qqmlxmlhttprequest: Disable local file access by default

[ChangeLog][Important Behavior Changes] Local file accesses are now disabled by default for security reasons. To enable them set the environment variables QML_XHR_ALLOW_FILE_READ / QML_XHR_ALLOW_FILE_WRITE to 1 for reading and writing respectively. Change-Id: Idf225d6eb8f16b1716867101b8e768926242b7bf Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
author: Maximilian Goldstein <max.goldstein@qt.io> 2020-01-29 12:22:28 +0100
committer: Maximilian Goldstein <max.goldstein@qt.io> 2020-02-12 12:48:56 +0100
commit: 899de66d41e4e9666187e107516ac714963e7b20 (patch)
tree: 4fc60f3a3ea26e26bf3cd6ccd9c1036442a4c1b2 /src/qml/qml/qqmlxmlhttprequest.cpp
parent: af78fdfab11a0685fc13b99f86dc226fa047f8a2 (diff)
1 files changed, 6 insertions, 16 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp
index c820499703..c23542dd44 100644
--- a/src/qml/qml/qqmlxmlhttprequest.cpp
+++ b/src/qml/qml/qqmlxmlhttprequest.cpp
@@ -1203,25 +1203,15 @@ void QQmlXMLHttpRequest::requestFromUrl(const QUrl &url)
         if (m_method == QLatin1String("PUT"))
         {
             if (!xhrFileWrite()) {
-                if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_WRITE")) {
-                    qWarning("XMLHttpRequest: Tried to use PUT on a local file despite being disabled.");
-                    return;
-                } else {
-                    qWarning("XMLHttpRequest: Using PUT on a local file is dangerous "
-                             "and will be disabled by default in a future Qt version."
-                             "Set QML_XHR_ALLOW_FILE_WRITE to 1 if you wish to continue using this feature.");
-                }
+                qWarning("XMLHttpRequest: Using PUT on a local file is disabled by default.\n"
+                         "Set QML_XHR_ALLOW_FILE_WRITE to 1 to enable this feature.");
+                return;
             }
         } else if (m_method == QLatin1String("GET")) {
             if (!xhrFileRead()) {
-                if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_READ")) {
-                    qWarning("XMLHttpRequest: Tried to use GET on a local file despite being disabled.");
-                    return;
-                } else {
-                    qWarning("XMLHttpRequest: Using GET on a local file is dangerous "
-                             "and will be disabled by default in a future Qt version."
-                             "Set QML_XHR_ALLOW_FILE_READ to 1 if you wish to continue using this feature.");
-                }
+                qWarning("XMLHttpRequest: Using GET on a local file is disabled by default.\n"
+                         "Set QML_XHR_ALLOW_FILE_READ to 1 to enable this feature.");
+                return;
             }
         } else {
             qWarning("XMLHttpRequest: Unsupported method used on a local file");
author	Maximilian Goldstein <max.goldstein@qt.io>	2020-01-29 12:22:28 +0100
committer	Maximilian Goldstein <max.goldstein@qt.io>	2020-02-12 12:48:56 +0100
commit	899de66d41e4e9666187e107516ac714963e7b20 (patch)
tree	4fc60f3a3ea26e26bf3cd6ccd9c1036442a4c1b2 /src/qml/qml/qqmlxmlhttprequest.cpp
parent	af78fdfab11a0685fc13b99f86dc226fa047f8a2 (diff)