API tools faq
paste
Advertisement
david_david

mumble-1.2.3-mga-CVE-2014-3756.patch

david_david
May 18th, 2014
241
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.64 KB | None | 0 0
raw download clone embed print report
  1. commit e30d7acda6c04b667618ac86f49786cf966a08fb
  2. Author: Mikkel Krautz <mikkel@krautz.dk>
  3. Date: Tue May 13 20:54:27 2014 +0200
  4.  
  5. mumble: fix Mumble-SA-2014-006.
  6.  
  7. Usernames and channel names were not properly HTML-escaped
  8. when used in Qt widgets that are rich-text enabled.
  9.  
  10. This commit fixes that, but also touches various other
  11. similar cases where an escaped version is appropriate.
  12.  
  13. This commit is based on the following commits from the
  14. master branch (Mumble 1.3.0):
  15.  
  16. b7d9387bd6dacbad0b2345f03dd8502a51c42f6a
  17. 1caaec763b91c8a12b11d7ceb37e21622f4da76e
  18. a0ebded7df388ce625dfbeb0c2bd65fb782da2a4
  19. c52dedce8409da0654fd197690ff95411df3f9b2
  20. 1f6ddaf35f9583ef72f2d924b76b425ec85fc692
  21. 73a1a98d16a29c78d85e1c19b8feac7ba22dddfe
  22. d58990c374502cfdd4a5f2bd8dbd490f19e9e511
  23. b6e17cac696396d5bcbc3391846f9cacb9c072c4
  24. 9837c4dc2d1d6c60505f7246cd00ffa33ad808a9
  25. 17fa695b222a8b308438f9283e78dfba931e8712
  26. d9ff1e947d4d00f6cd8d38fd04cd87f6e3167028
  27.  
  28. Special thanks to Tim Cooper for various of the above
  29. patches.
  30.  
  31. Rediffed by daviddavid (Mageia Team) for mumble-1.2.3.
  32.  
  33. --- mumble-1.2.3/src/mumble/ALSAAudio.cpp.orig 2014-05-16 20:59:15.025347292 +0200
  34. +++ mumble-1.2.3/src/mumble/ALSAAudio.cpp 2014-05-16 21:01:08.715796764 +0200
  35. @@ -357,7 +357,7 @@
  36. snd_pcm_close(capture_handle);
  37. capture_handle = NULL;
  38. }
  39. - g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(QLatin1String(snd_strerror(err))));
  40. + g.mw->msgBox(tr("Opening chosen ALSA Input failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err)))));
  41. return;
  42. }
  43.  
  44. @@ -492,7 +492,7 @@
  45. snd_pcm_writei(pcm_handle, zerobuff, period_size);
  46.  
  47. if (! bOk) {
  48. - g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(QLatin1String(snd_strerror(err))));
  49. + g.mw->msgBox(tr("Opening chosen ALSA Output failed: %1").arg(Qt::escape(QLatin1String(snd_strerror(err)))));
  50. if (pcm_handle) {
  51. snd_pcm_close(pcm_handle);
  52. pcm_handle = NULL;
  53. --- mumble-1.2.3/src/mumble/ASIOInput.cpp.orig 2011-02-19 22:35:16.000000000 +0100
  54. +++ mumble-1.2.3/src/mumble/ASIOInput.cpp 2014-05-16 21:04:32.153652669 +0200
  55. @@ -265,7 +265,7 @@
  56. char err[255];
  57. iasio->getErrorMessage(err);
  58. SleepEx(10, false);
  59. - QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton);
  60. + QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton);
  61. }
  62. iasio->Release();
  63. } else {
  64. @@ -290,7 +290,7 @@
  65. char err[255];
  66. iasio->getErrorMessage(err);
  67. SleepEx(10, false);
  68. - QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(QLatin1String(err)), QMessageBox::Ok, QMessageBox::NoButton);
  69. + QMessageBox::critical(this, QLatin1String("Mumble"), tr("ASIO Initialization failed: %1").arg(Qt::escape(QLatin1String(err))), QMessageBox::Ok, QMessageBox::NoButton);
  70. }
  71. iasio->Release();
  72. } else {
  73. --- mumble-1.2.3/src/mumble/ASIOInput.ui.orig 2014-05-16 21:08:49.101309395 +0200
  74. +++ mumble-1.2.3/src/mumble/ASIOInput.ui 2014-05-16 21:10:46.486228414 +0200
  75. @@ -99,6 +99,9 @@
  76. <property name="text">
  77. <string/>
  78. </property>
  79. + <property name="textFormat">
  80. + <enum>Qt::PlainText</enum>
  81. + </property>
  82. </widget>
  83. </item>
  84. <item row="1" column="0">
  85. @@ -119,6 +122,9 @@
  86. <property name="text">
  87. <string/>
  88. </property>
  89. + <property name="textFormat">
  90. + <enum>Qt::PlainText</enum>
  91. + </property>
  92. </widget>
  93. </item>
  94. </layout>
  95. --- mumble-1.2.3/src/mumble/AudioConfigDialog.cpp.orig 2011-02-19 22:35:16.000000000 +0100
  96. +++ mumble-1.2.3/src/mumble/AudioConfigDialog.cpp 2014-05-16 21:13:36.431827626 +0200
  97. @@ -350,7 +350,7 @@
  98.  
  99. foreach(audioDevice d, ql) {
  100. qcbDevice->addItem(d.first, d.second);
  101. - qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole);
  102. + qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole);
  103. ++idx;
  104. }
  105.  
  106. @@ -483,7 +483,7 @@
  107.  
  108. foreach(audioDevice d, ql) {
  109. qcbDevice->addItem(d.first, d.second);
  110. - qcbDevice->setItemData(idx, d.first, Qt::ToolTipRole);
  111. + qcbDevice->setItemData(idx, Qt::escape(d.first), Qt::ToolTipRole);
  112. ++idx;
  113. }
  114. bool canmute = aor->canMuteOthers();
  115. --- mumble-1.2.3/src/mumble/AudioOutput.cpp.orig 2014-05-16 21:22:15.179757821 +0200
  116. +++ mumble-1.2.3/src/mumble/AudioOutput.cpp 2014-05-16 21:23:08.124486823 +0200
  117. @@ -299,7 +299,7 @@
  118. if ((sf = AudioOutputSample::loadSndfile(file)) == NULL) {
  119. QMessageBox::critical(NULL,
  120. tr("Invalid sound file"),
  121. - tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(file));
  122. + tr("The file '%1' cannot be used by Mumble. Please select a file with a compatible format and encoding.").arg(Qt::escape(file)));
  123. return QString();
  124. }
  125. delete sf;
  126. --- mumble-1.2.3/src/mumble/Cert.cpp.orig 2014-05-16 21:24:29.461824381 +0200
  127. +++ mumble-1.2.3/src/mumble/Cert.cpp 2014-05-16 21:27:26.031265449 +0200
  128. @@ -51,6 +51,7 @@
  129. grid->addWidget(l, 0, 0, 1, 1, Qt::AlignRight);
  130.  
  131. qlSubjectName = new QLabel();
  132. + qlSubjectName->setTextFormat(Qt::PlainText);
  133. qlSubjectName->setWordWrap(true);
  134. grid->addWidget(qlSubjectName, 0, 1, 1, 1);
  135.  
  136. @@ -58,6 +59,7 @@
  137. grid->addWidget(l, 1, 0, 1, 1, Qt::AlignRight);
  138.  
  139. qlSubjectEmail = new QLabel();
  140. + qlSubjectEmail->setTextFormat(Qt::PlainText);
  141. qlSubjectEmail->setWordWrap(true);
  142. grid->addWidget(qlSubjectEmail, 1, 1, 1, 1);
  143.  
  144. @@ -65,6 +67,7 @@
  145. grid->addWidget(l, 2, 0, 1, 1, Qt::AlignRight);
  146.  
  147. qlIssuerName = new QLabel();
  148. + qlIssuerName->setTextFormat(Qt::PlainText);
  149. qlIssuerName->setWordWrap(true);
  150. grid->addWidget(qlIssuerName, 2, 1, 1, 1);
  151.  
  152. @@ -100,12 +103,12 @@
  153. qlSubjectName->setText(tmpName);
  154.  
  155. if (emails.count() > 0)
  156. - qlSubjectEmail->setText(emails.join(QLatin1String("<br />")));
  157. + qlSubjectEmail->setText(emails.join(QLatin1String("\n")));
  158. else
  159. qlSubjectEmail->setText(tr("(none)"));
  160.  
  161. if (qscCert.expiryDate() <= QDateTime::currentDateTime())
  162. - qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(qscCert.expiryDate().toString(Qt::SystemLocaleDate)));
  163. + qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(Qt::escape(qscCert.expiryDate().toString(Qt::SystemLocaleDate))));
  164. else
  165. qlExpiry->setText(qscCert.expiryDate().toString(Qt::SystemLocaleDate));
  166.  
  167. --- mumble-1.2.3/src/mumble/ConnectDialog.cpp.orig 2014-05-16 21:30:16.767965205 +0200
  168. +++ mumble-1.2.3/src/mumble/ConnectDialog.cpp 2014-05-16 21:33:57.459013903 +0200
  169. @@ -447,7 +447,7 @@
  170. } else if (role == Qt::ToolTipRole) {
  171. QStringList qsl;
  172. foreach(const QHostAddress &qha, qlAddresses)
  173. - qsl << qha.toString();
  174. + qsl << Qt::escape(qha.toString());
  175.  
  176. double ploss = 100.0;
  177.  
  178. @@ -457,18 +457,18 @@
  179. QString qs;
  180. qs +=
  181. QLatin1String("<table>") +
  182. - QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), qsName) +
  183. - QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), qsHostname);
  184. + QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Servername"), Qt::escape(qsName)) +
  185. + QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Hostname"), Qt::escape(qsHostname));
  186.  
  187. if (! qsBonjourHost.isEmpty())
  188. - qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), qsBonjourHost);
  189. + qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Bonjour name"), Qt::escape(qsBonjourHost));
  190.  
  191. qs +=
  192. QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Port")).arg(usPort) +
  193. QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Addresses"), qsl.join(QLatin1String(", ")));
  194.  
  195. if (! qsUrl.isEmpty())
  196. - qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), qsUrl);
  197. + qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Website"), Qt::escape(qsUrl));
  198.  
  199. if (uiSent > 0) {
  200. qs += QString::fromLatin1("<tr><th align=left>%1</th><td>%2</td></tr>").arg(ConnectDialog::tr("Packet loss"), QString::fromLatin1("%1% (%2/%3)").arg(ploss, 0, 'f', 1).arg(uiRecv).arg(uiSent));
  201. @@ -622,7 +622,7 @@
  202. mime->setUrls(urls);
  203.  
  204. mime->setText(qs);
  205. - mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(qsName));
  206. + mime->setHtml(QString::fromLatin1("<a href=\"%1\">%2</a>").arg(qs).arg(Qt::escape(name)));
  207.  
  208. if (itType == FavoriteType)
  209. mime->setData(QLatin1String("OriginatedInMumble"), QByteArray());
  210. --- mumble-1.2.3/src/mumble/Database.cpp.orig 2014-05-16 21:35:46.167830234 +0200
  211. +++ mumble-1.2.3/src/mumble/Database.cpp 2014-05-16 21:36:38.653500893 +0200
  212. @@ -88,7 +88,7 @@
  213. QFileInfo fi(db.databaseName());
  214.  
  215. if (! fi.isWritable()) {
  216. - QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(fi.filePath()), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton);
  217. + QMessageBox::critical(NULL, QLatin1String("Mumble"), tr("The database '%1' is read-only. Mumble cannot store server settings (i.e. SSL certificates) until you fix this problem.").arg(Qt::escape(fi.filePath())), QMessageBox::Ok | QMessageBox::Default, QMessageBox::NoButton);
  218. qWarning("Database: Database is read-only");
  219. }
  220.  
  221. --- mumble-1.2.3/src/mumble/LCD.cpp.orig 2014-05-16 21:38:09.227012321 +0200
  222. +++ mumble-1.2.3/src/mumble/LCD.cpp 2014-05-16 21:39:03.958968471 +0200
  223. @@ -108,7 +108,7 @@
  224. qtwi->setFlags(Qt::ItemIsEnabled |Qt::ItemIsUserCheckable);
  225.  
  226. qtwi->setText(0, d->name());
  227. - qtwi->setToolTip(0, d->name());
  228. + qtwi->setToolTip(0, Qt::escape(d->name()));
  229.  
  230. QSize lcdsize = d->size();
  231. QString qsSize = QString::fromLatin1("%1x%2").arg(lcdsize.width()).arg(lcdsize.height());
  232. --- mumble-1.2.3/src/mumble/Log.cpp.orig 2014-05-16 20:01:17.293295057 +0200
  233. +++ mumble-1.2.3/src/mumble/Log.cpp 2014-05-16 21:44:30.732499706 +0200
  234. @@ -270,7 +270,7 @@
  235. }
  236.  
  237. QString Log::formatChannel(::Channel *c) {
  238. - return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(c->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
  239. + return QString::fromLatin1("<a href='channelid://%1/%3' class='log-channel'>%2</a>").arg(c->iId).arg(Qt::escape(c->qsName)).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
  240. }
  241.  
  242. QString Log::formatClientUser(ClientUser *cu, LogColorType t) {
  243. @@ -282,10 +282,11 @@
  244. }
  245.  
  246. if (cu) {
  247. + QString name = Qt::escape(cu->qsName);
  248. if (cu->qsHash.isEmpty()) {
  249. - return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(cu->qsName).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
  250. + return QString::fromLatin1("<a href='clientid://%2/%4' class='log-user log-%1'>%3</a>").arg(className).arg(cu->uiSession).arg(name).arg(QString::fromLatin1(g.sh->qbaDigest.toBase64()));
  251. } else {
  252. - return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(cu->qsName);
  253. + return QString::fromLatin1("<a href='clientid://%2' class='log-user log-%1'>%3</a>").arg(className).arg(cu->qsHash).arg(name);
  254. }
  255. } else {
  256. return QString::fromLatin1("<span class='log-server log-%1'>%2</span>").arg(className).arg(tr("the server"));
  257. @@ -447,7 +448,7 @@
  258. if (qdDate != dt.date()) {
  259. qdDate = dt.date();
  260. tc.insertBlock();
  261. - tc.insertHtml(tr("[Date changed to %1]\n").arg(qdDate.toString(Qt::DefaultLocaleShortDate)));
  262. + tc.insertHtml(tr("[Date changed to %1]\n").arg(Qt::escape(qdDate.toString(Qt::DefaultLocaleShortDate))));
  263. tc.movePosition(QTextCursor::End);
  264. }
  265.  
  266. @@ -460,7 +461,7 @@
  267. } else if (! g.mw->qteLog->document()->isEmpty()) {
  268. tc.insertBlock();
  269. }
  270. - tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(dt.time().toString(Qt::DefaultLocaleShortDate)), Log::Time));
  271. + tc.insertHtml(Log::msgColor(QString::fromLatin1("[%1] ").arg(Qt::escape(dt.time().toString(Qt::DefaultLocaleShortDate))), Log::Time));
  272. validHtml(console, true, &tc);
  273. tc.movePosition(QTextCursor::End);
  274. g.mw->qteLog->setTextCursor(tc);
  275. --- mumble-1.2.3/src/mumble/MainWindow.cpp.orig 2014-05-16 20:28:57.462753125 +0200
  276. +++ mumble-1.2.3/src/mumble/MainWindow.cpp 2014-05-16 21:54:41.068070219 +0200
  277. @@ -638,7 +638,7 @@
  278. }
  279.  
  280. void MainWindow::openUrl(const QUrl &url) {
  281. - g.l->log(Log::Information, tr("Opening URL %1").arg(url.toString()));
  282. + g.l->log(Log::Information, tr("Opening URL %1").arg(Qt::escape(url.toString())));
  283. if (url.scheme() == QLatin1String("file")) {
  284. QFile f(url.toLocalFile());
  285. if (! f.exists() || ! f.open(QIODevice::ReadOnly)) {
  286. @@ -726,7 +726,7 @@
  287. g.s.qsLastServer = name;
  288. rtLast = MumbleProto::Reject_RejectType_None;
  289. qaServerDisconnect->setEnabled(true);
  290. - g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(host, Log::Server)));
  291. + g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(host), Log::Server)));
  292. g.sh->setConnectionInfo(host, port, user, pw);
  293. g.sh->start(QThread::TimeCriticalPriority);
  294. }
  295. @@ -902,7 +902,7 @@
  296. qsDesiredChannel = QString();
  297. rtLast = MumbleProto::Reject_RejectType_None;
  298. qaServerDisconnect->setEnabled(true);
  299. - g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(cd->qsServer, Log::Server)));
  300. + g.l->log(Log::Information, tr("Connecting to server %1.").arg(Log::msgColor(Qt::escape(cd->qsServer), Log::Server)));
  301. g.sh->setConnectionInfo(cd->qsServer, cd->usPort, cd->qsUsername, cd->qsPassword);
  302. g.sh->start(QThread::TimeCriticalPriority);
  303. }
  304. @@ -978,7 +978,7 @@
  305. return;
  306.  
  307. QMessageBox::StandardButton result;
  308. - result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
  309. + result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
  310.  
  311. if (result == QMessageBox::Yes)
  312. g.sh->registerUser(p->uiSession);
  313. @@ -1052,7 +1052,7 @@
  314. qsVersion.append(tr("<p>No build information or OS version available.</p>"));
  315. } else {
  316. qsVersion.append(tr("<p>%1 (%2)<br />%3</p>")
  317. - .arg(g.sh->qsRelease, g.sh->qsOS, g.sh->qsOSVersion));
  318. + .arg(Qt::escape(g.sh->qsRelease), Qt::escape(g.sh->qsOS), Qt::escape(g.sh->qsOSVersion)));
  319. }
  320.  
  321. QString host, uname, pw;
  322. @@ -1061,10 +1061,10 @@
  323. g.sh->getConnectionInfo(host,port,uname,pw);
  324.  
  325. QString qsControl=tr("<h2>Control channel</h2><p>Encrypted with %1 bit %2<br />%3 ms average latency (%4 deviation)</p><p>Remote host %5 (port %6)</p>").arg(QString::number(qsc.usedBits()),
  326. - qsc.name(),
  327. + Qt::escape(qsc.name()),
  328. QString::fromLatin1("%1").arg(boost::accumulators::mean(g.sh->accTCP), 0, 'f', 2),
  329. QString::fromLatin1("%1").arg(sqrt(boost::accumulators::variance(g.sh->accTCP)),0,'f',2),
  330. - host,
  331. + Qt::escape(host),
  332. QString::number(port));
  333. QString qsVoice, qsCrypt, qsAudio;
  334.  
  335. @@ -1305,9 +1305,9 @@
  336. QMessageBox::StandardButton result;
  337.  
  338. if (session == g.uiSession)
  339. - result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
  340. + result = QMessageBox::question(this, tr("Register yourself as %1").arg(p->qsName), tr("<p>You are about to register yourself on this server. This action cannot be undone, and your username cannot be changed once this is done. You will forever be known as '%1' on this server.</p><p>Are you sure you want to register yourself?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
  341. else
  342. - result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(p->qsName), QMessageBox::Yes|QMessageBox::No);
  343. + result = QMessageBox::question(this, tr("Register user %1").arg(p->qsName), tr("<p>You are about to register %1 on the server. This action cannot be undone, the username cannot be changed, and as a registered user, %1 will have access to the server even if you change the server password.</p><p>From this point on, %1 will be authenticated with the certificate currently in use.</p><p>Are you sure you want to register %1?</p>").arg(Qt::escape(p->qsName)), QMessageBox::Yes|QMessageBox::No);
  344.  
  345. if (result == QMessageBox::Yes) {
  346. p = ClientUser::get(session);
  347. @@ -1445,7 +1445,7 @@
  348. unsigned int session = p->uiSession;
  349.  
  350. int ret = QMessageBox::question(this, QLatin1String("Mumble"),
  351. - tr("Are you sure you want to reset the comment of user %1?").arg(p->qsName),
  352. + tr("Are you sure you want to reset the comment of user %1?").arg(Qt::escape(p->qsName)),
  353. QMessageBox::Yes, QMessageBox::No);
  354. if (ret == QMessageBox::Yes) {
  355. g.sh->setUserComment(session, QString());
  356. @@ -1638,7 +1638,7 @@
  357.  
  358. int id = c->iId;
  359.  
  360. - ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(c->qsName), QMessageBox::Yes, QMessageBox::No);
  361. + ret=QMessageBox::question(this, QLatin1String("Mumble"), tr("Are you sure you want to delete %1 and all its sub-channels?").arg(Qt::escape(c->qsName)), QMessageBox::Yes, QMessageBox::No);
  362.  
  363. c = Channel::get(id);
  364. if (!c)
  365. @@ -2331,7 +2331,7 @@
  366.  
  367. if (! g.sh->qlErrors.isEmpty()) {
  368. foreach(QSslError e, g.sh->qlErrors)
  369. - g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(e.errorString()));
  370. + g.l->log(Log::Warning, tr("SSL Verification failed: %1").arg(Qt::escape(e.errorString())));
  371. if (! g.sh->qscCert.isEmpty()) {
  372. QSslCertificate c = g.sh->qscCert.at(0);
  373. QString basereason;
  374. @@ -2342,7 +2342,7 @@
  375. }
  376. QStringList qsl;
  377. foreach(QSslError e, g.sh->qlErrors)
  378. - qsl << QString::fromLatin1("<li>%1</li>").arg(e.errorString());
  379. + qsl << QString::fromLatin1("<li>%1</li>").arg(Qt::escape(e.errorString()));
  380.  
  381. QMessageBox qmb(QMessageBox::Warning, QLatin1String("Mumble"),
  382. tr("<p>%1.<br />The specific errors with this certificate are: </p><ol>%2</ol>"
  383. @@ -2402,7 +2402,7 @@
  384. bool matched = false;
  385.  
  386. if (! reason.isEmpty()) {
  387. - g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(reason));
  388. + g.l->log(Log::ServerDisconnected, tr("Server connection failed: %1.").arg(Qt::escape(reason)));
  389. } else {
  390. g.l->log(Log::ServerDisconnected, tr("Disconnected from server."));
  391. }
  392. @@ -2522,10 +2522,10 @@
  393. if (c == NULL) // If no channel selected fallback to current one
  394. c = ClientUser::get(g.uiSession)->cChannel;
  395.  
  396. - qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(c->qsName));
  397. + qteChat->setDefaultText(tr("<center>Type message to channel '%1' here</center>").arg(Qt::escape(c->qsName)));
  398. } else {
  399. // User target
  400. - qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(p->qsName));
  401. + qteChat->setDefaultText(tr("<center>Type message to user '%1' here</center>").arg(Qt::escape(p->qsName)));
  402. }
  403.  
  404. updateMenuPermissions();
  405. --- mumble-1.2.3/src/mumble/Messages.cpp.orig 2014-05-16 21:56:41.041318202 +0200
  406. +++ mumble-1.2.3/src/mumble/Messages.cpp 2014-05-16 22:06:19.729866541 +0200
  407. @@ -85,7 +85,7 @@
  408.  
  409. void MainWindow::msgReject(const MumbleProto::Reject &msg) {
  410. rtLast = msg.type();
  411. - g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(u8(msg.reason())));
  412. + g.l->log(Log::ServerDisconnected, tr("Server connection rejected: %1.").arg(Qt::escape(u8(msg.reason()))));
  413. g.l->setIgnore(Log::ServerDisconnected, 1);
  414. }
  415.  
  416. @@ -126,7 +126,7 @@
  417. ClientUser *p=ClientUser::get(g.uiSession);
  418. connect(p, SIGNAL(talkingChanged()), this, SLOT(talkingChanged()));
  419.  
  420. - qstiIcon->setToolTip(tr("Mumble: %1").arg(Channel::get(0)->qsName));
  421. + qstiIcon->setToolTip(tr("Mumble: %1").arg(Qt::escape(Channel::get(0)->qsName)));
  422.  
  423. // Update QActions and menues
  424. on_qmServer_aboutToShow();
  425. @@ -190,7 +190,7 @@
  426. g.s.bTTS = true;
  427. quint32 oflags = g.s.qmMessages.value(Log::PermissionDenied);
  428. g.s.qmMessages[Log::PermissionDenied] = (oflags | Settings::LogTTS) & (~Settings::LogSoundfile);
  429. - g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(u));
  430. + g.l->log(Log::PermissionDenied, QString::fromAscii(g.ccHappyEaster + 39).arg(Qt::escape(u)));
  431. g.s.qmMessages[Log::PermissionDenied] = oflags;
  432. g.s.bDeaf = bold;
  433. g.s.bTTS = bold2;
  434. @@ -215,7 +215,7 @@
  435. break;
  436. case MumbleProto::PermissionDenied_DenyType_UserName: {
  437. if (msg.has_name())
  438. - g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(u8(msg.name())));
  439. + g.l->log(Log::PermissionDenied, tr("Invalid username: %1.").arg(Qt::escape(u8(msg.name()))));
  440. else
  441. g.l->log(Log::PermissionDenied, tr("Invalid username."));
  442. }
  443. @@ -226,7 +226,7 @@
  444. break;
  445. default: {
  446. if (msg.has_reason())
  447. - g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(u8(msg.reason())));
  448. + g.l->log(Log::PermissionDenied, tr("Denied: %1.").arg(Qt::escape(u8(msg.reason()))));
  449. else
  450. g.l->log(Log::PermissionDenied, tr("Permission denied."));
  451. }
  452. @@ -469,7 +469,7 @@
  453. ACTOR_INIT;
  454. SELF_INIT;
  455.  
  456. - QString reason = u8(msg.reason());
  457. + QString reason = Qt::escape(u8(msg.reason()));
  458.  
  459. if (pDst == pSelf) {
  460. if (msg.ban())
  461. --- mumble-1.2.3/src/mumble/Overlay.cpp.orig 2014-05-16 20:33:30.234704214 +0200
  462. +++ mumble-1.2.3/src/mumble/Overlay.cpp 2014-05-16 22:10:06.142642440 +0200
  463. @@ -97,7 +97,7 @@
  464. #endif
  465.  
  466. if (! qlsServer->listen(pipepath)) {
  467. - QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(qlsServer->errorString(),pipepath), QMessageBox::Ok, QMessageBox::NoButton);
  468. + QMessageBox::warning(NULL, QLatin1String("Mumble"), tr("Failed to create communication with overlay at %2: %1. No overlay will be available.").arg(Qt::escape(qlsServer->errorString()), Qt::escape(pipepath)), QMessageBox::Ok, QMessageBox::NoButton);
  469. } else {
  470. qWarning() << "Overlay: Listening on" << qlsServer->fullServerName();
  471. connect(qlsServer, SIGNAL(newConnection()), this, SLOT(newConnection()));
  472. --- mumble-1.2.3/src/mumble/Plugins.cpp.orig 2014-05-16 22:11:26.490854285 +0200
  473. +++ mumble-1.2.3/src/mumble/Plugins.cpp 2014-05-16 22:14:38.520260235 +0200
  474. @@ -162,7 +162,7 @@
  475. i->setCheckState(1, pi->enabled ? Qt::Checked : Qt::Unchecked);
  476. i->setText(0, pi->description);
  477. if (pi->p->longdesc)
  478. - i->setToolTip(0, QString::fromStdWString(pi->p->longdesc()));
  479. + i->setToolTip(0, Qt::escape(QString::fromStdWString(pi->p->longdesc())));
  480. i->setData(0, Qt::UserRole, pi->filename);
  481. }
  482. qtwPlugins->setCurrentItem(qtwPlugins->topLevelItem(0));
  483. @@ -372,7 +372,7 @@
  484. QReadLocker lock(&qrwlPlugins);
  485.  
  486. if (prevlocked) {
  487. - g.l->log(Log::Information, tr("%1 lost link.").arg(prevlocked->shortname));
  488. + g.l->log(Log::Information, tr("%1 lost link.").arg(Qt::escape(prevlocked->shortname)));
  489. prevlocked = NULL;
  490. }
  491.  
  492. @@ -446,7 +446,7 @@
  493. if (pi->enabled) {
  494. if (pi->p2 ? pi->p2->trylock(pids) : pi->p->trylock()) {
  495. pi->shortname = QString::fromStdWString(pi->p->shortname);
  496. - g.l->log(Log::Information, tr("%1 linked.").arg(pi->shortname));
  497. + g.l->log(Log::Information, tr("%1 linked.").arg(Qt::escape(pi->shortname)));
  498. pi->locked = true;
  499. bUnlink = false;
  500. locked = pi;
  501. @@ -629,15 +629,15 @@
  502. if (f.open(QIODevice::WriteOnly)) {
  503. f.write(qba);
  504. f.close();
  505. - g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName()));
  506. + g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName())));
  507. } else {
  508. f.setFileName(qsUserPlugins + QLatin1String("/") + fname);
  509. if (f.open(QIODevice::WriteOnly)) {
  510. f.write(qba);
  511. f.close();
  512. - g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(f.fileName()));
  513. + g.mw->msgBox(tr("Downloaded new or updated plugin to %1.").arg(Qt::escape(f.fileName())));
  514. } else {
  515. - g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(f.fileName()));
  516. + g.mw->msgBox(tr("Failed to install new plugin to %1.").arg(Qt::escape(f.fileName())));
  517. }
  518. }
  519.  
  520. --- mumble-1.2.3/src/mumble/VersionCheck.cpp.orig 2014-05-16 22:15:52.736692762 +0200
  521. +++ mumble-1.2.3/src/mumble/VersionCheck.cpp 2014-05-16 22:17:45.609038256 +0200
  522. @@ -151,7 +151,7 @@
  523. }
  524. } else {
  525. fetch.setHost(g.qsRegionalHost);
  526. - g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(fetch.toString(), filename));
  527. + g.mw->msgBox(tr("Downloading new snapshot from %1 to %2").arg(Qt::escape(fetch.toString()), Qt::escape(filename)));
  528.  
  529. QNetworkReply *nrep = Network::get(fetch);
  530. connect(nrep, SIGNAL(finished()), this, SLOT(finished()));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!