7bd7df5aa1
Temporary paths coming from the environment must be real filesystem things, never a Qt file engine, so we don't need to create QDir with its QDirPrivate, in order to call QFileSystemEngine. The replacing of canonicalPath() with QFSE::absoluteName() is fine because canonicalizing *after* cleanPath() is the wrong thing. For example, if you had: $ ln -s $HOME/tmp /tmp/symlink $ TMPDIR=/tmp/symlink/.. then cleanPath($TMPDIR) = /tmp absolute($TMPDIR) = /tmp # QFSE::absoluteName calls cleanPath canonical($TMPDIR) = $HOME canonical(cleanPath($TMPDIR)) = /tmp The lack of canonicalization now only affects when the final path is a symlink. Doing so bought us little security if it is a symlink and it could change, because the result is not cached and could change from call to call. That changing is probably worse than any attack, because you could end up with QDir::tempPath() != QDir::tempPath() [ChangeLog][QtCore][QDir] tempPath() may now return a non-canonical path. This means going up from it (cdUp()) may result in different paths from string manipulation (adding "/.."). Pick-to: 6.10 6.9 Change-Id: Iddf6f46edf6f3b6c3222fffd1e1e5479f0be92a9 Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>