diff options
| author | Jani Honkonen <jani.honkonen@digia.com> | 2012-08-06 13:18:48 +0300 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2012-08-15 11:38:37 +0200 |
| commit | 121062d8848986dcfaf421388a5603b3b48a1e58 (patch) | |
| tree | 08d92b7e0cb90d6bd49b868d75df8f394913810e /src/widgets/widgets | |
| parent | d19589b90adca7130129b59b662e515226a943e1 (diff) | |
Fix undo and redo in QLineEdit when in password mode
There are some security issues with undo/redo. User should not be
able to get the erased password back in any situation. Therefore
redo must be disabled completely and undo is limited only for erasing
previously entered text.
Task-number: QTBUG-14226
Change-Id: I2b38aca84adbad1c14db76b56ad6303d56b35b4d
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
Diffstat (limited to 'src/widgets/widgets')
| -rw-r--r-- | src/widgets/widgets/qwidgetlinecontrol.cpp | 22 | ||||
| -rw-r--r-- | src/widgets/widgets/qwidgetlinecontrol_p.h | 4 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/widgets/widgets/qwidgetlinecontrol.cpp b/src/widgets/widgets/qwidgetlinecontrol.cpp index 6920354e73..ba7e2ddacf 100644 --- a/src/widgets/widgets/qwidgetlinecontrol.cpp +++ b/src/widgets/widgets/qwidgetlinecontrol.cpp @@ -1279,6 +1279,13 @@ void QWidgetLineControl::internalUndo(int until) return; cancelPasswordEchoTimer(); internalDeselect(); + + // Undo works only for clearing the line when in any of password the modes + if (m_echoMode != QLineEdit::Normal) { + clear(); + return; + } + while (m_undoState && m_undoState > until) { Command& cmd = m_history[--m_undoState]; switch (cmd.type) { @@ -1868,6 +1875,21 @@ void QWidgetLineControl::processKeyEvent(QKeyEvent* event) event->accept(); } +bool QWidgetLineControl::isUndoAvailable() const +{ + // For security reasons undo is not available in any password mode (NoEcho included) + // with the exception that the user can clear the password with undo. + return !m_readOnly && m_undoState + && (m_echoMode == QLineEdit::Normal || m_history[m_undoState - 1].type == QWidgetLineControl::Insert); +} + +bool QWidgetLineControl::isRedoAvailable() const +{ + // Same as with undo. Disabled for password modes. + return !m_readOnly + && m_echoMode == QLineEdit::Normal + && m_undoState < m_history.size(); +} QT_END_NAMESPACE diff --git a/src/widgets/widgets/qwidgetlinecontrol_p.h b/src/widgets/widgets/qwidgetlinecontrol_p.h index ba3b202bda..2dce790c1e 100644 --- a/src/widgets/widgets/qwidgetlinecontrol_p.h +++ b/src/widgets/widgets/qwidgetlinecontrol_p.h @@ -125,8 +125,8 @@ public: return (c != -1 ? c : 0); } - bool isUndoAvailable() const { return !m_readOnly && m_undoState; } - bool isRedoAvailable() const { return !m_readOnly && m_undoState < (int)m_history.size(); } + bool isUndoAvailable() const; + bool isRedoAvailable() const; void clearUndo() { m_history.clear(); m_modifiedState = m_undoState = 0; } bool isModified() const { return m_modifiedState != m_undoState; } |