From a1a298af5825de6151b272cfe564a8db007ee41e Mon Sep 17 00:00:00 2001 From: Veloman Yunkan Date: Wed, 27 Mar 2024 18:35:38 +0400 Subject: [PATCH] Safety measure in eraseBookFilesFromComputer() My experience is that `kiwix::Download::getPath()` may return an empty string (at least for a fresh download object and probably before Aria2 actually starts downloading and creates the target file). Passing such an empty string into `eraseBookFilesFromComputer()` might have disastrous consequences. Now that function should be safer. --- src/contentmanager.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/contentmanager.cpp b/src/contentmanager.cpp index b2213e4..c4761fd 100644 --- a/src/contentmanager.cpp +++ b/src/contentmanager.cpp @@ -566,6 +566,14 @@ void ContentManager::downloadBook(const QString &id) downloadStarted(book, downloadId); } +static const char MSG_FOR_PREVENTED_RMSTAR_OPERATION[] = R"( + BUG: Errare humanum est. + BUG: Kiwix developers are human, but we try to ensure that our mistakes + BUG: don't cause harm to our users. + BUG: If we didn't detect this situation we could have erased a lot of files + BUG: on your computer. +)"; + void ContentManager::eraseBookFilesFromComputer(const std::string& bookPath, bool moveToTrash) { #if QT_VERSION < QT_VERSION_CHECK(5, 15, 0) @@ -573,6 +581,12 @@ void ContentManager::eraseBookFilesFromComputer(const std::string& bookPath, boo #endif const std::string dirPath = kiwix::removeLastPathElement(bookPath); const std::string fileGlob = kiwix::getLastPathElement(bookPath) + "*"; + + if ( fileGlob == "*" ) { + std::cerr << MSG_FOR_PREVENTED_RMSTAR_OPERATION << std::endl; + return; + } + QDir dir(QString::fromStdString(dirPath), QString::fromStdString(fileGlob)); for(const QString& file: dir.entryList()) { #if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)