From 1d38db3c80c157869e7bdbb8cd6d3ba266836639 Mon Sep 17 00:00:00 2001 From: zhaominyong Date: Fri, 29 Apr 2022 14:12:27 +0800 Subject: [PATCH] =?UTF-8?q?115051=20=E3=80=90KVE-2022-0404=E3=80=91?= =?UTF-8?q?=E3=80=90=E5=A4=87=E4=BB=BD=E8=BF=98=E5=8E=9F=E3=80=91=E5=A4=87?= =?UTF-8?q?=E4=BB=BD=E8=BF=98=E5=8E=9F=E5=B7=A5=E5=85=B7-=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E5=A4=87=E4=BB=BD=E5=8A=9F=E8=83=BD=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E4=BB=BB=E6=84=8F=E5=91=BD=E4=BB=A4=E6=89=A7=E8=A1=8C=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E=EF=BC=8C=E5=AF=BC=E8=87=B4=E6=9C=AC=E5=9C=B0=E6=8F=90?= =?UTF-8?q?=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kybackup/component/backuplistwidget.cpp | 13 +++++++++++ kybackup/qt_zh_CN.ts | 29 ++++++++++++++++-------- kybackup/resource/language/qt_zh_CN.qm | Bin 29949 -> 30108 bytes 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/kybackup/component/backuplistwidget.cpp b/kybackup/component/backuplistwidget.cpp index 933dee5..556f7db 100755 --- a/kybackup/component/backuplistwidget.cpp +++ b/kybackup/component/backuplistwidget.cpp @@ -208,6 +208,19 @@ void BackupListWidget::dropEvent(QDropEvent *event) bool BackupListWidget::checkPathLimit(const QString &path) { + // 防命令注入 + // 1、形如:mkdir '`id&>id_bak_test.txt`'中的文件夹名称 + // 2、形如:$()的文件夹名称 + // 3、形如:${}的文件夹名称 + // 4、包含[;、&、|]等可以包含并执行系统命令或用于连续执行系统命令的符号 + if ( path.contains(QRegularExpression(".*`.*`.*")) + || path.contains(QRegularExpression(".*\\$\\(.*\\).*")) + || path.contains(QRegularExpression(".*\\$\\{.*\\}.*")) + || path.contains(QRegularExpression("[;&|]+"))) { + MessageBoxUtils::QMESSAGE_BOX_WARNING(this, QObject::tr("Warning"), QObject::tr("Path can not include symbols that such as : ``,$(),${},;,&,|,etc."), QObject::tr("OK")); + return false; + } + // 1、列表中是否已经存在 if (contains(path)) { MessageBoxUtils::QMESSAGE_BOX_WARNING(this, QObject::tr("Warning"), diff --git a/kybackup/qt_zh_CN.ts b/kybackup/qt_zh_CN.ts index 594d203..6883354 100755 --- a/kybackup/qt_zh_CN.ts +++ b/kybackup/qt_zh_CN.ts @@ -1224,9 +1224,10 @@ - - - + + + + @@ -1242,14 +1243,24 @@ 警告 - + + Path can not include symbols that such as : ``,$(),${},;,&,|,etc. + 路径中不能包含:``、$()、${}、;、&、|等特殊符号 + + + + OK + + + + Path already exists : 路径已经存在: - - - + + + @@ -1271,12 +1282,12 @@ 确定 - + The file or directory does not exist : 文件或目录不存在 - + Only data that exists in the follow directorys can be selected: %1. Path:%2 is not in them. 只有后面目录中的数据可以选择:%1。 diff --git a/kybackup/resource/language/qt_zh_CN.qm b/kybackup/resource/language/qt_zh_CN.qm index 0b70a76107e24c845340c298b57c7ff0942cd997..438b1db3bfd27b71dffaf76516a85f4e007c9d5d 100644 GIT binary patch delta 1650 zcmXBUdr(wW90&04z5Bd(SyvInRrIca3&`$@iaZu`&_GxOX1XGA;VM{W-)cf^T(ObKlhw_evk8;c*=b^ z%vfFGFSJpt@atLs2+Up=jMBhdBaEa0zXy6m{poB&K2XD)OzSI;F5&QJK7lRXrG6{Dn) zlk$hTsrT>Ey$+_UpYzXH46JM9On>JC!5nASo&szM%mO)Q4m%8Z-(lwRTxyY?emBZB z6w}Kj4KtG;ljodqUPcYq(|MVOv5`CKlLhGaFbnT;1FA)US3EN_oFwoTKCPJ4@se$f zuUv2&i0|Y*IbQ-x2l$4qy?`r#zi^f2WO^~vafH9)Jqj$F;0NR10aoASf9)=$`Q6Gt z8JZ2`Zzm6UOHr!7ER!QZVW_MwhPHHI+5j`U zi&;=9YxVyCP@ZI_W|AtI#N8$BGD+AkJ8BICoFU|lELi_oUR0k8=ssnJH!!npX70&uAw04Qiob}{{+>h%em*tZ1Sh2T<=E3m?8Ik)5 zM-+z>=hBUrh*lvj=ulkh`yOzIDu!Ru9Qk@P1NxYeR^}RCX88r;P^{wqB_|Zd<#}%_ z4@G2u6&x@MVs>(GsQun#ZIA>hJ;D`hgQ_r-}Zhbc?#QXDtwST3vNu673CtW}%Zb zDkWh+eRlX74QPn;DoX?GlJM~^8tuAB;rP|>fJs-G^T(N4rNpd~^cRJ5RvO6KG~sp^ z{e@pW(_thfD$6{3i5Q*oClIzlv|VojmfRAPGijW<-`JEJcE0VeVD7xdJ?8_bG)abP%`_V`q0#)SCS z>mBr*ZIaJNc}?jWqZ$$PGi}YqAAy7+X0l!DslG_lIbFLW-H%S1+1isgX*$ZD zkq5$3(Y|-mxfwsu!apZ-MTzSn38JwnN3V;q(lFiax)o9(5IM+P)22(hTT3T`N>_1g zKM=i9=Q*SSLQJ}r-a&fyo4R(JlTNFCW^R;jUvnI7be_2~NO!!4mU2;>?o1#ZPeKH9 zmACHvHQKt?j#tWH8zLj(Ouk|#F~!gCi_w@@G+En6*KSWUr)irfvJ}~2|IL6C&TtMv z2tnv8>(NM!rOQZHL%pqL^BX(sjalRLkwyTts#h10O76BH~si2FR|gyx%VJ22+|wvS|dLGY&Y4 z3da{IuNi4HGfT8aog6Ej%}18zqkLtCsUc&H;ES>8)bFp)ANSmQ&hK}=_qVH`y?nqn z2U`CEv_-(U^JJ1Q>D=C8k5FCLp=sO+%>T8;6Q^ceg*J5%D648|FIJ0oBYj5&uy8Zi zGTV$2 zK{gAx@r!uZLza$ap&8SFnm<_7^8z4}F}wLQAmvlCsFv9$bpifY$lOKDU1k;Q9#V!|6i|AN?Fq~RtgU2m0`uyp0;WVVqm3s?(USXnzErX~J<{SS zmw?1}sV?VhV5V1USlt7Zte1|T5j`1ML3)hR75_&-!b|CP;#wfrA>HdN7X4i<-R}zn z@(1`$DY`6mt(?g?;AxeYjz0_-3(3&CWOOQ-zLzXrA}_mm0GN|0H*81;MtI5i4zlR7 z+!VS6&>bLCkMUaB#u9k5Y*QfbafAa4TKHi((we3ztIq>0d&!svGV358lBctA+^(6f zjM8}D8zU}rJ+IY7`thG&%v?qHni@daI`(KD21^JU>d&xKlS+IhviR2z_8mr{{wGp%P?&-SrMFX0} zx|?bxFgsoMz||qb`H-BuTsL?}R6KeFS=yr;{#Z2nwGh%J^B|qgsnf6NZ2|(nCG&Ub z8#@iav~l{L8={XX%n;)h(GP!VD2WogRQ_(L>RtfMI%uff;UlsUN_tN7r@( z7ASY~9$nSg!Y1XT&7#_xPG#Sjp8%gTiwuW{LLvN&NHnU%|%4Z+G>W9K##P`#J$H-xRs zxn}%i>jV*@VdI50H^fHk$h<=1o#|p~=;KItqH%EJ5n#$r6MO%VSU=n3*D)y8D`f5! zQ&P>3z#E;W((wc0g0`5-f<&f5@=P_)y`q~6Ip1okof!nk$^Xk;ia&F5j}jqO{ms`Z z5stKHroI=q#E2O-PdL{MggrDbIdKh0>LZ;e&2{gb5YI=N*QE!GWHg!&To9e8&f#~J znQGxbK1V~YifLEO?W&Eb+^t50WUsNzaEKzyo>-D?B71SS$$}x?tcF#m+_p43OT-*H zMCNu`wyl~aA}o=vX3M^AaamJ0SPqAa!K1{I^Xe_f&Wcbv+DNC{a&cJvj{a?yfrc0{ fdq!Gb$p6it)`j9gk9lX}