == B_OK) if (testStatus == B_OK)
fEntryDir = BString(path); fEntryDir = BString(path);
return testStatus; return testStatus;
@ -171,3 +181,28 @@ Preferences::SetEntryOpenAsHtml(bool asHtml)
} }
void
Preferences::_FileError(status_t result)
{
BPath cfgPath;
find_directory(B_USER_SETTINGS_DIRECTORY, &cfgPath);
BString permLabel("Couldn't open the preferences file because permission "
"was denied.\nThis usually means that you don't have read permissions to "
"your settings directory.\nPlease make sure that your user has "
"read-access to your settings directory― likely %path%.\nCheck your OS "
"documentation for more information.");
permLabel.ReplaceAll("%path%", cfgPath.Path());
userFileError(result, "Preferences file",
"Couldn't open the preferences file because the path is not "
"specified.\nThis usually means that the programmer made a mistake.\n"
"Please submit a bug report to the Pogger repository on GitHub.\n"
"Your personal settings will not be loaded.",
permLabel.String(),
"There is not enough memory available on your system to load the "
"preferences file.\nPlease try closing a few applications and restarting "
"Pogger.");
}

View File

@ -49,6 +49,8 @@ public:
int32 fTabSelection; int32 fTabSelection;
private: private:
void _FileError(status_t result);
int8 fUpdateInterval; int8 fUpdateInterval;
BString fEntryDir; BString fEntryDir;

View File

@ -9,6 +9,7 @@
#include <iostream> #include <iostream>
#include <iomanip> #include <iomanip>
#include <Alert.h>
#include <Application.h> #include <Application.h>
#include <Bitmap.h> #include <Bitmap.h>
#include <Directory.h> #include <Directory.h>
@ -165,8 +166,35 @@ fetch(BUrl url, BDataIO* reply, BString* hash, int timeout)
void void
userFileError(status_t status, const char* path) userFileError(status_t status, const char* title, const char* bad_value,
const char* perm_denied, const char* no_memory)
{ {
BString label;
switch (status) {
case B_BAD_VALUE:
{
label = bad_value;
break;
}
case B_READ_ONLY_DEVICE:
case B_PERMISSION_DENIED:
{
label = perm_denied;
break;
}
case B_NO_MEMORY:
{
label = no_memory;
break;
}
default:
return;
}
BAlert* alert = new BAlert(title, label.String(), "OK", NULL, NULL,
B_WIDTH_AS_USUAL, B_WARNING_ALERT);
alert->Go();
} }

View File

@ -31,15 +31,19 @@ const char* tempFileName(const char* dir, const char* name, const char* suffix);
int32 fetch(BUrl url, BDataIO* reply, BString* hash, int timeout); int32 fetch(BUrl url, BDataIO* reply, BString* hash, int timeout);
void userFileError(status_t status, const char* path); // The strings passed to this function are adapted from those in
// Calendar (utils/Preferences.cpp).
void userFileError(status_t status, const char* title, const char* bad_value,
const char* perm_denied, const char* no_memory);
// Takes a (probably invalid) bit of HTML and adds necessary elements in a // Takes a (probably invalid) bit of HTML and adds necessary elements in a
// temporary copy. Returns an entry_ref to said temporary copy. // temporary copy. Returns an entry_ref to said temporary copy.
entry_ref tempHtmlFile(entry_ref* ref, const char* title); entry_ref tempHtmlFile(entry_ref* ref, const char* title);
// Ripped from Calendar (utils/ResourceLoader.cpp) // Also ripped from Calendar (utils/ResourceLoader.cpp)
BBitmap* loadVectorIcon(const char* name, int32 iconSize = 32, BBitmap* loadVectorIcon(const char* name, int32 iconSize = 32,
int32 cropSize = 22); int32 cropSize = 22);
#endif // UTIL_H #endif // UTIL_H