Merge pull request #1171 from csoler/v0.6-SecurityFixes

V0.6 security fixes
2025-01-25 23:06:10 -05:00 · 2018-02-14 22:02:20 +01:00 · 2018-02-14 22:02:20 +01:00 · ede51ab33d
commit ede51ab33d
parent 558bb9f760 cf33221f2f
3 changed files with 58 additions and 18 deletions
--- a/retroshare-gui/src/gui/common/RsCollectionDialog.ui
+++ b/retroshare-gui/src/gui/common/RsCollectionDialog.ui
@ -6,7 +6,7 @@
   <rect>
    <x>0</x>
    <y>0</y>
-    <width>969</width>
+    <width>978</width>
    <height>778</height>
   </rect>
  </property>
@ -279,7 +279,11 @@
                      <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Add selected item to collection one by one.&lt;/p&gt;&lt;p&gt;Select parent dir to add this too.&lt;/p&gt;&lt;p&gt;&lt;span style=&quot; font-style:italic; vertical-align:sub;&quot;&gt;&amp;lt;Enter&amp;gt;&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
                     </property>
                     <property name="text">
-                      <string notr="true">&gt;</string>
+                      <string notr="true"/>
+                     </property>
+                     <property name="icon">
+                      <iconset resource="../images.qrc">
+                       <normaloff>:/images/feedback_arrow.png</normaloff>:/images/feedback_arrow.png</iconset>
                     </property>
                    </widget>
                   </item>
@ -301,7 +305,11 @@
                      <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Add selected item to collection.&lt;/p&gt;&lt;p&gt;If a directory is selected, all of his children will be added.&lt;/p&gt;&lt;p&gt;&lt;span style=&quot; text-decoration: underline; vertical-align:sub;&quot;&gt;&amp;lt;Shift + Enter&amp;gt;&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
                     </property>
                     <property name="text">
-                      <string>&gt;&gt;</string>
+                      <string/>
+                     </property>
+                     <property name="icon">
+                      <iconset resource="../../../../plugins/FeedReader/gui/FeedReader_images.qrc">
+                       <normaloff>:/images/Update.png</normaloff>:/images/Update.png</iconset>
                     </property>
                    </widget>
                   </item>
@ -323,7 +331,11 @@
                      <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Remove selected item from collection.&lt;/p&gt;&lt;p&gt;&lt;span style=&quot; font-style:italic; vertical-align:sub;&quot;&gt;&amp;lt;Del&amp;gt;&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
                     </property>
                     <property name="text">
-                      <string notr="true">&lt;</string>
+                      <string notr="true"/>
+                     </property>
+                     <property name="icon">
+                      <iconset resource="../images.qrc">
+                       <normaloff>:/images/deletemail24.png</normaloff>:/images/deletemail24.png</iconset>
                     </property>
                    </widget>
                   </item>
@ -345,7 +357,11 @@
                      <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Make a new directory in the collection.&lt;/p&gt;&lt;p&gt;&lt;span style=&quot; font-style:italic; vertical-align:sub;&quot;&gt;&amp;lt;+&amp;gt;&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
                     </property>
                     <property name="text">
-                      <string>+</string>
+                      <string/>
+                     </property>
+                     <property name="icon">
+                      <iconset resource="../images.qrc">
+                       <normaloff>:/images/directoryadd_24x24_shadow.png</normaloff>:/images/directoryadd_24x24_shadow.png</iconset>
                     </property>
                    </widget>
                   </item>
@ -501,6 +517,7 @@
 </customwidgets>
 <resources>
  <include location="../images.qrc"/>
+  <include location="../../../../plugins/FeedReader/gui/FeedReader_images.qrc"/>
 </resources>
 <connections/>
 </ui>
--- a/retroshare-gui/src/gui/connect/ConnectFriendWizard.cpp
+++ b/retroshare-gui/src/gui/connect/ConnectFriendWizard.cpp
@ -293,17 +293,27 @@ void ConnectFriendWizard::setCertificate(const QString &certificate, bool friend
 #ifdef FRIEND_WIZARD_DEBUG
 		std::cerr << "ConnectFriendWizard got id : " << peerDetails.id << "; gpg_id : " << peerDetails.gpg_id << std::endl;
 #endif
-        mCertificate = certificate.toUtf8().constData();

-        // Cyril: I disabled this because it seems to be not used anymore.
-        //setStartId(friendRequest ? Page_FriendRequest : Page_Conclusion);
-        setStartId(Page_Conclusion);
-        if (friendRequest){
-        ui->cp_Label->show();
-        ui->requestinfolabel->show();
-        setTitleText(ui->ConclusionPage, tr("Friend request"));
-        ui->ConclusionPage->setSubTitle(tr("Details about the request"));
-        }
+		if(peerDetails.id == rsPeers->getOwnId())
+		{
+			setField("errorMessage", tr("This is your own certificate! You would not want to make friend with yourself. Wouldn't you?") ) ;
+			error = false;
+			setStartId(Page_ErrorMessage);
+		}
+		else
+		{
+			mCertificate = certificate.toUtf8().constData();
+
+			// Cyril: I disabled this because it seems to be not used anymore.
+			//setStartId(friendRequest ? Page_FriendRequest : Page_Conclusion);
+			setStartId(Page_Conclusion);
+			if (friendRequest){
+				ui->cp_Label->show();
+				ui->requestinfolabel->show();
+				setTitleText(ui->ConclusionPage, tr("Friend request"));
+				ui->ConclusionPage->setSubTitle(tr("Details about the request"));
+			}
+		}
    } else {
 		// error message
 		setField("errorMessage", tr("Certificate Load Failed") + ": \n\n" + getErrorString(cert_load_error_code)) ;
@ -497,8 +507,8 @@ void ConnectFriendWizard::initializePage(int id)
 			else
 				ui->alreadyRegisteredLabel->hide();
 			if(tmp_det.ownsign) {
-				ui->signGPGCheckBox->setChecked(true);
-				ui->signGPGCheckBox->setEnabled(false);
+				ui->signGPGCheckBox->setChecked(false);	// if already signed, we dont allow to sign it again, and dont show the box.
+				ui->signGPGCheckBox->setVisible(false);
 				ui->signGPGCheckBox->setToolTip(tr("You have already signed this key"));
 			}

@ -702,6 +712,13 @@ bool ConnectFriendWizard::validateCurrentPage()
 #ifdef FRIEND_WIZARD_DEBUG
 				std::cerr << "ConnectFriendWizard got id : " << peerDetails.id << "; gpg_id : " << peerDetails.gpg_id << std::endl;
 #endif
+
+				if(peerDetails.id == rsPeers->getOwnId())
+				{
+					setField("errorMessage", tr("This is your own certificate! You would not want to make friend with yourself. Wouldn't you?") ) ;
+					error = false;
+				}
+
 				break;
 			}
 			// error message
@ -735,6 +752,12 @@ bool ConnectFriendWizard::validateCurrentPage()
 #ifdef FRIEND_WIZARD_DEBUG
 					std::cerr << "ConnectFriendWizard got id : " << peerDetails.id << "; gpg_id : " << peerDetails.gpg_id << std::endl;
 #endif
+
+					if(peerDetails.id == rsPeers->getOwnId())
+					{
+						setField("errorMessage", tr("This is your own certificate! You would not want to make friend with yourself. Wouldn't you?") ) ;
+						error = false;
+					}
 				} else {
 					setField("errorMessage", QString(tr("Certificate Load Failed:something is wrong with %1")).arg(fn) + " : " + getErrorString(cert_error_code));
 					error = false;
--- a/retroshare-gui/src/gui/connect/ConnectFriendWizard.ui
+++ b/retroshare-gui/src/gui/connect/ConnectFriendWizard.ui
@ -1618,8 +1618,8 @@ resources.</string>
  </customwidget>
 </customwidgets>
 <resources>
-  <include location="../icons.qrc"/>
  <include location="../images.qrc"/>
+  <include location="../icons.qrc"/>
 </resources>
 <connections/>
 </ui>