194358 – passwords with quotes in their name don't export/import

Bug 194358 - passwords with quotes in their name don't export/import

Summary: passwords with quotes in their name don't export/import

Status:	RESOLVED FIXED

Alias:	None

Product:	kwalletmanager
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Michael Leupold

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-05-28 00:53 UTC by Dan Torop
Modified:	2009-05-29 13:58 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
patch to create XML with QXmlStreamWriter (3.01 KB, patch) 2009-05-28 07:02 UTC, Dan Torop	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Torop 2009-05-28 00:53:30 UTC

Version:           1.4 (using 4.2.2 (KDE 4.2.2), Debian packages)
Compiler:          cc
OS:                Linux (i686) release 2.6.29

How to reproduce:

1) execute "kwalletmanager"
2) click on wallet icon in notification area
3) choose "File > New Wallet..." from KDE Wallet Manager window's menu bar
4) name wallet "test" and click OK
5) choose password "test" and choose "Create"
6) expand "Passwords" folder
7) right-click "Passwords" sub-folder and choose "New"
8) in dialog enter (with doublequotes): this "is" test
9) from file menu choose "Export..." and export to /tmp/test.xml
10) examine test.xml, it should have improperly quoted attribute
    in line 5's password node:
	<wallet name="test">
	  <folder name="Form Data">
	  </folder>
	  <folder name="Passwords">
	    <password name="this "is" test"></password>
	  </folder>
	</wallet>
11) from file menu choose "Import XML..." and choose /tmp/test.xml
12) should see dialog "Error reading XML file 'file:///tmp/test.xml' for input"

Expected behavior: Should be able to export and reimport the "test" wallet without error dialog.

From looking at kdeutils-4.2.2/kwallet/kwalleteditor.cpp:1101 it looks like the XML attributes are encoded via Qt::escape which will escape <, >, and & but not double-quotes.

Comment 1 Dan Torop 2009-05-28 07:02:10 UTC

Created attachment 34069 [details]
patch to create XML with QXmlStreamWriter

Attached is a patch for KWalletEditor::exportXML to use QXmlStreamWriter rather than hand-building the XML.  It's only tested for the case in the bug report and on my kdewallet (which has map & password nodes but not stream nodes).

Comment 2 Michael Leupold 2009-05-29 11:51:12 UTC

SVN commit 974403 by mleupold:

Use QXmlStreamWriter instead of manually crafted XML for exporting wallets to XML. This works around encoding/quoting problems.
Thanks to Dan Torop.

BUG:194358

 M  +27 -16    kwalleteditor.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=974403

Comment 3 Michael Leupold 2009-05-29 13:58:38 UTC

SVN commit 974449 by mleupold:

Backport of r974403:
Use QXmlStreamWriter instead of manually crafted XML for exporting wallets to XML. This works around encoding/quoting problems.

CCBUG:194358


 M  +27 -16    kwalleteditor.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=974449