Index: kommander/executor/instance.cpp

Index: kommander/executor/instance.cpp
===================================================================
RCS file: /home/kde/kdewebdev/kommander/executor/instance.cpp,v
retrieving revision 1.42
retrieving revision 1.42.2.1
diff -u -3 -d -p -r1.42 -r1.42.2.1
--- kommander/executor/instance.cpp 20 Jul 2004 19:04:40 -0000 1.42
+++ kommander/executor/instance.cpp 21 Apr 2005 23:35:59 -0000 1.42.2.1
@@ -131,6 +131,35 @@ bool Instance::build(QFile *a_file)

bool Instance::run(QFile *a_file)
{
+ // Check whether extension is *.kmdr
+ if (!m_uiFileName.fileName().endsWith(".kmdr")) {
+ KMessageBox::error(0, i18n("<qt>This file does not have a .kmdr extension. As a security precaution "
+ "Kommander will only run Kommander scripts with a clear identity.</qt>"),
+ i18n("Wrong Extension"));
+ return false;
+ }
+
+ // Check whether file is not in some temporary directory.
+ QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
+ tmpDirs += KGlobal::dirs()->resourceDirs("cache");
+ tmpDirs.append("/tmp/");
+ tmpDirs.append("/var/tmp/");
+
+ bool inTemp = false;
+ for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
+ if (m_uiFileName.directory().startsWith(*I))
+ inTemp = true;
+
+ if (inTemp)
+ {
+ if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your /tmp directory. "
+ " This may mean that it was run from a KMail attachment or from a webpage. "
+ "Any script contained in this dialog will have write access to all of your home directory; "
+ "running such dialogs may be dangerous: "
+ "are you sure you want to continue?</qt>")) == KMessageBox::No)
+ return false;
+ }
+
/* add runtime arguments */
if (m_cmdArguments) {
QString args;