[fractal] room-history: Remove open action for files
- From: Marge Bot <marge-bot src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [fractal] room-history: Remove open action for files
- Date: Thu, 15 Sep 2022 08:18:58 +0000 (UTC)
commit 9604fb9bd038cef44cd45c604b085e9dd415b1e0
Author: Julian Sparber <julian sparber net>
Date: Tue Sep 13 22:37:39 2022 +0200
room-history: Remove open action for files
Some files could contain malicious code. E.g. htm/html files can contain
an explode to take over a web browser. This makes it a little bit harder
to open a file by mistake.
Note: this resolves a security issue that was identified by the security
audit.
Part-of: <https://gitlab.gnome.org/GNOME/fractal/-/merge_requests/1153>
data/resources/ui/content-message-file.ui | 25 +++---------
src/session/room/event_actions.rs | 63 +------------------------------
2 files changed, 7 insertions(+), 81 deletions(-)
---
diff --git a/data/resources/ui/content-message-file.ui b/data/resources/ui/content-message-file.ui
index afba9c9d4..c0e0db26c 100644
--- a/data/resources/ui/content-message-file.ui
+++ b/data/resources/ui/content-message-file.ui
@@ -13,28 +13,15 @@
</object>
</child>
<child>
- <object class="GtkBox">
- <property name="visible" bind-source="ContentMessageFile" bind-property="compact"
bind-flags="sync-create | invert-boolean"/>
- <child>
- <object class="GtkButton" id="open">
- <property name="icon-name">document-open-symbolic</property>
- <property name="tooltip-text" translatable="yes">Open</property>
- <property name="action-name">event.file-open</property>
- </object>
- </child>
- <child>
- <object class="GtkButton" id="save">
- <property name="icon-name">document-save-symbolic</property>
- <property name="tooltip-text" translatable="yes">Save</property>
- <property name="action-name">event.file-save</property>
- </object>
- </child>
- <style>
- <class name="linked"/>
- </style>
+ <object class="GtkButton" id="save">
+ <property name="visible" bind-source="ContentMessageFile" bind-property="compact"
bind-flags="sync-create | invert-boolean"/>
+ <property name="icon-name">document-save-symbolic</property>
+ <property name="tooltip-text" translatable="yes">Save</property>
+ <property name="action-name">event.file-save</property>
</object>
</child>
</object>
</child>
</template>
</interface>
+
diff --git a/src/session/room/event_actions.rs b/src/session/room/event_actions.rs
index e3169925a..2e750c4a9 100644
--- a/src/session/room/event_actions.rs
+++ b/src/session/room/event_actions.rs
@@ -10,9 +10,7 @@ use crate::{
event_source_dialog::EventSourceDialog,
room::{Event, RoomAction, SupportedEvent},
},
- spawn, spawn_tokio, toast,
- utils::cache_dir,
- UserFacingError, Window,
+ spawn, spawn_tokio, toast, UserFacingError, Window,
};
// This is only save because the trait `EventActions` can
@@ -184,15 +182,6 @@ where
widget.save_event_file(event);
})
);
-
- // Open message's file
- gtk_macros::action!(
- &action_group,
- "file-open",
- clone!(@weak self as widget, @weak event => move |_, _| {
- widget.open_event_file(event);
- })
- );
}
MessageType::Emote(message) => {
gtk_macros::action!(
@@ -290,54 +279,4 @@ where
})
);
}
-
- /// Open the file in `event`.
- ///
- /// See [`SupportedEvent::get_media_content()`] for compatible events.
- /// Panics on an incompatible event.
- fn open_event_file(&self, event: SupportedEvent) {
- spawn!(
- glib::PRIORITY_LOW,
- clone!(@weak self as obj => async move {
- let (uid, filename, data) = match event.get_media_content().await {
- Ok(res) => res,
- Err(err) => {
- error!("Could not get file: {}", err);
- toast!(obj, err.to_user_facing());
-
- return;
- }
- };
-
- let mut path = cache_dir();
- path.push(uid);
- if !path.exists() {
- let dir = gio::File::for_path(path.clone());
- dir.make_directory_with_parents(gio::Cancellable::NONE)
- .unwrap();
- }
-
- path.push(filename);
- let file = gio::File::for_path(path);
-
- file.replace_contents(
- &data,
- None,
- false,
- gio::FileCreateFlags::REPLACE_DESTINATION,
- gio::Cancellable::NONE,
- )
- .unwrap();
-
- if let Err(error) = gio::AppInfo::launch_default_for_uri_future(
- &file.uri(),
- gio::AppLaunchContext::NONE,
- )
- .await
- {
- error!("Error opening file '{}': {}", file.uri(), error);
- }
- })
- );
- }
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]