Select Git revision
-
This feature is mostly a relicate from SFLPhone and introduced a remote attack vector abusing the system() function weaknesses. Provided that "sipEnabled" parameter is on in the remote target's configuration, a malicious peer calling that remote target could send SIP messages with a crafted "X-ring-url" string in order to execute arbitrary shell commands on the target. Header entry "X-ring-url" content is actually consumed by UrlHook as arguments for the "x-www-browser" command executed using system(). By adding a shell escape sequence to circumvent existing arguments sanitizing attempts, the malicious peer could execute any shell command under remote peer user's identity and access sensitive information available using its privileges. Remove that feature altogether and enforce users that are relying on that feature to migrate to Jami "plugins", which are more suitable for introducing custom Jami behaviors. Change-Id: I1d6d07771e2b5a7c7f2cb8fc838821106c0a6708
This feature is mostly a relicate from SFLPhone and introduced a remote attack vector abusing the system() function weaknesses. Provided that "sipEnabled" parameter is on in the remote target's configuration, a malicious peer calling that remote target could send SIP messages with a crafted "X-ring-url" string in order to execute arbitrary shell commands on the target. Header entry "X-ring-url" content is actually consumed by UrlHook as arguments for the "x-www-browser" command executed using system(). By adding a shell escape sequence to circumvent existing arguments sanitizing attempts, the malicious peer could execute any shell command under remote peer user's identity and access sensitive information available using its privileges. Remove that feature altogether and enforce users that are relying on that feature to migrate to Jami "plugins", which are more suitable for introducing custom Jami behaviors. Change-Id: I1d6d07771e2b5a7c7f2cb8fc838821106c0a6708
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
videooverlay.cpp 5.94 KiB
/***************************************************************************
* Copyright (C) 2015-2017 by Savoir-faire Linux *
* Author: Edric Ladent Milaret <edric.ladent-milaret@savoirfairelinux.com>*
* Author: Andreas Traczyk <andreas.traczyk@savoirfairelinux.com> *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 3 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
**************************************************************************/
#include "videooverlay.h"
#include "ui_videooverlay.h"
#include <QTime>
// LRC
#include "callmodel.h"
#include "person.h"
#include "account.h"
#include "lrcinstance.h"
#include "utils.h"
VideoOverlay::VideoOverlay(QWidget* parent) :
QWidget(parent),
ui(new Ui::VideoOverlay),
oneSecondTimer_(new QTimer(this))
{
ui->setupUi(this);
ui->bottomButtons->setMouseTracking(true);
ui->chatButton->setCheckable(true);
setAttribute(Qt::WA_NoSystemBackground);
ui->noMicButton->setCheckable(true);
ui->onHoldLabel->setVisible(false);
}
VideoOverlay::~VideoOverlay()
{
delete ui;
}
void
VideoOverlay::callStarted(const std::string& callId)
{
ui->timerLabel->setText("00:00");
callId_ = callId;
connect(oneSecondTimer_, &QTimer::timeout, this, &VideoOverlay::setTime);
oneSecondTimer_->start(1000);
}
void
VideoOverlay::setName(const QString& name)
{
ui->nameLabel->setText(name);
}
void
VideoOverlay::setTime()
{
if (callId_.empty()) {
return;
}
try {
auto callInfo = LRCInstance::getCurrentCallModel()->getCall(callId_);
if (callInfo.status == lrc::api::call::Status::IN_PROGRESS ||
callInfo.status == lrc::api::call::Status::PAUSED) {
int numSeconds = std::chrono::duration_cast<std::chrono::seconds>(
std::chrono::steady_clock::now() - callInfo.startTime).count();
QTime t(0, 0, numSeconds);
ui->timerLabel->setText(t.toString(numSeconds > 3600 ? "hh:mm:ss" : "mm:ss"));
}
} catch (...) { }
}
void
VideoOverlay::setVideoMuteVisibility(bool visible)
{
ui->noVideoButton->setVisible(visible);
}
bool
VideoOverlay::shouldShowOverlay()
{
auto callInfo = LRCInstance::getCurrentCallModel()->getCall(callId_);
auto callPaused = callInfo.status == lrc::api::call::Status::PAUSED;
return ui->bottomButtons->underMouse() || ui->topInfoBar->underMouse() || callPaused;
}
void
VideoOverlay::simulateShowChatview(bool checked)
{
ui->chatButton->setChecked(checked);
}
bool
VideoOverlay::getShowChatView()
{
return ui->chatButton->isChecked();
}
void
VideoOverlay::on_hangupButton_clicked()
{
auto convInfo = Utils::getSelectedConversation();
if (!convInfo.uid.empty()) {
auto& callId = convInfo.callId;
auto callModel = LRCInstance::getCurrentCallModel();
if (callModel->hasCall(callId)) {
callModel->hangUp(callId);
}
}
ui->chatButton->setChecked(false);
}
void
VideoOverlay::on_chatButton_toggled(bool checked)
{
emit setChatVisibility(checked);
}
void
VideoOverlay::on_holdButton_clicked()
{
auto selectedConvUid = LRCInstance::getSelectedConvUid();
auto conversation = Utils::getConversationFromUid(selectedConvUid,
*LRCInstance::getCurrentConversationModel()); auto& callId = conversation->callId;
auto callModel = LRCInstance::getCurrentCallModel();
if (callModel->hasCall(callId)) {
auto onHold = callModel->getCall(callId).status == lrc::api::call::Status::PAUSED;
ui->holdButton->setChecked(!onHold);
ui->onHoldLabel->setVisible(!onHold);
callModel->togglePause(callId);
}
}
void
VideoOverlay::on_noMicButton_clicked()
{
auto selectedConvUid = LRCInstance::getSelectedConvUid();
auto conversation = Utils::getConversationFromUid(selectedConvUid,
*LRCInstance::getCurrentConversationModel());
auto& callId = conversation->callId;
auto callModel = LRCInstance::getCurrentCallModel();
if (callModel->hasCall(callId)) {
ui->noMicButton->setChecked(callModel->getCall(callId).audioMuted);
callModel->toggleMedia(callId, lrc::api::NewCallModel::Media::AUDIO);
}
}
void
VideoOverlay::on_noVideoButton_clicked()
{
auto selectedConvUid = LRCInstance::getSelectedConvUid();
auto conversation = Utils::getConversationFromUid(selectedConvUid,
*LRCInstance::getCurrentConversationModel());
auto& callId = conversation->callId;
auto callModel = LRCInstance::getCurrentCallModel();
if (callModel->hasCall(callId)) {
ui->noVideoButton->setChecked(callModel->getCall(callId).videoMuted);
callModel->toggleMedia(callId, lrc::api::NewCallModel::Media::VIDEO);
}
}
void
VideoOverlay::on_recButton_clicked()
{
auto selectedConvUid = LRCInstance::getSelectedConvUid();
auto conversation = Utils::getConversationFromUid(selectedConvUid,
*LRCInstance::getCurrentConversationModel());
auto& callId = conversation->callId;
auto callModel = LRCInstance::getCurrentCallModel();
if (callModel->hasCall(callId)) {
callModel->toggleAudioRecord(callId);
}
}