[LyX/master] Add message dialog to LFUN_CITATION_OPEN chain

Juergen Spitzmueller Tue, 29 Aug 2023 05:45:07 -0700

commit 21955431884f1e25e5806a909243491a8b9829fb
Author: Juergen Spitzmueller <sp...@lyx.org>
Date:   Tue Aug 29 14:43:59 2023 +0200


    Add message dialog to LFUN_CITATION_OPEN chain
    
    This addresses security concerns.
---
 src/frontends/qt/GuiView.cpp    |    3 +-
 src/frontends/qt/qt_helpers.cpp |   40 ++++++++++++++++++++++++++++++++++++++-
 src/frontends/qt/qt_helpers.h   |    2 +
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/src/frontends/qt/GuiView.cpp b/src/frontends/qt/GuiView.cpp
index 2d8847e..273fa38 100644
--- a/src/frontends/qt/GuiView.cpp
+++ b/src/frontends/qt/GuiView.cpp
@@ -5071,12 +5071,13 @@ void GuiView::dispatch(FuncRequest const & cmd, 
DispatchResult & dr)
                        break;
 
                case LFUN_CITATION_OPEN: {
+                       LASSERT(doc_buffer, break);
                        string pdfv, psv;
                        if (theFormats().getFormat("pdf"))
                                pdfv = theFormats().getFormat("pdf")->viewer();
                        if (theFormats().getFormat("ps"))
                                psv = theFormats().getFormat("ps")->viewer();
-                       frontend::showTarget(argument, pdfv, psv);
+                       frontend::showTarget(argument, 
doc_buffer->absFileName(), pdfv, psv);
                        break;
                }
 
diff --git a/src/frontends/qt/qt_helpers.cpp b/src/frontends/qt/qt_helpers.cpp
index ed2edec..230c89b 100644
--- a/src/frontends/qt/qt_helpers.cpp
+++ b/src/frontends/qt/qt_helpers.cpp
@@ -33,9 +33,12 @@
 #include <QDesktopServices>
 #include <QDir>
 #include <QLineEdit>
+#include <QMessageBox>
 #include <QLocale>
 #include <QPalette>
+#include <QPushButton>
 #include <QSet>
+#include <QSettings>
 #include <QTextLayout>
 #include <QTextDocument>
 #include <QToolTip>
@@ -292,9 +295,44 @@ void showDirectory(FileName const & directory)
                                qstring_to_ucs4(qurl.toString())));
 }
 
-void showTarget(string const & target, string const & pdfv, string const & psv)
+void showTarget(string const & target, string const & docpath,
+               string const & pdfv, string const & psv)
 {
        LYXERR(Debug::INSETS, "Showtarget:" << target << "\n");
+
+       // security measure: ask user before opening if document is not marked 
trusted.
+       QSettings settings;
+       if (!settings.value("trusted documents/" + toqstr(docpath), 
false).toBool()) {
+               QCheckBox * dontShowAgainCB = new QCheckBox();
+               dontShowAgainCB->setText(qt_("&Trust this document and do not 
ask me again!"));
+               dontShowAgainCB->setToolTip(qt_("If you check this, LyX will 
open all targets without asking for the given document in the future."));
+               docstring const warn =
+                       prefixIs(target, "EXTERNAL ") ?
+                                       bformat(_("LyX will search your 
directory for files with the following keywords in their name "
+                                                 "and then open it in an 
external application, if a file is found:\n"
+                                                 "'%1$s'\n"
+                                                 "Be aware that this might 
entail security infringements!\n"
+                                                 "Only do this if you trust 
origin of the document and the keywords used!\n"
+                                                 "How do you want to 
proceed?"), from_utf8(target).substr(9, docstring::npos))
+                                     : bformat(_("LyX wants to open the 
following link in an external application:\n"
+                                                 "%1$s\n"
+                                                 "Be aware that this might 
entail security infringements!\n"
+                                                 "Only do this if you trust 
origin of the document and the target of the link!\n"
+                                                 "How do you want to 
proceed?"), from_utf8(target));
+               QMessageBox box(QMessageBox::Warning, qt_("Open external 
target?"), toqstr(warn),
+                               QMessageBox::NoButton, qApp->focusWidget());
+               QPushButton * openButton = box.addButton(qt_("&Open Target"), 
QMessageBox::ActionRole);
+               box.addButton(QMessageBox::Abort);
+               box.setCheckBox(dontShowAgainCB);
+               box.setDefaultButton(QMessageBox::Abort);
+               box.exec();
+               if (box.clickedButton() != openButton)
+                       return;
+               if (dontShowAgainCB->isChecked())
+                       settings.setValue("trusted documents/"
+                               + toqstr(docpath), true);
+       }
+       
        if (prefixIs(target, "EXTERNAL ")) {
                if (!lyxrc.citation_search)
                        return;
diff --git a/src/frontends/qt/qt_helpers.h b/src/frontends/qt/qt_helpers.h
index f3230b2..dc19aea 100644
--- a/src/frontends/qt/qt_helpers.h
+++ b/src/frontends/qt/qt_helpers.h
@@ -93,8 +93,10 @@ void setMessageColour(std::list<QWidget *> highlighted,
 void showDirectory(support::FileName const & directory);
 /// handle request for showing citation content - shows pdf/ps or
 /// web page in target; external script can be used for pdf/ps view
+/// \p docpath holds the document path,
 /// \p pdfv takes a pad viewer, \p psv a ps viewer
 void showTarget(std::string const & target,
+               std::string const & docpath,
                std::string const & pdfv,
                std::string const & psv);
 
-- 
lyx-cvs mailing list
lyx-cvs@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-cvs

[LyX/master] Add message dialog to LFUN_CITATION_OPEN chain

Reply via email to