fix further file names vulnerabilities in TechDraw module

2019-10-03 02:45:38 +02:00
parent e72df35bff
commit 0995ff1318
5 changed files with 45 additions and 18 deletions
--- a/src/Mod/TechDraw/Gui/Command.cpp
+++ b/src/Mod/TechDraw/Gui/Command.cpp
@@ -30,6 +30,7 @@

 #include <vector>

+#include <Base/Tools.h>
 #include <App/Application.h>
 #include <App/Document.h>
 #include <App/DocumentObject.h>
@@ -201,6 +202,7 @@ void CmdTechDrawNewPage::activated(int iMsg)

        //why is "Template" property set twice? -wf
        // once to set DrawSVGTemplate.Template to OS template file name
+        templateFileName = Base::Tools::escapeEncodeFilename(templateFileName);
        doCommand(Doc,"App.activeDocument().%s.Template = \"%s\"",TemplateName.c_str(), templateFileName.toUtf8().constData());
        // once to set Page.Template to DrawSVGTemplate.Name
        doCommand(Doc,"App.activeDocument().%s.Template = App.activeDocument().%s",PageName.c_str(),TemplateName.c_str());
@@ -974,6 +976,7 @@ void CmdTechDrawSymbol::activated(int iMsg)
    if (!filename.isEmpty())
    {
        std::string FeatName = getUniqueObjectName("Symbol");
+        filename = Base::Tools::escapeEncodeFilename(filename);
        openCommand("Create Symbol");
 #if PY_MAJOR_VERSION < 3
        doCommand(Doc,"f = open(unicode(\"%s\",'utf-8'),'r')",(const char*)filename.toUtf8());
@@ -1256,6 +1259,7 @@ void CmdTechDrawExportPageDxf::activated(int iMsg)
    std::string PageName = page->getNameInDocument();
    openCommand("Save page to dxf");
    doCommand(Doc,"import TechDraw");
+    fileName = Base::Tools::escapeEncodeFilename(fileName);
    doCommand(Doc,"TechDraw.writeDXFPage(App.activeDocument().%s,u\"%s\")",PageName.c_str(),(const char*)fileName.toUtf8());
    commitCommand();
 }