From 1770a972d471d2bdb36195ec370b6fc238649f4d Mon Sep 17 00:00:00 2001 From: Andrew Chow Date: Sun, 8 Sep 2019 16:40:05 -0400 Subject: [PATCH 1/3] HTML escape the wallet name in more dialogs and notifications --- src/qt/sendcoinsdialog.cpp | 2 +- src/qt/walletcontroller.cpp | 2 +- src/qt/walletview.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qt/sendcoinsdialog.cpp b/src/qt/sendcoinsdialog.cpp index f23c47736..3ca70323a 100644 --- a/src/qt/sendcoinsdialog.cpp +++ b/src/qt/sendcoinsdialog.cpp @@ -283,7 +283,7 @@ void SendCoinsDialog::on_sendButton_clicked() // generate amount string with wallet name in case of multiwallet QString amount = BitcoinUnits::formatWithUnit(model->getOptionsModel()->getDisplayUnit(), rcp.amount); if (model->isMultiwallet()) { - amount.append(tr(" from wallet '%1'").arg(model->getWalletName())); + amount.append(tr(" from wallet '%1'").arg(GUIUtil::HtmlEscape(model->getWalletName()))); } // generate address string diff --git a/src/qt/walletcontroller.cpp b/src/qt/walletcontroller.cpp index 1a4f51c06..8b8283d3d 100644 --- a/src/qt/walletcontroller.cpp +++ b/src/qt/walletcontroller.cpp @@ -75,7 +75,7 @@ void WalletController::closeWallet(WalletModel* wallet_model, QWidget* parent) { QMessageBox box(parent); box.setWindowTitle(tr("Close wallet")); - box.setText(tr("Are you sure you wish to close wallet %1?").arg(wallet_model->getDisplayName())); + box.setText(tr("Are you sure you wish to close wallet %1?").arg(GUIUtil::HtmlEscape(wallet_model->getDisplayName()))); box.setInformativeText(tr("Closing the wallet for too long can result in having to resync the entire chain if pruning is enabled.")); box.setStandardButtons(QMessageBox::Yes|QMessageBox::Cancel); box.setDefaultButton(QMessageBox::Yes); diff --git a/src/qt/walletview.cpp b/src/qt/walletview.cpp index be47f67f9..6734921c4 100644 --- a/src/qt/walletview.cpp +++ b/src/qt/walletview.cpp @@ -172,7 +172,7 @@ void WalletView::processNewTransaction(const QModelIndex& parent, int start, int QString address = ttm->data(index, TransactionTableModel::AddressRole).toString(); QString label = ttm->data(index, TransactionTableModel::LabelRole).toString(); - Q_EMIT incomingTransaction(date, walletModel->getOptionsModel()->getDisplayUnit(), amount, type, address, label, walletModel->getWalletName()); + Q_EMIT incomingTransaction(date, walletModel->getOptionsModel()->getDisplayUnit(), amount, type, address, label, GUIUtil::HtmlEscape(walletModel->getWalletName())); } void WalletView::gotoOverviewPage() From 2c530ea2ada71ca23fa17bab5023b855515463ef Mon Sep 17 00:00:00 2001 From: Andrew Chow Date: Sun, 8 Sep 2019 16:40:37 -0400 Subject: [PATCH 2/3] HTML escape address labels in more dialogs and notifications --- src/qt/sendcoinsdialog.cpp | 2 +- src/qt/walletview.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qt/sendcoinsdialog.cpp b/src/qt/sendcoinsdialog.cpp index 3ca70323a..a88119d8c 100644 --- a/src/qt/sendcoinsdialog.cpp +++ b/src/qt/sendcoinsdialog.cpp @@ -297,7 +297,7 @@ void SendCoinsDialog::on_sendButton_clicked() { if(rcp.label.length() > 0) // label with address { - recipientElement.append(tr("%1 to '%2'").arg(amount, rcp.label)); + recipientElement.append(tr("%1 to '%2'").arg(amount, GUIUtil::HtmlEscape(rcp.label))); recipientElement.append(QString(" (%1)").arg(address)); } else // just address diff --git a/src/qt/walletview.cpp b/src/qt/walletview.cpp index 6734921c4..8652827b5 100644 --- a/src/qt/walletview.cpp +++ b/src/qt/walletview.cpp @@ -170,7 +170,7 @@ void WalletView::processNewTransaction(const QModelIndex& parent, int start, int QString type = ttm->index(start, TransactionTableModel::Type, parent).data().toString(); QModelIndex index = ttm->index(start, 0, parent); QString address = ttm->data(index, TransactionTableModel::AddressRole).toString(); - QString label = ttm->data(index, TransactionTableModel::LabelRole).toString(); + QString label = GUIUtil::HtmlEscape(ttm->data(index, TransactionTableModel::LabelRole).toString()); Q_EMIT incomingTransaction(date, walletModel->getOptionsModel()->getDisplayUnit(), amount, type, address, label, GUIUtil::HtmlEscape(walletModel->getWalletName())); } From ad52f054f67374dc46e0096d1e2f593d6372a2df Mon Sep 17 00:00:00 2001 From: Andrew Chow Date: Sun, 8 Sep 2019 00:24:47 -0400 Subject: [PATCH 3/3] Escape ampersands (&) in wallet names in Open Wallet menu --- src/qt/bitcoingui.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp index c4960b38d..a1e42bb56 100644 --- a/src/qt/bitcoingui.cpp +++ b/src/qt/bitcoingui.cpp @@ -375,6 +375,8 @@ void BitcoinGUI::createActions() for (const std::pair& i : m_wallet_controller->listWalletDir()) { const std::string& path = i.first; QString name = path.empty() ? QString("["+tr("default wallet")+"]") : QString::fromStdString(path); + // Menu items remove single &. Single & are shown when && is in the string, but only the first occurrence. So replace only the first & with && + name.replace(name.indexOf(QChar('&')), 1, QString("&&")); QAction* action = m_open_wallet_menu->addAction(name); if (i.second) {