478653 – Pastebin sharing should not paste without confirmation

Bug 478653 - Pastebin sharing should not paste without confirmation

Summary: Pastebin sharing should not paste without confirmation

Status:	CONFIRMED

Alias:	None

Product:	frameworks-purpose
Classification:	Frameworks and Libraries
Component:	general (show other bugs)
Version:	5.113.0
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Aleix Pol

URL:
Keywords:	usability

Depends on:
Blocks:

Reported:	2023-12-17 17:14 UTC by Frank Steinmetzger
Modified:	2023-12-21 02:27 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Frank Steinmetzger 2023-12-17 17:14:47 UTC

SUMMARY
I just read a post in a tech forum where someone set up a KDE environment on a non-techie’s laptop. And he asked how to disable the pastebin item from the Dolphin context menu, because it is a security risk for the user-to-be.

The function itself is not really dangerous of course, but the fact that there is no warning for the uninitiated and no way of confirmation or cancellation is indeed a problem. Also, the “…” in the context menu item suggest that it will open a dialog window. But the window simply posts and then closes immediately.

OBSERVED RESULT
The file is uploaded immediately.

EXPECTED RESULT
There should be a request for confirmation with an appropriate warning that whatever is being shared will be publicly visible for the entire internet and that there is no way to remove the content—which probably only applies to guests without an account.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.113.0
Qt Version: 5.15.11

Comment 1 Nate Graham 2023-12-21 00:24:51 UTC

> Also, the “…” in the context menu item suggest that it will open a dialog window

That's definitely something simple we can fix in addition to the larger request here.

Comment 2 Nate Graham 2023-12-21 00:30:29 UTC

Git commit 11e96304eb9544a42a28931abccf231daa58c7b5 by Nate Graham.
Committed on 21/12/2023 at 01:29.
Pushed by ngraham into branch 'master'.

plugins/pastebin: Remove ellipsis from action text

The ellipses can trick the user into thinking it's a safe action because
it will open some kind of dialog before upload, but that doesn't happen.

M  +1    -1    src/plugins/pastebin/pastebinplugin.json

https://invent.kde.org/frameworks/purpose/-/commit/11e96304eb9544a42a28931abccf231daa58c7b5

Comment 3 Nate Graham 2023-12-21 02:27:51 UTC

Git commit e4f316eea99558ca15d4d44fb30a9e3412bec19f by Nate Graham.
Committed on 21/12/2023 at 01:34.
Pushed by ngraham into branch 'master'.

plugins/pastebin: make the action that will happen more obvious

It may not be obvious to users that the thing shared to Pastebin will
become public for the entire world to see. Let's change the text to make
this clearer.

M  +1    -1    src/plugins/pastebin/pastebinplugin.json

https://invent.kde.org/frameworks/purpose/-/commit/e4f316eea99558ca15d4d44fb30a9e3412bec19f