diff options
author | Aleks Kissinger <aleks0@gmail.com> | 2018-10-23 08:06:19 +0200 |
---|---|---|
committer | Aleks Kissinger <aleks0@gmail.com> | 2018-10-23 08:06:19 +0200 |
commit | 52f57ffc613fc4510c94a8d5d1286eaed4ffba91 (patch) | |
tree | c8959a2f44b5f80c8d684111541ba064e7ea0a2e /src | |
parent | 58b50e4416c0e50320550798a8122291f5f22613 (diff) |
added input validation on version response
Diffstat (limited to 'src')
-rw-r--r-- | src/tikzit.cpp | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/src/tikzit.cpp b/src/tikzit.cpp index 58cb08e..02b8578 100644 --- a/src/tikzit.cpp +++ b/src/tikzit.cpp @@ -372,30 +372,40 @@ void Tikzit::updateReply(QNetworkReply *reply) QByteArray data = reply->read(200); QString strLatest = QString::fromUtf8(data).simplified(); - //qDebug() << "got response:" << strLatest; QVersionNumber current = QVersionNumber::fromString(TIKZIT_VERSION).normalized(); QVersionNumber latest = QVersionNumber::fromString(strLatest).normalized(); - // check for an optional RC suffix. Any non-RC versions are considered later than RC versions. - QRegularExpression re("-[rR][cC]([0-9]+)$"); + // check for valid version string and capture optional RC suffix + QRegularExpression re("^[1-9]+(\\.[0-9]+)*(-[rR][cC]([0-9]+))?$"); QRegularExpressionMatch m; m = re.match(TIKZIT_VERSION); - int rcCurrent = (m.hasMatch()) ? m.captured(1).toInt() : 1000; + + // any non-RC versions are considered later than RC versions. + int rcCurrent = (!m.captured(3).isEmpty()) ? m.captured(3).toInt() : 1000; + m = re.match(strLatest); - int rcLatest = (m.hasMatch()) ? m.captured(1).toInt() : 1000; - - //qDebug() << "latest" << latest << "rc" << rcLatest; - //qDebug() << "current" << current << "rc" << rcCurrent; - - if (latest > current || (latest == current && rcLatest > rcCurrent)) { - QMessageBox::information(0, - tr("Update available"), - "<p><b>A new version of TikZiT is available!</b></p>" - "<p><i>current version: " TIKZIT_VERSION "<br />" - "latest version: " + strLatest + "</i></p>" - "<p>Download it now from: " - "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>"); + + if (m.hasMatch()) { + int rcLatest = (!m.captured(3).isEmpty()) ? m.captured(3).toInt() : 1000; + + //qDebug() << "latest" << latest << "rc" << rcLatest; + //qDebug() << "current" << current << "rc" << rcCurrent; + + if (latest > current || (latest == current && rcLatest > rcCurrent)) { + QMessageBox::information(0, + tr("Update available"), + "<p><b>A new version of TikZiT is available!</b></p>" + "<p><i>current version: " TIKZIT_VERSION "<br />" + "latest version: " + strLatest + "</i></p>" + "<p>Download it now from: " + "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>"); + } + } else { + QMessageBox::warning(0, + tr("Invalid response"), + "<p>Got invalid version response from " + "<a href=\"https://tikzit.github.io\">tikzit.github.io</a>.</p>"); } } |