|
|
1a6966b |
diff -up kleopatra-19.12.2/src/kleopatraapplication.cpp.me kleopatra-19.12.2/src/kleopatraapplication.cpp
|
|
|
1a6966b |
--- kleopatra-19.12.2/src/kleopatraapplication.cpp.me 2020-10-12 11:33:05.987075995 +0200
|
|
|
1a6966b |
+++ kleopatra-19.12.2/src/kleopatraapplication.cpp 2020-10-12 11:37:47.047704984 +0200
|
|
|
1a6966b |
@@ -267,13 +267,18 @@ QString KleopatraApplication::newInstanc
|
|
|
1a6966b |
|
|
|
1a6966b |
QStringList files;
|
|
|
1a6966b |
const QDir cwd = QDir(workingDirectory);
|
|
|
1a6966b |
- Q_FOREACH (const QString &file, parser.positionalArguments()) {
|
|
|
1a6966b |
- // We do not check that file exists here. Better handle
|
|
|
1a6966b |
- // these errors in the UI.
|
|
|
1a6966b |
- if (QFileInfo(file).isAbsolute()) {
|
|
|
1a6966b |
- files << file;
|
|
|
1a6966b |
- } else {
|
|
|
1a6966b |
- files << cwd.absoluteFilePath(file);
|
|
|
1a6966b |
+ bool queryMode = parser.isSet(QStringLiteral("query")) || parser.isSet(QStringLiteral("search"));
|
|
|
1a6966b |
+
|
|
|
1a6966b |
+ // Query and Search treat positional arguments differently, see below.
|
|
|
1a6966b |
+ if (!queryMode) {
|
|
|
1a6966b |
+ Q_FOREACH (const QString &file, parser.positionalArguments()) {
|
|
|
1a6966b |
+ // We do not check that file exists here. Better handle
|
|
|
1a6966b |
+ // these errors in the UI.
|
|
|
1a6966b |
+ if (QFileInfo(file).isAbsolute()) {
|
|
|
1a6966b |
+ files << file;
|
|
|
1a6966b |
+ } else {
|
|
|
1a6966b |
+ files << cwd.absoluteFilePath(file);
|
|
|
1a6966b |
+ }
|
|
|
1a6966b |
}
|
|
|
1a6966b |
}
|
|
|
1a6966b |
|
|
|
1a6966b |
@@ -307,10 +312,8 @@ QString KleopatraApplication::newInstanc
|
|
|
1a6966b |
|
|
|
1a6966b |
// Handle openpgp4fpr URI scheme
|
|
|
1a6966b |
QString needle;
|
|
|
1a6966b |
- if (parser.isSet(QStringLiteral("search"))) {
|
|
|
1a6966b |
- needle = parser.value(QStringLiteral("search"));
|
|
|
1a6966b |
- } else if (parser.isSet(QStringLiteral("query"))) {
|
|
|
1a6966b |
- needle = parser.value(QStringLiteral("query"));
|
|
|
1a6966b |
+ if (queryMode) {
|
|
|
1a6966b |
+ needle = parser.positionalArguments().join(QLatin1Char(' '));
|
|
|
1a6966b |
}
|
|
|
1a6966b |
if (needle.startsWith(QLatin1String("openpgp4fpr:"))) {
|
|
|
1a6966b |
needle.remove(0, 12);
|
|
|
1a6966b |
diff -up kleopatra-19.12.2/src/kleopatra_options.h.me kleopatra-19.12.2/src/kleopatra_options.h
|
|
|
1a6966b |
--- kleopatra-19.12.2/src/kleopatra_options.h.me 2020-10-12 11:28:44.805768637 +0200
|
|
|
1a6966b |
+++ kleopatra-19.12.2/src/kleopatra_options.h 2020-10-12 11:40:35.288476417 +0200
|
|
|
1a6966b |
@@ -79,8 +79,7 @@ static void kleopatra_options(QCommandLi
|
|
|
1a6966b |
<< QStringLiteral("D"),
|
|
|
1a6966b |
i18n("Decrypt and/or verify file(s)"))
|
|
|
1a6966b |
<< QCommandLineOption(QStringList() << QStringLiteral("search"),
|
|
|
1a6966b |
- i18n("Search for a certificate on a keyserver"),
|
|
|
1a6966b |
- QStringLiteral("search string"))
|
|
|
1a6966b |
+ i18n("Search for a certificate on a keyserver"))
|
|
|
1a6966b |
<< QCommandLineOption(QStringList() << QStringLiteral("checksum"),
|
|
|
1a6966b |
i18n("Create or check a checksum file"))
|
|
|
1a6966b |
<< QCommandLineOption(QStringList() << QStringLiteral("query")
|
|
|
1a6966b |
@@ -88,8 +87,7 @@ static void kleopatra_options(QCommandLi
|
|
|
1a6966b |
i18nc("If a certificate is already known it shows the certificate details dialog."
|
|
|
1a6966b |
"Otherwise it brings up the certificate search dialog.",
|
|
|
1a6966b |
"Show details of a local certificate or search for it on a keyserver"
|
|
|
1a6966b |
- " by fingerprint"),
|
|
|
1a6966b |
- QStringLiteral("fingerprint"))
|
|
|
1a6966b |
+ " by fingerprint"))
|
|
|
1a6966b |
<< QCommandLineOption(QStringList() << QStringLiteral("gen-key"),
|
|
|
1a6966b |
i18n("Create a new key pair or certificate signing request"))
|
|
|
1a6966b |
<< QCommandLineOption(QStringLiteral("parent-windowid"),
|
|
|
1a6966b |
@@ -99,11 +97,22 @@ static void kleopatra_options(QCommandLi
|
|
|
1a6966b |
i18n("Open the config dialog"));
|
|
|
1a6966b |
|
|
|
1a6966b |
parser->addOptions(options);
|
|
|
1a6966b |
+ /* Security note: To avoid code execution by shared library injection
|
|
|
1a6966b |
+ * through e.g. -platformpluginpath any external input should be seperated
|
|
|
1a6966b |
+ * by a double dash -- this is why query / search uses positional arguments.
|
|
|
1a6966b |
+ *
|
|
|
1a6966b |
+ * For example on Windows there is an URLhandler for openpgp4fpr:
|
|
|
1a6966b |
+ * be opened with Kleopatra's query function. And while a browser should
|
|
|
1a6966b |
+ * urlescape such a query there might be tricks to inject a quote character
|
|
|
1a6966b |
+ * and as such inject command line options for Kleopatra in an URL. */
|
|
|
1a6966b |
parser->addVersionOption();
|
|
|
1a6966b |
parser->addHelpOption();
|
|
|
1a6966b |
|
|
|
1a6966b |
parser->addPositionalArgument(QStringLiteral("files"),
|
|
|
1a6966b |
i18n("File(s) to process"),
|
|
|
1a6966b |
- QStringLiteral("[files..]"));
|
|
|
1a6966b |
+ QStringLiteral("-- [files..]"));
|
|
|
1a6966b |
+ parser->addPositionalArgument(QStringLiteral("query"),
|
|
|
1a6966b |
+ i18n("String or Fingerprint for query and search"),
|
|
|
1a6966b |
+ QStringLiteral("-- [query..]"));
|
|
|
1a6966b |
}
|
|
|
1a6966b |
#endif
|