diff options
Diffstat (limited to 'src/qml/qml/qqmlxmlhttprequest.cpp')
-rw-r--r-- | src/qml/qml/qqmlxmlhttprequest.cpp | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp index 021aa369fa..86e6282e53 100644 --- a/src/qml/qml/qqmlxmlhttprequest.cpp +++ b/src/qml/qml/qqmlxmlhttprequest.cpp @@ -54,6 +54,7 @@ #include <QtCore/qobject.h> #include <QtQml/qjsvalue.h> #include <QtQml/qjsengine.h> +#include <QtQml/qqmlfile.h> #include <QtNetwork/qnetworkreply.h> #include <QtCore/qtextcodec.h> #include <QtCore/qxmlstream.h> @@ -77,6 +78,8 @@ using namespace QV4; QT_BEGIN_NAMESPACE DEFINE_BOOL_CONFIG_OPTION(xhrDump, QML_XHR_DUMP); +DEFINE_BOOL_CONFIG_OPTION(xhrFileWrite, QML_XHR_ALLOW_FILE_WRITE); +DEFINE_BOOL_CONFIG_OPTION(xhrFileRead, QML_XHR_ALLOW_FILE_READ); struct QQmlXMLHttpRequestData { QQmlXMLHttpRequestData(); @@ -1195,6 +1198,37 @@ void QQmlXMLHttpRequest::fillHeadersList() void QQmlXMLHttpRequest::requestFromUrl(const QUrl &url) { QNetworkRequest request = m_request; + + if (QQmlFile::isLocalFile(url)) { + if (m_method == QLatin1String("PUT")) + { + if (!xhrFileWrite()) { + if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_WRITE")) { + qWarning("XMLHttpRequest: Tried to use PUT on a local file despite being disabled."); + return; + } else { + qWarning("XMLHttpRequest: Using PUT on a local file is dangerous " + "and will be disabled by default in a future Qt version." + "Set QML_XHR_ALLOW_FILE_WRITE to 1 if you wish to continue using this feature."); + } + } + } else if (m_method == QLatin1String("GET")) { + if (!xhrFileRead()) { + if (qEnvironmentVariableIsSet("QML_XHR_ALLOW_FILE_READ")) { + qWarning("XMLHttpRequest: Tried to use GET on a local file despite being disabled."); + return; + } else { + qWarning("XMLHttpRequest: Using GET on a local file is dangerous " + "and will be disabled by default in a future Qt version." + "Set QML_XHR_ALLOW_FILE_READ to 1 if you wish to continue using this feature."); + } + } + } else { + qWarning("XMLHttpRequest: Unsupported method used on a local file"); + return; + } + } + request.setUrl(url); if(m_method == QLatin1String("POST") || m_method == QLatin1String("PUT")) { @@ -1266,7 +1300,7 @@ void QQmlXMLHttpRequest::requestFromUrl(const QUrl &url) } else { QObject::connect(m_network, SIGNAL(readyRead()), this, SLOT(readyRead())); - QObject::connect(m_network, SIGNAL(error(QNetworkReply::NetworkError)), + QObject::connect(m_network, SIGNAL(errorOccurred(QNetworkReply::NetworkError)), this, SLOT(error(QNetworkReply::NetworkError))); QObject::connect(m_network, SIGNAL(finished()), this, SLOT(finished())); @@ -1389,13 +1423,17 @@ void QQmlXMLHttpRequest::finished() QVariant redirect = m_network->attribute(QNetworkRequest::RedirectionTargetAttribute); if (redirect.isValid()) { QUrl url = m_network->url().resolved(redirect.toUrl()); - if (url.scheme() != QLatin1String("file")) { + if (!QQmlFile::isLocalFile(url)) { // See http://www.ietf.org/rfc/rfc2616.txt, section 10.3.4 "303 See Other": // Result of 303 redirection should be a new "GET" request. const QVariant code = m_network->attribute(QNetworkRequest::HttpStatusCodeAttribute); if (code.isValid() && code.toInt() == 303 && m_method != QLatin1String("GET")) m_method = QStringLiteral("GET"); destroyNetwork(); + + // Discard redirect response body + m_responseEntityBody = QByteArray(); + requestFromUrl(url); return; } |