AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QTeamCityLogger: fix .arg() placeholder injection

Browse Source 
Since each .arg() call starts from scratch, a file name containing a
suitable %n would mess up the formatting of the following .arg() call.

Fix by using multiArg(), which requires to pre-format the line into a
QString, but which performs only a single-pass, so doesn't suffer from
the placeholder injection problem that plagues .arg()-chaining.

Pick-to: 6.3 6.2 5.15
Change-Id: I549527643da657fca0bea63d5e3becadac529d4b
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
This commit is contained in:
Marc Mutz 2022-05-03 00:41:21 +02:00
parent 9b3885248b
commit c9f4cb2c92
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/testlib/qteamcitylogger.cpp
View File

@ -268,9 +268,8 @@ void QTeamCityLogger::addPendingMessage(const char *type, const QString &msg, co
if (file) {
pendMessage += "%1 |[Loc: %2(%3)|]: %4"_L1
.arg(QString::fromUtf8(type), QString::fromUtf8(file))
.arg(line)
.arg(msg);
.arg(QString::fromUtf8(type), QString::fromUtf8(file),
QString::number(line), msg);
} else {
pendMessage += "%1: %2"_L1.arg(QString::fromUtf8(type), msg);