The E2E application allows creating unencrypted subdirectories
in an encrypted parent. This is a big privacy problem.
This patch shows a red broken lock icon for these subdirectories
in the NC client UI.
Signed-off-by: Ivan Čukić <ivan.cukic@kde.org>
Due to usage of early-returns, combined with malloc/free,
several buffers that get allocated are leaked when an error
occurs.
Several functions had potential leaks:
- `encryptStringSymmetric` leaked `ctext`
- `EncryptionHelper::fileDecryption` leaked `out`
- `EncryptionHelper::fileEncryption` leaked `out`
Most of the functions had leaks of the cypher context.
This patch uses `QByteArray` as the handler for the dynamically
allocated buffers for openssl to operate on. This also removes
the need for conversions from malloc'd buffers to `QByteArray`
variables previously present in the code.
It also introduces a `CypherCtx` thin wrapper class to provide
a leak-free handling of `EVP_CIPHER_CTX`.
_manager ptr only got initialized in the constructor when sharingPossible was set to true
Changes:
- Move member ptr inits from constructor to the header file's class definition
- Init _manager: set to nullptr too
- Add check for _manager to avoid crash in showSharingUi()
Signed-off-by: Michael Schuster <michael@schuster.ms>
I think I got the if clause wrong regarding limiting the command only to
member users. Let's move this out of the way for now.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This should pass, with the minimal .clang-tidy which was provided. Other
PRs should be done to enable further checks.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This test was failing locally for me. Indeed, through QStandardPaths it
was finding the user settings of my production client and not having the
initial state it expected. Using QStandardPaths test mode then it starts
from a clean slate every time.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
In owncloudsetupnocredspage.ui, the URL input field leUrl has a
placeholder text saying "https://..." which is a very useful hint
for the user. However, in the OwncloudSetupPage constructor, the
placeholer text is overwritten by the return string of the theme's
wizardUrlHint() method. The NextcloudTheme class does not override
this virtual method, so an empty string is used.
To make available the "https://..." hint, it is moved from the
UI file to NextcloudTheme::wizardUrlHint(). Note that, if a
theme is used which does not allow a custom server URL, the
placeholder text is now empty. This makes sense because the
input field is disabled in that case.
Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
The input field for the nextcloud server URL is vertically too
big (because of the icon next to it in the same horizontal layout).
This commit solves this issue by changing its vertical size policy
from Ignored to Fixed.
Signed-off-by: Stephan Beyer <s-beyer@gmx.net>