diff options
author | Maximilian Goldstein <max.goldstein@qt.io> | 2020-01-29 12:22:28 +0100 |
---|---|---|
committer | Maximilian Goldstein <max.goldstein@qt.io> | 2020-02-12 12:48:56 +0100 |
commit | 899de66d41e4e9666187e107516ac714963e7b20 (patch) | |
tree | 4fc60f3a3ea26e26bf3cd6ccd9c1036442a4c1b2 /src/qml/qml/qqmlxmlhttprequest.cpp | |
parent | af78fdfab11a0685fc13b99f86dc226fa047f8a2 (diff) |
qqmlxmlhttprequest: Disable local file access by default
[ChangeLog][Important Behavior Changes] Local file accesses are now
disabled by default for security reasons. To enable them set the
environment variables QML_XHR_ALLOW_FILE_READ / QML_XHR_ALLOW_FILE_WRITE
to 1 for reading and writing respectively.
Change-Id: Idf225d6eb8f16b1716867101b8e768926242b7bf
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Diffstat (limited to 'src/qml/qml/qqmlxmlhttprequest.cpp')
-rw-r--r-- | src/qml/qml/qqmlxmlhttprequest.cpp | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp index c820499703..c23542dd44 100644 --- a/src/qml/qml/qqmlxmlhttprequest.cpp +++ b/src/qml/qml/qqmlxmlhttprequest.cpp @@ -1203,25 +1203,15 @@ void QQmlXMLHttpRequest::requestFromUrl(const QUrl &url) if (m_method == QLatin1String("PUT")) { if (!xhrFileWrite()) { - if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_WRITE")) { - qWarning("XMLHttpRequest: Tried to use PUT on a local file despite being disabled."); - return; - } else { - qWarning("XMLHttpRequest: Using PUT on a local file is dangerous " - "and will be disabled by default in a future Qt version." - "Set QML_XHR_ALLOW_FILE_WRITE to 1 if you wish to continue using this feature."); - } + qWarning("XMLHttpRequest: Using PUT on a local file is disabled by default.\n" + "Set QML_XHR_ALLOW_FILE_WRITE to 1 to enable this feature."); + return; } } else if (m_method == QLatin1String("GET")) { if (!xhrFileRead()) { - if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_READ")) { - qWarning("XMLHttpRequest: Tried to use GET on a local file despite being disabled."); - return; - } else { - qWarning("XMLHttpRequest: Using GET on a local file is dangerous " - "and will be disabled by default in a future Qt version." - "Set QML_XHR_ALLOW_FILE_READ to 1 if you wish to continue using this feature."); - } + qWarning("XMLHttpRequest: Using GET on a local file is disabled by default.\n" + "Set QML_XHR_ALLOW_FILE_READ to 1 to enable this feature."); + return; } } else { qWarning("XMLHttpRequest: Unsupported method used on a local file"); |