Magic character combination ":\" allows to write as the conversation-partner. Sounds like a injection to me. The bug might allow more critical injections. Reproducible: Always Steps to Reproduce: 1. Wait until your conversation partner has posted something 2. type ":\" (without quotes) and press Enter. 3. post something before your partner does so Actual Results: ":\" is not shown. The message sent afterwards is shown as if it was written by your partner. The partner sees it the same way (as if it was written by her/him) if she/he uses KTP as well, if she/he doesn't, the message is shown normally, ":\" doesn't arrive. Expected Results: The last two Entries in the Conversation list should be ":\" and your message. Can be reproduced as well if the last message was something like "You are now marked as Available". Then the message will be shown without any background. If you write the magic combination if the last message was yours, the message will normally be shown as yours.
I cannot reproduce this with recent master and telepathy-gabble 0.17.1... Anyway if your contacts see it in the same way, it doesn't look like a ktp problem, but a problem upstream. Which account type are you using?
Ah, sorry, I forgot to add that. It's at least reproducable with Jabber and ICQ. Just tested it with empathy, there the bug doesn't happen. Even the ":\" is shown. Though if I reproduce the bug using empathy and then open ktp-text-ui, I see the bug as if I had reproduced it using ktp. So I guess it has to be somewhere in the display of ktp-text-ui.
Created attachment 76414 [details] That's how it looks like, after I reproduced the bug
DrDanz, have you tried with renkoo? It might be purely theme related. Anton - can you try with some different themes?
Ok, this still doesn't work for me, so perhaps it was either already fixed in master or a problem downstream (even though if with empathy it works, I think it is not). Anyway, to try to reproduce the problem we need to know a few more info about what versions are you running for: * kde telepathy (ktp-common-internals and ktp-chat-ui) * telepathy-qt * telepathy-glib * telepathy-gabble * telepathy-haze * telepathy-mission-control-5 Thanks
(In reply to comment #4) > DrDanz, have you tried with renkoo? It might be purely theme related. Yes, I did, it still works as expected...
Can't reproduce here either with Renkoo and these versions * kde telepathy - week-or-two old master * telepathy-qt - month-or-two old master * telepathy-glib - 0.20.0 * telepathy-gabble - 0.16.1 * telepathy-haze - 0.6.0 * telepathy-mission-control-5 - 5.13.1
At least with SimKete the same happens. My versions: * kde telepathy - master from yesterday (happened also with about one month old master) * telepathy-qt: 0.9.40git.1346089166-20.2 * telepathy-glib: 0.18.2-133.1 * telepathy-gabble: 0.16.2-2.1 * telepathy-haze: 0.5.0-5.1.2 * telepathy-mission-control: 5.12.1-1.1 My friend, who noticed the same bug, has: * ktp-common-internals: 0.5.1-0ubuntu1 * ktp-chat-ui: 0.5.1-0ubuntu1 * telepathy-qt: 0.9.3-0ubuntu2 * telepathy-glib: 0.20.0-0ubuntu1 * telepathy-gabble: 0.16.1-2 * telepathy-haze: 0.6.0-1 * telepathy-mission-control-5: 1:5.13.1-0ubuntu3
One more question - do you use a smiley theme with ":\" defined as a smiley icon?
Aha! That's it probably. Yes, infact, I do. I use Kolobok for Kopete from kde-look.org (http://kde-look.org/content/show.php?content=78409) :-\ makes the same problems, :-/ (which is the same smiley) works normally.
Yes, the bug only happens with Emoticon-themes that contain :\ or :-\ (of course only for the appropriate character-combination works). Tested with Kolobok and ICQ6 Smileys (and of course smiley-themes not containing :\ resp. :-\).
Perfect, I'm marking the bug as confirmed in the message filters then. Thanks for your cooperation!
Oh now it makes sense... Thanks for the report! I'm making it critical as it could be used to do something evilish
Let's not let people get the impression there is need for panic. Whilst it should be fixed in 0.5, it's not that serious. At best if a user has a non-default emoticon setup, someone can make the UI look broken. It's not exactly a remote-exploit...and you'd really struggle to do something actually malicious. To fix I need: - The final HTML - What the HTML should be. If anyone wants to debug, enable the web inspector by adding "debug=true" to the [Appearance] section of ~/.kde/share/config/ktelepathyrc
Discussion between me and DrDanz: DrDanz: > It doesn't appear at all in the web inspector Me: < web inspector is a dom tree, so it means the DOM is broken.... < Which it would be because the emoticon filter will be inserting <img alt=":\" > < The quote isn't closed < as the escape filter has already run. So this \ isn't escaped before insertion. (note, above is only a theory. Probably correct, but still unconfirmed) If correct, to fix we need to escape HTML entered by the emoticon filter as the alt tag. I'm not sure the API allows for that.
From IRC with DrDanz output from KEmoticonTheme is: <img align="center" title=":\" alt=":\" src="/home/drdanz/.kde/share/emoticons/Skype/star.gif" width="19" height="19" /> This is not valid HTML. as the quotes for "title" are not closed properly (as the " is escaped) Therefore the bug lies in KEmoticons itself, and kdelibs needs patching.
Ignore the above. \ is perfectly valid HTML. The reason we escape it is because all messages are inserted via javascript, and they need to be escaped for that. The current escape filter is combining both HTML escaping, and this escaping. Which is the source of the problem.
Git commit 402178400be4d7548df9eeaab4cc48ea49e0e729 by Daniele E. Domenichelli. Committed on 13/01/2013 at 04:18. Pushed by ddomenichelli into branch 'kde-telepathy-0.5'. Split backslash and escape filters The backslash filter is now executed after that every other plugin has run. This fixes a weird bug that allows to write as the conversation partner if the emoticon set installed has an emoticon associated to a string ending in "\". Reviewed-by: David Edmundson <kde@davidedmundson.co.uk> FIXED-IN: 0.5.3 M +1 -0 lib/CMakeLists.txt C +8 -17 lib/backslash-filter.cpp [from: lib/filters.h - 066% similarity] M +0 -1 lib/escape-filter.cpp M +7 -0 lib/filters.h M +2 -0 lib/message-processor.cpp http://commits.kde.org/telepathy-text-ui/402178400be4d7548df9eeaab4cc48ea49e0e729
Git commit f4e0ddacbee10be94de0f7880f144b6cd1849772 by Daniele E. Domenichelli. Committed on 14/01/2013 at 09:04. Pushed by ddomenichelli into branch 'master'. Split backslash and escape filters The backslash filter is now executed after that every other plugin has run. This fixes a weird bug that allows to write as the conversation partner if the emoticon set installed has an emoticon associated to a string ending in "\". Cherry-picked from 402178400be4d7548df9eeaab4cc48ea49e0e729 (ktp-text-ui) Reviewed-by: David Edmundson <kde@davidedmundson.co.uk> M +1 -0 KTp/CMakeLists.txt C +8 -18 KTp/message-backslash-filter.cpp [from: KTp/message-filters-private.h - 062% similarity] M +0 -2 KTp/message-escape-filter.cpp M +7 -0 KTp/message-filters-private.h M +2 -0 KTp/message-processor.cpp http://commits.kde.org/telepathy-common-internals/f4e0ddacbee10be94de0f7880f144b6cd1849772