fix: can not preview picture by double-click#346
Conversation
Image src was changed to file:// URL in commit 438764b,but viewPicture did not strip the file:// prefix, causing QImageReader to fail silently. 提交438764b将编辑区图片src改为file://绝对URL, viewPicture未剥离该前缀导致QImageReader静默失败。 Log: 修复双击图片无法预览的问题 Bug: https://pms.uniontech.com/bug-view-354073.html Influence: 修复后双击编辑区图片可正常打开预览。
LiHua000
force-pushed
the
master
branch
2 times, most recently
from
0211108 to
8e1f4f2
Compare
Commit 438764b changed getHtml() to store image src as relative paths (images/xxx.png), but getFullHtml() regex still only matched absolute paths, preventing base64 conversion. Update regex to match both formats and resolve relative paths via AppData location. Log: fix export image bug Bug: https://pms.uniontech.com/bug-view-354159.html
deepin pr auto review你好!我是CodeGeeX。我已仔细审查了你提供的Git Diff代码。这次修改的主要目的是兼容相对路径与绝对路径的图片引用,并增加路径遍历安全防护,整体思路非常正确,尤其是在处理用户输入和文件路径时加入安全校验是非常值得肯定的做法。 不过,在语法逻辑、代码质量、性能和安全细节上,还有一些可以改进和优化的空间。以下是我的详细审查意见: 1. 代码安全 - 路径遍历防护存在绕过风险问题分析: 假设:
此时 改进意见: // 修改前:
if (!absolutePath.startsWith(appDataBase)) {
// 修改后:
if (!absolutePath.startsWith(appDataBase + "/")) {
// ...
}2. 语法逻辑 - 正则表达式匹配逻辑隐患问题分析: QRegExp rxPath("(/[^/\\s]+)+/images/[\\w\\-]+\\.[a-z]{3,4}|images/[\\w\\-]+\\.[a-z]{3,4}");
改进意见: 如果暂时必须保留 // 改进后的正则:相对路径部分允许更多合法字符,并限制在引号或标签边界内
// 注意:实际应用中最好根据HTML的src属性值是用单引号还是双引号包裹来精确界定
QRegExp rxPath("(/[^/\\s]+)+/images/[^/\\s]+\\.[a-z]{3,4}|images/[^/\\s]+\\.[a-z]{3,4}");3. 代码性能 - 静态变量初始化与文件系统I/O问题分析: static const QString appDataBase = QStandardPaths::writableLocation(QStandardPaths::AppDataLocation);使用 另外, 改进意见:
if (!absolutePath.startsWith(appDataBase + "/")) {
html.append(imgLabel);
} else if (!QFile::exists(absolutePath)) { // 新增:提前规避无效的磁盘I/O
html.append(imgLabel);
} else {
// ... 执行 base64 转换
}4. 代码质量 - URL 解析不够健壮问题分析: QString path = filePath.startsWith("file://") ? filePath.mid(7) : filePath;这里硬编码了 改进意见: // 修改前:
QString path = filePath.startsWith("file://") ? filePath.mid(7) : filePath;
// 修改后:
#include <QUrl>
QUrl url(filePath);
QString path = url.isLocalFile() ? url.toLocalFile() : filePath;总结与最终修改建议代码片段综合以上意见,针对核心修改部分,我建议的代码如下: vnoteitem.cpp: // 匹配图片路径的正则表达式:兼容绝对路径和相对路径
// 注意:放宽了相对路径的字符限制,防止中文/空格路径失效
QRegExp rxPath("(/[^/\\s]+)+/images/[^/\\s]+\\.[a-z]{3,4}|images/[^/\\s]+\\.[a-z]{3,4}");
rxPath.setMinimal(false); // 最大匹配
// AppData基准路径
static const QString appDataBase = QStandardPaths::writableLocation(QStandardPaths::AppDataLocation);
// ... (循环内部)
QString matchedPath = rxPath.cap(0);
QString absolutePath = matchedPath.startsWith("/")
? matchedPath
: appDataBase + "/" + matchedPath;
absolutePath = QDir::cleanPath(absolutePath);
// 路径遍历防护:规范化后路径必须在AppData目录下(追加"/"防止前缀碰撞)
if (!absolutePath.startsWith(appDataBase + "/") || !QFile::exists(absolutePath)) {
html.append(imgLabel);
} else {
QString base64 = "";
if (!Utils::pictureToBase64(absolutePath, base64)) {
html.append(imgLabel);
} else {
html.append(imgLabel.mid(0, last))
.append(base64)
.append(imgLabel.mid(last + rxPath.matchedLength(), imgLabel.size() - last - rxPath.matchedLength()));
}
}webrichtexteditor.cpp: #include <QUrl>
void WebRichTextEditor::viewPicture(const QString &filePath)
{
if (imgView == nullptr) {
imgView = new ImageViewerDialog(this);
}
// 使用 QUrl 安全解析本地文件路径,兼容跨平台和 URL 编码
QUrl url(filePath);
QString path = url.isLocalFile() ? url.toLocalFile() : filePath;
imgView->open(path);
}希望这些审查意见对你有所帮助!如果有任何疑问,欢迎随时提问。 |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: LiHua000, max-lvs The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/merge |
|
This pr cannot be merged! (status: unstable) |
|
/forcemerge |
|
This pr force merged! (status: unstable) |
3 participants
Bug: https://pms.uniontech.com/bug-view-354073.html