Bug 82014 - [testcase] insecure default button focus in security warning dialog
Summary: [testcase] insecure default button focus in security warning dialog
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 3.2.2
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-22 18:27 UTC by quin
Modified: 2009-04-26 22:36 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description quin 2004-05-22 18:27:41 UTC 
Version:           3.2.2 (using KDE 3.2.2, SuSE)
Compiler:          gcc version 3.3 20030226 (prerelease) (SuSE Linux)
OS:                Linux (i686) release 2.4.20-4GB-athlon

When clicking on a link on a website, which leads to the local machine, e.g. "print:/", Konqueror shows a dialog with the message
"The link print:/ leads from this untrusted page to your local filesystem. Do you want to follow the link?"

This warning is of course a very good idea, but unfortunately the button "Follow" has the focus by default - the button "Cancel" should have it instead, which is more secure.
Comment 1 Danny Allen 2006-08-30 18:28:10 UTC 
I agree.
Comment 2 George Goldberg 2008-04-17 04:57:54 UTC 
Bug still present in KDE 3.5.9 and svn trunk r795406.

Test case: http://www.grundleborg.com/kde/bugsquad/testcases/82014/
Comment 3 Michael Pyne 2009-02-27 05:07:37 UTC 
SVN commit 932623 by mpyne:

Disable auto default buttons in KDialog (user code can set it back if they want).  This allows
actual default buttons to still work fine even if a different button has the focus.  Fix will
show up in KDE 4.3, will backport to KDE 4.2.2.

CCBUG:82014
CCBUG:148972


 M  +4 -0      kdialog.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=932623
Comment 4 Michael Pyne 2009-02-27 05:09:24 UTC 
SVN commit 932624 by mpyne:

Backport fix for default buttons in KDialog to KDE 4.2.2.

CCBUG:148972
CCBUG:82014


 M  +4 -0      kdialog.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=932624
Comment 5 Michael Pyne 2009-02-27 05:12:41 UTC 
This bug is actually in KMessageBox, which needs to set the focus to the default button for dialogs that don't have input (such as warningContinueCancel, which is used in this case).
Comment 6 Michael Pyne 2009-02-27 05:36:15 UTC 
SVN commit 932631 by mpyne:

Make the "following a link to local file" dialog in KHTMLPart use the Cancel button by default.

I had said this was a KMessageBox bug but it is acting as documented.  Whether that's a good idea
or not I'll save my judgment on for later...

This will be in KDE 4.3, and I will backport to KDE 4.2.2.

CCBUG:82014


 M  +6 -1      khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=932631
Comment 7 Michael Pyne 2009-02-27 05:37:36 UTC 
SVN commit 932632 by mpyne:

Backport fix for the "following link to local file" warning in KHTMLPart's default button to KDE 4.2.2.

BUG:82014


 M  +6 -1      khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=932632
Comment 8 Michael Pyne 2009-04-26 22:36:27 UTC 
SVN commit 959688 by mpyne:

I give up.

Revert "make default buttons" change. (http://websvn.kde.org/?view=rev&revision=957338)

CCBUG:82014
CCBUG:148972
BUG:190631


 M  +0 -4      kdialog.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=959688