From 92969b4e39220000acd70013e51f1ddfe733e6a8 Mon Sep 17 00:00:00 2001 From: Geert Janssens Date: Thu, 12 Jan 2017 09:41:25 +0100 Subject: [PATCH] Prevent the user from setting an invalid settings name The keyfile that stores the settings won't accept '[' and ']' as settingss names, so this commit will prevent the user from entering these characters. They are automatically replaced with the valid '(' and ')' characters. In addition any attempt to save settings with an invalid name via a code path bypassing the gui will be refused. --- .../csv-imp/assistant-csv-trans-import.cpp | 25 +++++++++++++++++++ .../csv-imp/gnc-csv-trans-settings.cpp | 6 +++++ 2 files changed, 31 insertions(+) diff --git a/src/import-export/csv-imp/assistant-csv-trans-import.cpp b/src/import-export/csv-imp/assistant-csv-trans-import.cpp index d27ce93f9b..965a95c640 100644 --- a/src/import-export/csv-imp/assistant-csv-trans-import.cpp +++ b/src/import-export/csv-imp/assistant-csv-trans-import.cpp @@ -196,6 +196,8 @@ void csv_tximp_file_confirm_cb (GtkWidget *button, CsvImpTransAssist *info); void csv_tximp_preview_del_settings_cb (GtkWidget *button, CsvImpTransAssist *info); void csv_tximp_preview_save_settings_cb (GtkWidget *button, CsvImpTransAssist *info); void csv_tximp_preview_settings_sel_changed_cb (GtkComboBox *combo, CsvImpTransAssist *info); +void csv_tximp_preview_settings_text_inserted_cb (GtkEditable *entry, gchar *new_text, + gint new_text_length, gint *position, CsvImpTransAssist *info); void csv_tximp_preview_settings_text_changed_cb (GtkEntry *entry, CsvImpTransAssist *info); void csv_tximp_preview_srow_cb (GtkSpinButton *spin, CsvImpTransAssist *info); void csv_tximp_preview_erow_cb (GtkSpinButton *spin, CsvImpTransAssist *info); @@ -265,6 +267,27 @@ void csv_tximp_preview_settings_sel_changed_cb (GtkComboBox *combo, CsvImpTransA info->preview_settings_load(); } +void +csv_tximp_preview_settings_text_inserted_cb (GtkEditable *entry, gchar *new_text, + gint new_text_length, gint *position, CsvImpTransAssist *info) +{ + if (!new_text) + return; + + /* Prevent entering [], which are invalid characters in key files */ + auto base_txt = std::string (new_text); + auto mod_txt = base_txt; + std::replace (mod_txt.begin(), mod_txt.end(), '[', '('); + std::replace (mod_txt.begin(), mod_txt.end(), ']', ')'); + if (base_txt == mod_txt) + return; + g_signal_handlers_block_by_func (entry, (gpointer) csv_tximp_preview_settings_text_inserted_cb, info); + gtk_editable_insert_text (entry, mod_txt.c_str(), mod_txt.size() , position); + g_signal_handlers_unblock_by_func (entry, (gpointer) csv_tximp_preview_settings_text_inserted_cb, info); + + g_signal_stop_emission_by_name (entry, "insert_text"); +} + void csv_tximp_preview_settings_text_changed_cb (GtkEntry *entry, CsvImpTransAssist *info) { @@ -431,6 +454,8 @@ CsvImpTransAssist::CsvImpTransAssist () auto emb_entry = gtk_bin_get_child (GTK_BIN (settings_combo)); g_signal_connect (G_OBJECT(emb_entry), "changed", G_CALLBACK(csv_tximp_preview_settings_text_changed_cb), this); + g_signal_connect (G_OBJECT(emb_entry), "insert-text", + G_CALLBACK(csv_tximp_preview_settings_text_inserted_cb), this); // Add Save Settings button save_button = GTK_WIDGET(gtk_builder_get_object (builder, "save_settings")); diff --git a/src/import-export/csv-imp/gnc-csv-trans-settings.cpp b/src/import-export/csv-imp/gnc-csv-trans-settings.cpp index a8fb7187b7..017c3a8034 100644 --- a/src/import-export/csv-imp/gnc-csv-trans-settings.cpp +++ b/src/import-export/csv-imp/gnc-csv-trans-settings.cpp @@ -314,6 +314,12 @@ CsvTransSettings::save (void) return true; } + if ((m_name.find('[') != std::string::npos)) + { + PWARN ("Name '%s' contains invalid characters '[]'. Refusing to save", m_name.c_str()); + return true; + } + auto keyfile = gnc_state_get_current (); auto group = csv_group_prefix + m_name;