From 42c6033724e2b5a54702d626c57806e53f163c62 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 16 Jan 2017 14:39:09 +0100 Subject: QWebEngineDownloadItem::path() should not be percentage encoded If the name of the download item is derived from the URL, we currently end up reporting a partially percentage encoded name. This is problematic if our users try to undo the the percentage encoding and opens them out to download-folder escaping files that can install hooks in the user's home directory. [ChangeLog][DownloadItem] (QWebEngine)DownloadItem::path() was previously incorrectly returning percentage encoded file-names when the suggested path was based on URL. This has been corrected. Note percentage decoding the path generally before is not just incorrect when the path is not based on URL, but also dangerous as it can lead to downloads that escape the download folder. Task-number: QTBUG-58155 Change-Id: Ie23a4ff5d4e4c353df72e617bb2b00e1935cd6c1 Reviewed-by: Joerg Bornemann --- src/core/download_manager_delegate_qt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/core/download_manager_delegate_qt.cpp') diff --git a/src/core/download_manager_delegate_qt.cpp b/src/core/download_manager_delegate_qt.cpp index 2cbfd121b..a1445d609 100644 --- a/src/core/download_manager_delegate_qt.cpp +++ b/src/core/download_manager_delegate_qt.cpp @@ -129,7 +129,7 @@ bool DownloadManagerDelegateQt::DetermineDownloadTarget(content::DownloadItem* i suggestedFilename = toQt(item->GetTargetFilePath().AsUTF8Unsafe()); if (suggestedFilename.isEmpty()) - suggestedFilename = toQt(item->GetURL().ExtractFileName()); + suggestedFilename = QUrl::fromPercentEncoding(toQByteArray(item->GetURL().ExtractFileName())); if (suggestedFilename.isEmpty()) { suggestedFilename = QStringLiteral("qwe_download"); -- cgit v1.2.3