diff options
Diffstat (limited to 'source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch')
-rw-r--r-- | source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch b/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch new file mode 100644 index 000000000..cc3f058d7 --- /dev/null +++ b/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch @@ -0,0 +1,124 @@ +From c5d66f3b70ae4778d6162564309aee95f643e7c9 Mon Sep 17 00:00:00 2001 +From: Christoph Cullmann <cullmann@kde.org> +Date: Thu, 20 Jan 2022 21:00:09 +0100 +Subject: [PATCH] avoid that we execute LSP binaries from cwd + +QProcess will just use current working directory as +fallback + +that allows to execute un-wanted binaries by accident +--- + addons/lspclient/lspclientservermanager.cpp | 87 ++++++++++++--------- + 1 file changed, 51 insertions(+), 36 deletions(-) + +diff --git a/addons/lspclient/lspclientservermanager.cpp b/addons/lspclient/lspclientservermanager.cpp +index 24e3f275b..e78b4aa2d 100644 +--- a/addons/lspclient/lspclientservermanager.cpp ++++ b/addons/lspclient/lspclientservermanager.cpp +@@ -707,52 +707,67 @@ private: + } + + if (cmdline.length() > 0) { ++ // ensure we always only take the server executable from the PATH or user defined paths ++ // QProcess will take the executable even just from current working directory without this => BAD ++ auto cmd = QStandardPaths::findExecutable(cmdline[0]); ++ + // optionally search in supplied path(s) +- auto vpath = serverConfig.value(QStringLiteral("path")).toArray(); +- if (vpath.size() > 0) { +- auto cmd = QStandardPaths::findExecutable(cmdline[0]); +- if (cmd.isEmpty()) { +- // collect and expand in case home dir or other (environment) variable reference is used +- QStringList path; +- for (const auto &e : vpath) { +- auto p = e.toString(); +- editor->expandText(p, view, p); +- path.push_back(p); +- } +- cmd = QStandardPaths::findExecutable(cmdline[0], path); +- if (!cmd.isEmpty()) { +- cmdline[0] = cmd; +- } ++ const auto vpath = serverConfig.value(QStringLiteral("path")).toArray(); ++ if (cmd.isEmpty() && !vpath.isEmpty()) { ++ // collect and expand in case home dir or other (environment) variable reference is used ++ QStringList path; ++ for (const auto &e : vpath) { ++ auto p = e.toString(); ++ editor->expandText(p, view, p); ++ path.push_back(p); + } ++ cmd = QStandardPaths::findExecutable(cmdline[0], path); + } +- // an empty list is always passed here (or null) +- // the initial list is provided/updated using notification after start +- // since that is what a server is more aware of +- // and should support if it declares workspace folder capable +- // (as opposed to the new initialization property) +- LSPClientServer::FoldersType folders; +- if (useWorkspace) { +- folders = QList<LSPWorkspaceFolder>(); +- } +- server.reset(new LSPClientServer(cmdline, root, realLangId, serverConfig.value(QStringLiteral("initializationOptions")), folders)); +- connect(server.data(), &LSPClientServer::stateChanged, this, &self_type::onStateChanged, Qt::UniqueConnection); +- if (!server->start()) { +- QString message = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' '))); ++ ++ // we can only start the stuff if we did find the binary in the paths ++ if (!cmd.isEmpty()) { ++ // use full path to avoid security issues ++ cmdline[0] = cmd; ++ ++ // an empty list is always passed here (or null) ++ // the initial list is provided/updated using notification after start ++ // since that is what a server is more aware of ++ // and should support if it declares workspace folder capable ++ // (as opposed to the new initialization property) ++ LSPClientServer::FoldersType folders; ++ if (useWorkspace) { ++ folders = QList<LSPWorkspaceFolder>(); ++ } ++ server.reset(new LSPClientServer(cmdline, root, realLangId, serverConfig.value(QStringLiteral("initializationOptions")), folders)); ++ connect(server.data(), &LSPClientServer::stateChanged, this, &self_type::onStateChanged, Qt::UniqueConnection); ++ if (!server->start()) { ++ QString message = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' '))); ++ const auto url = serverConfig.value(QStringLiteral("url")).toString(); ++ if (!url.isEmpty()) { ++ message += QStringLiteral("\n") + i18n("Please check your PATH for the binary"); ++ message += QStringLiteral("\n") + i18n("See also %1 for installation or details", url); ++ } ++ showMessage(message, KTextEditor::Message::Warning); ++ } else { ++ showMessage(i18n("Started server %2: %1", cmdline.join(QLatin1Char(' ')), serverDescription(server.data())), ++ KTextEditor::Message::Positive); ++ using namespace std::placeholders; ++ server->connect(server.data(), &LSPClientServer::logMessage, this, std::bind(&self_type::onMessage, this, true, _1)); ++ server->connect(server.data(), &LSPClientServer::showMessage, this, std::bind(&self_type::onMessage, this, false, _1)); ++ server->connect(server.data(), &LSPClientServer::workDoneProgress, this, &self_type::onWorkDoneProgress); ++ server->connect(server.data(), &LSPClientServer::workspaceFolders, this, &self_type::onWorkspaceFolders, Qt::UniqueConnection); ++ } ++ } else { ++ // we didn't find the server binary at all! ++ QString message = i18n("Failed to find server binary: %1", cmdline[0]); + const auto url = serverConfig.value(QStringLiteral("url")).toString(); + if (!url.isEmpty()) { + message += QStringLiteral("\n") + i18n("Please check your PATH for the binary"); + message += QStringLiteral("\n") + i18n("See also %1 for installation or details", url); + } + showMessage(message, KTextEditor::Message::Warning); +- } else { +- showMessage(i18n("Started server %2: %1", cmdline.join(QLatin1Char(' ')), serverDescription(server.data())), +- KTextEditor::Message::Positive); +- using namespace std::placeholders; +- server->connect(server.data(), &LSPClientServer::logMessage, this, std::bind(&self_type::onMessage, this, true, _1)); +- server->connect(server.data(), &LSPClientServer::showMessage, this, std::bind(&self_type::onMessage, this, false, _1)); +- server->connect(server.data(), &LSPClientServer::workDoneProgress, this, &self_type::onWorkDoneProgress); +- server->connect(server.data(), &LSPClientServer::workspaceFolders, this, &self_type::onWorkspaceFolders, Qt::UniqueConnection); + } ++ + serverinfo.settings = serverConfig.value(QStringLiteral("settings")); + serverinfo.started = QTime::currentTime(); + serverinfo.url = serverConfig.value(QStringLiteral("url")).toString(); +-- +GitLab + |