Skip to content

Commit

Permalink
HTML escape certificate fields
Browse files Browse the repository at this point in the history
WE2-926

Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
metsma authored and mrts committed Apr 26, 2024
1 parent 83cbf31 commit 083c77e
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 11 deletions.
4 changes: 2 additions & 2 deletions src/controller/command-handlers/certificatereader.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ CardCertificateAndPinInfo getCertificateWithStatusAndInfo(const CardInfo::ptr& c
CertificateReader::CertificateReader(const CommandWithArguments& cmd) : CommandHandler(cmd)
{
validateAndStoreOrigin(cmd.second);
if (Application* app = qobject_cast<Application*>(qApp)) {
if (auto* app = qobject_cast<Application*>(qApp)) {
app->loadTranslations(cmd.second.value(QStringLiteral("lang")).toString());
}
}
Expand Down Expand Up @@ -142,7 +142,7 @@ void CertificateReader::validateAndStoreOrigin(const QVariantMap& arguments)
|| origin.hasFragment()) {
THROW(CommandHandlerInputDataError, "origin is not in <scheme>://<host>[:<port>] format");
}
if (origin.scheme() != QStringLiteral("https") && origin.scheme() != QStringLiteral("wss")) {
if (origin.scheme() != QLatin1String("https") && origin.scheme() != QLatin1String("wss")) {
THROW(CommandHandlerInputDataError, "origin scheme has to be https or wss");
}
}
17 changes: 9 additions & 8 deletions src/ui/certificatewidget.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,12 @@ CardCertificateAndPinInfo CertificateWidgetInfo::certificateInfo() const
return certAndPinInfo;
}

std::tuple<QString, QString, QString> CertificateWidgetInfo::certData() const
std::tuple<QString, QString, QString, QString> CertificateWidgetInfo::certData() const
{
return {certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName).join(' '),
return {certAndPinInfo.certInfo.subject.toHtmlEscaped(),
certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName)
.join(' ')
.toHtmlEscaped(),
certAndPinInfo.certificate.effectiveDate().date().toString(Qt::ISODate),
certAndPinInfo.certificate.expiryDate().date().toString(Qt::ISODate)};
}
Expand All @@ -101,7 +104,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
certAndPinInfo = cardCertPinInfo;
const auto& certInfo = cardCertPinInfo.certInfo;
QString warning;
auto [issuer, effectiveDate, expiryDate] = certData();
auto [subject, issuer, effectiveDate, expiryDate] = certData();
if (certInfo.notEffective) {
effectiveDate = displayInRed(effectiveDate);
warning = displayInRed(CertificateWidget::tr(" (Not effective)"));
Expand All @@ -111,7 +114,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
warning = displayInRed(CertificateWidget::tr(" (Expired)"));
}
info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
.arg(certInfo.subject, issuer, effectiveDate, expiryDate, warning));
.arg(subject, issuer, effectiveDate, expiryDate, warning));
info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
|| cardCertPinInfo.pinInfo.pinIsBlocked);
if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
Expand Down Expand Up @@ -171,10 +174,8 @@ bool CertificateButton::eventFilter(QObject* object, QEvent* event)
void CertificateButton::setCertificateInfo(const CardCertificateAndPinInfo& cardCertPinInfo)
{
CertificateWidgetInfo::setCertificateInfo(cardCertPinInfo);
const auto& certInfo = cardCertPinInfo.certInfo;
auto [issuer, effectiveDate, expiryDate] = certData();
setText(tr("%1 Issuer: %2 Valid: %3 to %4")
.arg(certInfo.subject, issuer, effectiveDate, expiryDate));
auto [subject, issuer, effectiveDate, expiryDate] = certData();
setText(tr("%1 Issuer: %2 Valid: %3 to %4").arg(subject, issuer, effectiveDate, expiryDate));
}

void CertificateButton::paintEvent(QPaintEvent* /*event*/)
Expand Down
2 changes: 1 addition & 1 deletion src/ui/certificatewidget.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class CertificateWidgetInfo
Q_DISABLE_COPY_MOVE(CertificateWidgetInfo)

void drawWarnIcon();
std::tuple<QString, QString, QString> certData() const;
std::tuple<QString, QString, QString, QString> certData() const;

QLabel* icon;
QLabel* info;
Expand Down

0 comments on commit 083c77e

Please sign in to comment.