summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleks Kissinger <aleks0@gmail.com>2018-10-23 08:06:19 +0200
committerAleks Kissinger <aleks0@gmail.com>2018-10-23 08:06:19 +0200
commit52f57ffc613fc4510c94a8d5d1286eaed4ffba91 (patch)
treec8959a2f44b5f80c8d684111541ba064e7ea0a2e
parent58b50e4416c0e50320550798a8122291f5f22613 (diff)
added input validation on version response
-rw-r--r--src/tikzit.cpp44
1 files changed, 27 insertions, 17 deletions
diff --git a/src/tikzit.cpp b/src/tikzit.cpp
index 58cb08e..02b8578 100644
--- a/src/tikzit.cpp
+++ b/src/tikzit.cpp
@@ -372,30 +372,40 @@ void Tikzit::updateReply(QNetworkReply *reply)
QByteArray data = reply->read(200);
QString strLatest = QString::fromUtf8(data).simplified();
- //qDebug() << "got response:" << strLatest;
QVersionNumber current = QVersionNumber::fromString(TIKZIT_VERSION).normalized();
QVersionNumber latest = QVersionNumber::fromString(strLatest).normalized();
- // check for an optional RC suffix. Any non-RC versions are considered later than RC versions.
- QRegularExpression re("-[rR][cC]([0-9]+)$");
+ // check for valid version string and capture optional RC suffix
+ QRegularExpression re("^[1-9]+(\\.[0-9]+)*(-[rR][cC]([0-9]+))?$");
QRegularExpressionMatch m;
m = re.match(TIKZIT_VERSION);
- int rcCurrent = (m.hasMatch()) ? m.captured(1).toInt() : 1000;
+
+ // any non-RC versions are considered later than RC versions.
+ int rcCurrent = (!m.captured(3).isEmpty()) ? m.captured(3).toInt() : 1000;
+
m = re.match(strLatest);
- int rcLatest = (m.hasMatch()) ? m.captured(1).toInt() : 1000;
-
- //qDebug() << "latest" << latest << "rc" << rcLatest;
- //qDebug() << "current" << current << "rc" << rcCurrent;
-
- if (latest > current || (latest == current && rcLatest > rcCurrent)) {
- QMessageBox::information(0,
- tr("Update available"),
- "<p><b>A new version of TikZiT is available!</b></p>"
- "<p><i>current version: " TIKZIT_VERSION "<br />"
- "latest version: " + strLatest + "</i></p>"
- "<p>Download it now from: "
- "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>");
+
+ if (m.hasMatch()) {
+ int rcLatest = (!m.captured(3).isEmpty()) ? m.captured(3).toInt() : 1000;
+
+ //qDebug() << "latest" << latest << "rc" << rcLatest;
+ //qDebug() << "current" << current << "rc" << rcCurrent;
+
+ if (latest > current || (latest == current && rcLatest > rcCurrent)) {
+ QMessageBox::information(0,
+ tr("Update available"),
+ "<p><b>A new version of TikZiT is available!</b></p>"
+ "<p><i>current version: " TIKZIT_VERSION "<br />"
+ "latest version: " + strLatest + "</i></p>"
+ "<p>Download it now from: "
+ "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>");
+ }
+ } else {
+ QMessageBox::warning(0,
+ tr("Invalid response"),
+ "<p>Got invalid version response from "
+ "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>");
}
}