possible fix for openUrl exploit

(cherry picked from commit 31b3f0e8f1)
2025-08-08 07:17:43 +02:00 · 2019-04-23 17:34:46 -07:00 · 2019-04-23 17:34:46 -07:00 · 5f3a37d40e
commit 5f3a37d40e
parent 380ca85d15
11 changed files with 50 additions and 32 deletions
--- a/interface/resources/qml/LoginDialog/CompleteProfileBody.qml
+++ b/interface/resources/qml/LoginDialog/CompleteProfileBody.qml
@ -398,7 +398,7 @@ Item {
                    lineHeight: 1
                    lineHeightMode: Text.ProportionalHeight
-                    onLinkActivated: loginDialog.openUrl(link);
+                    onLinkActivated: Window.openUrl(link);
                    Component.onCompleted: {
                        if (termsTextMetrics.width > root.bannerWidth) {
--- a/interface/resources/qml/LoginDialog/LinkAccountBody.qml
+++ b/interface/resources/qml/LoginDialog/LinkAccountBody.qml
@ -363,7 +363,7 @@ Item {
                linkColor: hifi.colors.blueAccent
                onLinkActivated: {
                    Tablet.playSound(TabletEnums.ButtonClick);
-                    loginDialog.openUrl(link);
+                    Window.openUrl(link);
                    lightboxPopup.titleText = "Can't Access Account";
                    lightboxPopup.bodyText = lightboxPopup.cantAccessBodyText;
                    lightboxPopup.button2text = "CLOSE";
--- a/interface/resources/qml/LoginDialog/SignUpBody.qml
+++ b/interface/resources/qml/LoginDialog/SignUpBody.qml
@ -411,7 +411,7 @@ Item {
                    lineHeight: 1
                    lineHeightMode: Text.ProportionalHeight
-                    onLinkActivated: loginDialog.openUrl(link);
+                    onLinkActivated: Window.openUrl(link);
                    Component.onCompleted: {
                        if (termsTextMetrics.width > root.bannerWidth) {
--- a/interface/resources/qml/LoginDialog/UsernameCollisionBody.qml
+++ b/interface/resources/qml/LoginDialog/UsernameCollisionBody.qml
@ -234,7 +234,7 @@ Item {
                lineHeight: 1
                lineHeightMode: Text.ProportionalHeight
-                onLinkActivated: loginDialog.openUrl(link);
+                onLinkActivated: Window.openUrl(link);
                Component.onCompleted: {
                    if (termsTextMetrics.width > root.bannerWidth) {
--- a/interface/src/Application.cpp
+++ b/interface/src/Application.cpp
@ -2443,6 +2443,13 @@ Application::Application(int& argc, char** argv, QElapsedTimer& startupTimer, bo
    DependencyManager::get<TabletScriptingInterface>()->preloadSounds();
    DependencyManager::get<Keyboard>()->createKeyboard();
    QDesktopServices::setUrlHandler("file", this, "showUrlHandler");
    QDesktopServices::setUrlHandler("", this, "showUrlHandler");
    auto drives = QDir::drives();
    for (auto drive : drives) {
        QDesktopServices::setUrlHandler(QUrl(drive.absolutePath()).scheme(), this, "showUrlHandler");
    }
    _pendingIdleEvent = false;
    _graphicsEngine.startup();
@ -8259,19 +8266,6 @@ void Application::packageModel() {
    ModelPackager::package();
 }
 void Application::openUrl(const QUrl& url) const {
    if (!url.isEmpty()) {
        if (url.scheme() == URL_SCHEME_HIFI) {
            DependencyManager::get<AddressManager>()->handleLookupString(url.toString());
        } else if (url.scheme() == URL_SCHEME_HIFIAPP) {
            DependencyManager::get<QmlCommerce>()->openSystemApp(url.path());
        } else {
            // address manager did not handle - ask QDesktopServices to handle
            QDesktopServices::openUrl(url);
        }
    }
 }
 void Application::loadDialog() {
    ModalDialogListener* dlg = OffscreenUi::getOpenFileNameAsync(_glWidget, tr("Open Script"),
                                                                 getPreviousScriptLocation(),
@ -9140,7 +9134,7 @@ void Application::readArgumentsFromLocalSocket() const {
    // If we received a message, try to open it as a URL
    if (message.length() > 0) {
-        qApp->openUrl(QString::fromUtf8(message));
+        DependencyManager::get<WindowScriptingInterface>()->openUrl(QString::fromUtf8(message));
    }
 }
@ -9257,6 +9251,24 @@ QString Application::getGraphicsCardType() {
    return GPUIdent::getInstance()->getName();
 }
 void Application::showUrlHandler(const QUrl& url) {
    if (QThread::currentThread() != thread()) {
        QMetaObject::invokeMethod(this, "showUrlHandler", Q_ARG(const QUrl&, url));
        return;
    }
    ModalDialogListener* dlg = OffscreenUi::asyncQuestion("Confirm openUrl", "Do you recognize this path or code and want to open or execute it: " + url.toDisplayString());
    QObject::connect(dlg, &ModalDialogListener::response, this, [=](QVariant answer) {
        QObject::disconnect(dlg, &ModalDialogListener::response, this, nullptr);
        if (QMessageBox::Yes == static_cast<QMessageBox::StandardButton>(answer.toInt())) {
            // Unset the handler, open the URL, and the reset the handler
            QDesktopServices::unsetUrlHandler(url.scheme());
            QDesktopServices::openUrl(url);
            QDesktopServices::setUrlHandler(url.scheme(), this, "showUrlHandler");
        }
    });
 }
 #if defined(Q_OS_ANDROID)
 void Application::beforeEnterBackground() {
    auto nodeList = DependencyManager::get<NodeList>();
--- a/interface/src/Application.h
+++ b/interface/src/Application.h
@ -403,8 +403,6 @@ public slots:
    static void packageModel();
    void openUrl(const QUrl& url) const;
    void resetSensors(bool andReload = false);
    void setActiveFaceTracker() const;
@ -471,6 +469,8 @@ public slots:
    QString getGraphicsCardType();
    void showUrlHandler(const QUrl& url);
 private slots:
    void onDesktopRootItemCreated(QQuickItem* qmlContext);
    void onDesktopRootContextCreated(QQmlContext* qmlContext);
--- a/interface/src/scripting/WindowScriptingInterface.cpp
+++ b/interface/src/scripting/WindowScriptingInterface.cpp
@ -27,6 +27,7 @@
 #include "MainWindow.h"
 #include "Menu.h"
 #include "OffscreenUi.h"
 #include "commerce/QmlCommerce.h"
 static const QString DESKTOP_LOCATION = QStandardPaths::writableLocation(QStandardPaths::DesktopLocation);
 static const QString LAST_BROWSE_LOCATION_SETTING = "LastBrowseLocation";
@ -134,15 +135,17 @@ void WindowScriptingInterface::disconnectedFromDomain() {
 void WindowScriptingInterface::openUrl(const QUrl& url) {
    if (!url.isEmpty()) {
-        if (url.scheme() == URL_SCHEME_HIFI) {
+        auto scheme = url.scheme();
        if (scheme == URL_SCHEME_HIFI) {
            DependencyManager::get<AddressManager>()->handleLookupString(url.toString());
        } else if (scheme == URL_SCHEME_HIFIAPP) {
            DependencyManager::get<QmlCommerce>()->openSystemApp(url.path());
        } else {
 #if defined(Q_OS_ANDROID)
            QMap<QString, QString> args;
            args["url"] = url.toString();
            AndroidHelper::instance().requestActivity("WebView", true, args);
 #else
            // address manager did not handle - ask QDesktopServices to handle
            QDesktopServices::openUrl(url);
 #endif
        }
--- a/interface/src/scripting/WindowScriptingInterface.h
+++ b/interface/src/scripting/WindowScriptingInterface.h
@ -535,9 +535,10 @@ public slots:
    int openMessageBox(QString title, QString text, int buttons, int defaultButton);
    /**jsdoc
-     * Open a URL in the Interface window or other application, depending on the URL's scheme. If the URL starts with 
+     * Open a URL in the Interface window or other application, depending on the URL's scheme. The following schemes are supported:
-     * <code>hifi://</code> then that URL is navigated to in Interface, otherwise the URL is opened in the application the OS 
+     * <code>hifi</code> (navigate to the URL in Interface), <code>hifiapp<code> (open a system app in Interface).  Other schemes will either be handled by the OS
-     * associates with the URL's scheme (e.g., a Web browser for <code>http://</code>).
+     * (e.g. <code>http</code>, <code>https</code>, <code>mailto</code>) or will create a confirmation dialog asking the user to confirm that they want to try to open
     * the URL.
     * @function Window.openUrl
     * @param {string} url - The URL to open.
     */
--- a/interface/src/ui/LoginDialog.cpp
+++ b/interface/src/ui/LoginDialog.cpp
@ -279,10 +279,6 @@ void LoginDialog::createAccountFromSteam(QString username) {
    }
 }
 void LoginDialog::openUrl(const QString& url) const {
    QDesktopServices::openUrl(QUrl(url));
 }
 void LoginDialog::linkCompleted(QNetworkReply* reply) {
    emit handleLinkCompleted();
 }
--- a/interface/src/ui/LoginDialog.h
+++ b/interface/src/ui/LoginDialog.h
@ -80,8 +80,6 @@ protected slots:
    Q_INVOKABLE void signup(const QString& email, const QString& username, const QString& password);
    Q_INVOKABLE void openUrl(const QString& url) const;
    Q_INVOKABLE bool getLoginDialogPoppedUp() const;
 };
--- a/libraries/ui/src/FileDialogHelper.cpp
+++ b/libraries/ui/src/FileDialogHelper.cpp
@ -111,7 +111,15 @@ QStringList FileDialogHelper::drives() {
 }
 void FileDialogHelper::openDirectory(const QString& path) {
-    QDesktopServices::openUrl(path);
+    QString dirPath = path;
    const QString FILE_SCHEME = "file://";
    if (dirPath.startsWith(FILE_SCHEME)) {
        dirPath.remove(0, FILE_SCHEME.length());
    }
    QFileInfo fileInfo(dirPath);
    if (fileInfo.isDir()) {
        QDesktopServices::openUrl(path);
    }
 }
 QList<QUrl> FileDialogHelper::urlToList(const QUrl& url) {