diff options
author | Maximilian Goldstein <max.goldstein@qt.io> | 2020-01-29 12:22:28 +0100 |
---|---|---|
committer | Maximilian Goldstein <max.goldstein@qt.io> | 2020-02-12 12:48:56 +0100 |
commit | 899de66d41e4e9666187e107516ac714963e7b20 (patch) | |
tree | 4fc60f3a3ea26e26bf3cd6ccd9c1036442a4c1b2 /tests/auto/qml/qqmlxmlhttprequest | |
parent | af78fdfab11a0685fc13b99f86dc226fa047f8a2 (diff) |
qqmlxmlhttprequest: Disable local file access by default
[ChangeLog][Important Behavior Changes] Local file accesses are now
disabled by default for security reasons. To enable them set the
environment variables QML_XHR_ALLOW_FILE_READ / QML_XHR_ALLOW_FILE_WRITE
to 1 for reading and writing respectively.
Change-Id: Idf225d6eb8f16b1716867101b8e768926242b7bf
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Diffstat (limited to 'tests/auto/qml/qqmlxmlhttprequest')
-rw-r--r-- | tests/auto/qml/qqmlxmlhttprequest/tst_qqmlxmlhttprequest.cpp | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/tests/auto/qml/qqmlxmlhttprequest/tst_qqmlxmlhttprequest.cpp b/tests/auto/qml/qqmlxmlhttprequest/tst_qqmlxmlhttprequest.cpp index ae794e76a9..2c08c33fc8 100644 --- a/tests/auto/qml/qqmlxmlhttprequest/tst_qqmlxmlhttprequest.cpp +++ b/tests/auto/qml/qqmlxmlhttprequest/tst_qqmlxmlhttprequest.cpp @@ -1133,15 +1133,16 @@ void tst_qqmlxmlhttprequest::sendFileRequest() #if QT_CONFIG(process) void tst_qqmlxmlhttprequest::sendFileRequestNotSet() { if (qEnvironmentVariableIsSet("TEST_CUSTOM_PERMISSIONS")) { - // Test with no settings - // Should just result in warnings in Qt 5 - doFileRequest([](QObject* object, QTemporaryFile &writeFile) { - QTRY_COMPARE(object->property("readResult").toString(), testString); + // Test with no settings, neither reading nor writing should work + doFileRequest([](QObject *object, QTemporaryFile &writeFile) { + QTest::qWait(1000); - QTRY_VERIFY(object->property("writeDone").toBool()); + // Verify that the read has not yielded any value + QVERIFY(object->property("readResult").isNull()); + // Check that the file stays empty QVERIFY(writeFile.open()); - QCOMPARE(QString::fromUtf8(writeFile.readAll()), testString); + QCOMPARE(QString::fromUtf8(writeFile.readAll()), ""); writeFile.close(); }); return; @@ -1161,22 +1162,25 @@ void tst_qqmlxmlhttprequest::sendFileRequestNotSet() { // Check exit code QCOMPARE(child.exitCode(), 0); - // Check if all warnings were printed + // Check if all errors were printed QString output = QString::fromUtf8(child.readAllStandardOutput()); + // Due to differences in line endings on Windows, check for the error lines individually + const QStringList readingError = { + QLatin1String("XMLHttpRequest: Using GET on a local file is disabled by default."), + QLatin1String("Set QML_XHR_ALLOW_FILE_READ to 1 to enable this feature.") + }; - const QString readingWarning = QLatin1String( - "XMLHttpRequest: Using GET on a local file is dangerous " - "and will be disabled by default in a future Qt version." - "Set QML_XHR_ALLOW_FILE_READ to 1 if you wish to continue using this feature."); + const QStringList writingError = { + QLatin1String("XMLHttpRequest: Using PUT on a local file is disabled by default."), + QLatin1String("Set QML_XHR_ALLOW_FILE_WRITE to 1 to enable this feature.") + }; - const QString writingWarning = QLatin1String( - "XMLHttpRequest: Using PUT on a local file is dangerous " - "and will be disabled by default in a future Qt version." - "Set QML_XHR_ALLOW_FILE_WRITE to 1 if you wish to continue using this feature."); + for (const auto &readingErrorLine : readingError) + QVERIFY(output.contains(readingErrorLine)); - QVERIFY(output.contains(readingWarning)); - QVERIFY(output.contains(writingWarning)); + for (const auto &writingErrorLine : writingError) + QVERIFY(output.contains(writingErrorLine)); } #endif |