From 9ea9baeadf5015a15f5f459b253f8bdf8bad2e7a Mon Sep 17 00:00:00 2001
From: elisa-lj11 <elisa.lj11@gmail.com>
Date: Tue, 16 Aug 2016 14:12:19 -0700
Subject: [PATCH] Making JS/QML safer (DOES NOT WORK)

---
 BUILD.md                                               | 2 +-
 interface/resources/qml/MarketplaceComboBox.qml        | 4 ++--
 interface/resources/qml/hifi/Desktop.qml               | 3 ++-
 libraries/script-engine/src/FileScriptingInterface.cpp | 8 ++++++--
 libraries/script-engine/src/FileScriptingInterface.h   | 4 ++--
 5 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/BUILD.md b/BUILD.md
index 4ff45a0b1e..c868a8e9d9 100644
--- a/BUILD.md
+++ b/BUILD.md
@@ -5,7 +5,6 @@
 * [OpenSSL](https://www.openssl.org/community/binaries.html) ~> 1.0.1m
   * IMPORTANT: Using the recommended version of OpenSSL is critical to avoid security vulnerabilities.
 * [VHACD](https://github.com/virneo/v-hacd)(clone this repository)(Optional)
-* [QuaZip](http://sourceforge.net/projects/quazip/files/quazip/) ~> 0.7.1
 
 ####CMake External Project Dependencies
 
@@ -19,6 +18,7 @@
 * [oglplus](http://oglplus.org/) ~> 0.63
 * [OpenVR](https://github.com/ValveSoftware/openvr) ~> 0.91 (Win32 only)
 * [Polyvox](http://www.volumesoffun.com/) ~> 0.2.1
+* [QuaZip](http://sourceforge.net/projects/quazip/files/quazip/) ~> 0.7.1
 * [SDL2](https://www.libsdl.org/download-2.0.php) ~> 2.0.3
 * [soxr](http://soxr.sourceforge.net) ~> 0.1.1
 * [Intel Threading Building Blocks](https://www.threadingbuildingblocks.org/) ~> 4.3
diff --git a/interface/resources/qml/MarketplaceComboBox.qml b/interface/resources/qml/MarketplaceComboBox.qml
index e7981cabec..559f4b9d65 100644
--- a/interface/resources/qml/MarketplaceComboBox.qml
+++ b/interface/resources/qml/MarketplaceComboBox.qml
@@ -53,7 +53,7 @@ Rectangle {
             var component = Qt.createComponent("Browser.qml");
             var newWindow = component.createObject(desktop);
             request.openIn(newWindow.webView);
-            if (File.testUrl(desktop.currentUrl)) {
+            if (File.isZippedFbx(desktop.currentUrl)) {
                 zipTimer.handler = function() {
                     newWindow.destroy();
                     runJavaScript(autoCancel);
@@ -69,7 +69,7 @@ Rectangle {
         onLinkHovered: {
             desktop.currentUrl = hoveredUrl
             console.log("my url in WebView: " + desktop.currentUrl)
-            if (File.testUrl(desktop.currentUrl)) {
+            if (File.isZippedFbx(desktop.currentUrl)) {
                 runJavaScript(simpleDownload, function(){console.log("ran the JS");});
             }
 
diff --git a/interface/resources/qml/hifi/Desktop.qml b/interface/resources/qml/hifi/Desktop.qml
index ab1fffdcf5..ebc776617f 100644
--- a/interface/resources/qml/hifi/Desktop.qml
+++ b/interface/resources/qml/hifi/Desktop.qml
@@ -88,6 +88,7 @@ OriginalDesktop.Desktop {
             console.log("Download start: " + download.state);
             adaptedPath = File.convertUrlToPath(currentUrl);
             tempDir = File.getTempDir();
+            console.log("Temp dir created: " + tempDir);
             download.path = tempDir + "/" + adaptedPath;
             console.log("Path where it should download: " + download.path);
             download.accept();
@@ -101,7 +102,7 @@ OriginalDesktop.Desktop {
             if (download.state === WebEngineDownloadItem.DownloadCompleted) {
                 console.log("Download Finished: " + download.state);
                 console.log("File object is: " + File);
-                File.runUnzip(download.path, tempDir, currentUrl);
+                File.runUnzip(download.path, currentUrl);
             } else {
                 console.log("The download was corrupted, state: " + download.state);
             }
diff --git a/libraries/script-engine/src/FileScriptingInterface.cpp b/libraries/script-engine/src/FileScriptingInterface.cpp
index 94d8d1b424..3908f2f1c8 100644
--- a/libraries/script-engine/src/FileScriptingInterface.cpp
+++ b/libraries/script-engine/src/FileScriptingInterface.cpp
@@ -31,9 +31,13 @@ FileScriptingInterface::FileScriptingInterface(QObject* parent) : QObject(parent
     // nothing for now
 }
 
-void FileScriptingInterface::runUnzip(QString path, QString tempDir, QUrl url) {
+void FileScriptingInterface::runUnzip(QString path, QUrl url) {
     qDebug() << "Url that was downloaded: " + url.toString();
     qDebug() << "Path where download is saved: " + path;
+    QString fileName = "/" + path.section("/", -1);
+    qDebug() << "Filename to remove from temp path: " + fileName;
+    QString tempDir = path.remove(fileName);
+    qDebug() << "Temporary directory at: " + tempDir;
     QString file = unzipFile(path, tempDir);
     if (file != "") {
         qDebug() << "file to upload: " + file;
@@ -47,7 +51,7 @@ void FileScriptingInterface::runUnzip(QString path, QString tempDir, QUrl url) {
     QDir(tempDir).removeRecursively();
 }
 
-bool FileScriptingInterface::testUrl(QUrl url) {
+bool FileScriptingInterface::isZippedFbx(QUrl url) {
     if (url.toString().contains(".zip") && url.toString().contains("fbx")) return true;
     qDebug() << "This model is not a .fbx packaged in a .zip. Please try with another model.";
     return false;
diff --git a/libraries/script-engine/src/FileScriptingInterface.h b/libraries/script-engine/src/FileScriptingInterface.h
index 2658622644..2e8de6b174 100644
--- a/libraries/script-engine/src/FileScriptingInterface.h
+++ b/libraries/script-engine/src/FileScriptingInterface.h
@@ -24,9 +24,9 @@ public:
 
 
 public slots:
-    bool testUrl(QUrl url);
+    bool isZippedFbx(QUrl url);
     QString convertUrlToPath(QUrl url);
-    void runUnzip(QString path, QString tempDir, QUrl url);
+    void runUnzip(QString path, QUrl url);
     QString getTempDir();
 
 signals: