From e02bcb0855ebee0612cab0f3cd3f9fd494497336 Mon Sep 17 00:00:00 2001
From: Tamas Zakor <ztamas@inf.u-szeged.hu>
Date: Fri, 3 May 2019 15:53:25 +0200
Subject: Add path validation for QWebEngineDownloadItem::setPath()

Do not set path if it ends with separator or if
it matches with an already existing directory name.

Task-number: QTBUG-75566
Change-Id: I4b78b28afe034c7589633c569a4945a36b32008e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
 src/webengine/api/qquickwebenginedownloaditem.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/webengine/api')

diff --git a/src/webengine/api/qquickwebenginedownloaditem.cpp b/src/webengine/api/qquickwebenginedownloaditem.cpp
index cdb95fa53..7d51ed21d 100644
--- a/src/webengine/api/qquickwebenginedownloaditem.cpp
+++ b/src/webengine/api/qquickwebenginedownloaditem.cpp
@@ -43,6 +43,8 @@
 #include "profile_adapter.h"
 #include "qquickwebengineprofile_p.h"
 
+#include "QFileInfo"
+
 using QtWebEngineCore::ProfileAdapterClient;
 
 QT_BEGIN_NAMESPACE
@@ -427,6 +429,16 @@ void QQuickWebEngineDownloadItem::setPath(QString path)
         return;
     }
     if (d->downloadPath != path) {
+        if (QFileInfo(path).fileName().isEmpty()) {
+            qWarning("The download path does not include file name.");
+            return;
+        }
+
+        if (QFileInfo(path).isDir()) {
+            qWarning("The download path matches with an already existing directory path.");
+            return;
+        }
+
         d->downloadPath = path;
         Q_EMIT pathChanged();
     }
-- 
cgit v1.2.3