Skip to content

Commit 683df59

Browse files
committedAug 20, 2018
[ui] add security warning to the plugin manager's install from ZIP
1 parent 2aebeb0 commit 683df59

File tree

1 file changed

+22
-2
lines changed

1 file changed

+22
-2
lines changed
 

‎src/app/pluginmanager/qgspluginmanager.cpp

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1367,8 +1367,28 @@ void QgsPluginManager::mZipFileWidget_fileChanged( const QString &filePath )
13671367

13681368
void QgsPluginManager::buttonInstallFromZip_clicked()
13691369
{
1370-
QgsPythonRunner::run( QStringLiteral( "pyplugin_installer.instance().installFromZipFile(r'%1')" ).arg( mZipFileWidget->filePath() ) );
1371-
mZipFileWidget->setFilePath( "" );
1370+
QgsSettings settings;
1371+
bool showInstallFromZipWarning = settings.value( QStringLiteral( "UI/showInstallFromZipWarning" ), true ).toBool();
1372+
1373+
QMessageBox msgbox;
1374+
if ( showInstallFromZipWarning )
1375+
{
1376+
msgbox.setText( tr( "Security warning: installing a plugin from an untrusted source can lead to data loss and/or leak. Continue?" ) );
1377+
msgbox.setIcon( QMessageBox::Icon::Warning );
1378+
msgbox.addButton( QMessageBox::Yes );
1379+
msgbox.addButton( QMessageBox::No );
1380+
msgbox.setDefaultButton( QMessageBox::No );
1381+
QCheckBox *cb = new QCheckBox( tr( "Don't show this again." ) );
1382+
msgbox.setCheckBox( cb );
1383+
msgbox.exec();
1384+
settings.setValue( QStringLiteral( "UI/showInstallFromZipWarning" ), !msgbox.checkBox()->isChecked() );
1385+
}
1386+
1387+
if ( !showInstallFromZipWarning || msgbox.result() == QMessageBox::Yes )
1388+
{
1389+
QgsPythonRunner::run( QStringLiteral( "pyplugin_installer.instance().installFromZipFile(r'%1')" ).arg( mZipFileWidget->filePath() ) );
1390+
mZipFileWidget->setFilePath( "" );
1391+
}
13721392
}
13731393

13741394

0 commit comments

Comments
 (0)
Please sign in to comment.