[yast-devel] Re: [yast-commit] r66316 - in /trunk/snapper: VERSION agent-snapper/src/SnapperAgent.cc agent-snapper/src/SnapperAgent.h package/yast2-snapper.changes src/Snapper.ycp src/dialogs.ycp
Dne 7.10.2011 11:16, jsuchome@svn2.opensuse.org napsal(a):
-string SnapperAgent::getValue (const YCPMap map, const string key) +string SnapperAgent::getValue (const YCPMap map, const string key, string deflt) { if (!map->value(YCPString(key)).isNull() && map->value(YCPString(key))->isString()) return map->value(YCPString(key))->asString()->value(); else - return ""; + return deflt; }
The "key" parameter is not changed so you could pass a reference to it ("const string &key"), that will prevent from creating unnecessary copy of the string on function call. "deflt" is also not changed, passing "const string &deflt" would help (I'm not sure, I'm not C++ expert, but then you might need to create the copy explicitly via return string(deflt); at the end.)
@@ -252,13 +282,10 @@ /** * Return the given file mode as octal number */ -global integer GetFileMode (string file) { +integer GetFileMode (string file) {
map out = (map) SCR::Execute (.target.bash_output, "/bin/stat --printf=%a " + file);
When building custom shell commands String::Quote() should be always used, it prevents from errors when the input contains spaces and improves security (command injection) if the input comes from user.
if (Popup::AnyQuestionRichText (_("Restoring files"), // popup message, %1 is snapshot number, %2 list of files sformat (_("These files will be copied from snapshot '%1' to current system: <p>%2</p>Are you sure?"), - previous_num, mergestring (files, "<br>")), + previous_num, mergestring (to_restore, "<br>")),
Similar problem, although very unlikely, if a file name contains an HTML tag it would be wrongly displayed. Use String::EscapeTags().
- SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2'", orig, file)); + SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2'", orig, full_path));
String::Quote() should be also used here, '%1' helps when there is a space, but doesn't help when the string contains ' (a single quote). And if the command supports (cp does) we should use -- option to stop the option processing. If %1 begins with -- it would be processed as an option, in some cases this can completely change the meaning of the command. The most fool proof way is to execute shell commands like this: SCR::Execute (.target.bash, sformat ("/bin/cp -a -- '%1' '%2'", String::Quote(orig), String::Quote(full_path))); (Note: These problems are not critical in YaST because YaST is started by root, but it's more critical in webyast and therefore we should get used to think about these possible problems.) -- Ladislav Slezák Appliance department / YaST Developer Lihovarská 1060/12 190 00 Prague 9 / Czech Republic tel: +420 284 028 960 lslezak@suse.com SUSE -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Dne Pá 7. října 2011 16:53:28 Ladislav Slezak napsal(a):
Similar problem, although very unlikely, if a file name contains an HTML tag it would be wrongly displayed. Use String::EscapeTags().
- SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2'", orig, file)); + SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2'", orig, full_path));
String::Quote() should be also used here, '%1' helps when there is a space, but doesn't help when the string contains ' (a single quote).
And if the command supports (cp does) we should use -- option to stop the option processing. If %1 begins with -- it would be processed as an option, in some cases this can completely change the meaning of the command.
Good points. I actually do not see the need for Quoter there, but passing -- seems to be really good idea. Jiri -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On Fri, Oct 07, 2011 at 04:53:28PM +0200, Ladislav Slezak wrote:
Dne 7.10.2011 11:16, jsuchome@svn2.opensuse.org napsal(a):
-string SnapperAgent::getValue (const YCPMap map, const string key) +string SnapperAgent::getValue (const YCPMap map, const string key, string deflt) { if (!map->value(YCPString(key)).isNull() && map->value(YCPString(key))->isString()) return map->value(YCPString(key))->asString()->value(); else - return ""; + return deflt; }
The "key" parameter is not changed so you could pass a reference to it ("const string &key"), that will prevent from creating unnecessary copy of the string on function call.
"deflt" is also not changed, passing "const string &deflt" would help
Right. The same for const YCPMap& map.
(I'm not sure, I'm not C++ expert, but then you might need to create the copy explicitly via
return string(deflt);
at the end.)
That's unnecessary, because the constructor string(const string&) is not marked "explicit". -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu
participants (3)
-
Jiri Suchomel -
Ladislav Slezak -
Martin Vidner