----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/129844/ -----------------------------------------------------------
(Updated Jan. 17, 2017, 10:31 p.m.) Status ------ This change has been marked as submitted. Review request for KDE Frameworks, Albert Astals Cid and David Faure. Changes ------- Submitted with commit 500c20fdd2857d8af2905821e0efb6dbdabe55e8 by Elvis Angelaccio to branch master. Repository: kio Description ------- CVE-2017-5330 shows that `runExecutables = true` can be a dangerous default for the runUrl() function. We cannot change the default value to false (while BIC, it would be a change of behavior), so we deprecate the current runUrl() function in favor of a new runUrl() with a RunFlags argument replacing the `tempFile` and `runExecutables` arguments. This new argument cannot take a default value, otherwise the two runUrl() signatures would be ambiguous and existing code would not compile. Diffs ----- src/widgets/krun.h 889642160ad960dd7e43d1c6dad2a6f2133e17bf src/widgets/krun.cpp d04a4825e5ea696c1072054c39dc11cc9e5c63f5 Diff: https://git.reviewboard.kde.org/r/129844/diff/ Testing ------- Builds, tests pass. Thanks, Elvis Angelaccio
