[LyX/master] Add message dialog to LFUN_CITATION_OPEN chain
Juergen Spitzmueller
spitz at lyx.org
Tue Aug 29 11:28:19 UTC 2023
commit 21955431884f1e25e5806a909243491a8b9829fb
Author: Juergen Spitzmueller <spitz at lyx.org>
Date: Tue Aug 29 14:43:59 2023 +0200
Add message dialog to LFUN_CITATION_OPEN chain
This addresses security concerns.
---
src/frontends/qt/GuiView.cpp | 3 +-
src/frontends/qt/qt_helpers.cpp | 40 ++++++++++++++++++++++++++++++++++++++-
src/frontends/qt/qt_helpers.h | 2 +
3 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/src/frontends/qt/GuiView.cpp b/src/frontends/qt/GuiView.cpp
index 2d8847e..273fa38 100644
--- a/src/frontends/qt/GuiView.cpp
+++ b/src/frontends/qt/GuiView.cpp
@@ -5071,12 +5071,13 @@ void GuiView::dispatch(FuncRequest const & cmd, DispatchResult & dr)
break;
case LFUN_CITATION_OPEN: {
+ LASSERT(doc_buffer, break);
string pdfv, psv;
if (theFormats().getFormat("pdf"))
pdfv = theFormats().getFormat("pdf")->viewer();
if (theFormats().getFormat("ps"))
psv = theFormats().getFormat("ps")->viewer();
- frontend::showTarget(argument, pdfv, psv);
+ frontend::showTarget(argument, doc_buffer->absFileName(), pdfv, psv);
break;
}
diff --git a/src/frontends/qt/qt_helpers.cpp b/src/frontends/qt/qt_helpers.cpp
index ed2edec..230c89b 100644
--- a/src/frontends/qt/qt_helpers.cpp
+++ b/src/frontends/qt/qt_helpers.cpp
@@ -33,9 +33,12 @@
#include <QDesktopServices>
#include <QDir>
#include <QLineEdit>
+#include <QMessageBox>
#include <QLocale>
#include <QPalette>
+#include <QPushButton>
#include <QSet>
+#include <QSettings>
#include <QTextLayout>
#include <QTextDocument>
#include <QToolTip>
@@ -292,9 +295,44 @@ void showDirectory(FileName const & directory)
qstring_to_ucs4(qurl.toString())));
}
-void showTarget(string const & target, string const & pdfv, string const & psv)
+void showTarget(string const & target, string const & docpath,
+ string const & pdfv, string const & psv)
{
LYXERR(Debug::INSETS, "Showtarget:" << target << "\n");
+
+ // security measure: ask user before opening if document is not marked trusted.
+ QSettings settings;
+ if (!settings.value("trusted documents/" + toqstr(docpath), false).toBool()) {
+ QCheckBox * dontShowAgainCB = new QCheckBox();
+ dontShowAgainCB->setText(qt_("&Trust this document and do not ask me again!"));
+ dontShowAgainCB->setToolTip(qt_("If you check this, LyX will open all targets without asking for the given document in the future."));
+ docstring const warn =
+ prefixIs(target, "EXTERNAL ") ?
+ bformat(_("LyX will search your directory for files with the following keywords in their name "
+ "and then open it in an external application, if a file is found:\n"
+ "'%1$s'\n"
+ "Be aware that this might entail security infringements!\n"
+ "Only do this if you trust origin of the document and the keywords used!\n"
+ "How do you want to proceed?"), from_utf8(target).substr(9, docstring::npos))
+ : bformat(_("LyX wants to open the following link in an external application:\n"
+ "%1$s\n"
+ "Be aware that this might entail security infringements!\n"
+ "Only do this if you trust origin of the document and the target of the link!\n"
+ "How do you want to proceed?"), from_utf8(target));
+ QMessageBox box(QMessageBox::Warning, qt_("Open external target?"), toqstr(warn),
+ QMessageBox::NoButton, qApp->focusWidget());
+ QPushButton * openButton = box.addButton(qt_("&Open Target"), QMessageBox::ActionRole);
+ box.addButton(QMessageBox::Abort);
+ box.setCheckBox(dontShowAgainCB);
+ box.setDefaultButton(QMessageBox::Abort);
+ box.exec();
+ if (box.clickedButton() != openButton)
+ return;
+ if (dontShowAgainCB->isChecked())
+ settings.setValue("trusted documents/"
+ + toqstr(docpath), true);
+ }
+
if (prefixIs(target, "EXTERNAL ")) {
if (!lyxrc.citation_search)
return;
diff --git a/src/frontends/qt/qt_helpers.h b/src/frontends/qt/qt_helpers.h
index f3230b2..dc19aea 100644
--- a/src/frontends/qt/qt_helpers.h
+++ b/src/frontends/qt/qt_helpers.h
@@ -93,8 +93,10 @@ void setMessageColour(std::list<QWidget *> highlighted,
void showDirectory(support::FileName const & directory);
/// handle request for showing citation content - shows pdf/ps or
/// web page in target; external script can be used for pdf/ps view
+/// \p docpath holds the document path,
/// \p pdfv takes a pad viewer, \p psv a ps viewer
void showTarget(std::string const & target,
+ std::string const & docpath,
std::string const & pdfv,
std::string const & psv);
More information about the lyx-cvs
mailing list