Limiting file access for Fl_Preferences.

Added Fl_Preferences::file_access() and various flags that make it possible to limit or completely deny file access to the preferences system, either for the core library or for the application or both.

1 files changed, 76 insertions, 5 deletions

diff --git a/src/Fl_Preferences.cxx b/src/Fl_Preferences.cxx
index 48e77bc24..424f0bc87 100644
--- a/src/Fl_Preferences.cxx
+++ b/src/Fl_Preferences.cxx
@@ -32,6 +32,7 @@
 char Fl_Preferences::nameBuffer[128];
 char Fl_Preferences::uuidBuffer[40];
 Fl_Preferences *Fl_Preferences::runtimePrefs = 0;
+unsigned int Fl_Preferences::fileAccess_ = Fl_Preferences::ALL;
 
 /**
  Returns a UUID as generated by the system.
@@ -50,6 +51,53 @@ const char *Fl_Preferences::newUUID() {
 }
 
 /**
+ Tell the FLTK Preferences system which files in the file system it may read, create, or write.
+
+ The FLTK core library will try to read or even create or write preference files when calling Fl::option(),
+ Fl_File_Chooser, the printing panel, and possibly some other internal function. If your applications wants
+ to keep FLTK from touching the file system, call this function before making any other FLTK calls:
+
+ \code
+ // neiter FLTK nor the app may read, create, or write preference files
+ Fl_Preferences::file_access( Fl_Preferences::NONE );
+ \endcode
+
+ or
+
+ \code
+ // FLTK may not read, create, or write preference files, but the application may
+ Fl_Preferences::file_access( Fl_Preferences::APP_OK );
+ \endcode
+
+ All flags can be combined using an OR operator. If flags are not set, that specifc access to the file system
+ will not be allowed. By default, all access is granted. To clear one or more flags from the default setting, us:
+ \code
+ Fl_Preferences::file_access( Fl_Preferences::file_access()
+                           &~ Fl_Preferences::SYSTEM_WRITE );
+ \endcode
+
+ If preferences are created using a filename (instead of Fl_Preferences::USER or Fl_Preferences::SYSTEM),
+ file access is handled as if the Fl_Preferences::USER flag was set.
+
+ \see Fl_Preferences::NONE and others for a list of flags.
+ \see Fl_Preferences::file_access()
+ */
+void Fl_Preferences::file_access(unsigned int flags)
+{
+  fileAccess_ = flags;
+}
+
+/**
+ Return the current file access permissions for the FLTK Preferences system.
+
+ \see Fl_Preferences::file_access(unsigned int)
+ */
+unsigned int Fl_Preferences::file_access()
+{
+    return fileAccess_;
+}
+
+/**
    The constructor creates a group that manages name/value pairs and
    child groups. Groups are ready for reading and writing at any time.
    The root argument is either Fl_Preferences::USER
@@ -807,8 +855,9 @@ Fl_Preferences::RootNode::RootNode( Fl_Preferences *prefs, Root root, const char
 : prefs_(prefs),
   filename_(0L),
   vendor_(0L),
-  application_(0L) {
-
+  application_(0L),
+  root_(root)
+{
   char *filename = Fl::system_driver()->preference_rootnode(prefs, root, vendor, application);
     filename_    = filename ? strdup(filename) : 0L;
   vendor_      = strdup(vendor);
@@ -822,7 +871,9 @@ Fl_Preferences::RootNode::RootNode( Fl_Preferences *prefs, const char *path, con
 : prefs_(prefs),
   filename_(0L),
   vendor_(0L),
-  application_(0L) {
+  application_(0L),
+  root_(Fl_Preferences::USER)
+{
 
   if (!vendor)
     vendor = "unknown";
@@ -845,7 +896,9 @@ Fl_Preferences::RootNode::RootNode( Fl_Preferences *prefs )
 : prefs_(prefs),
   filename_(0L),
   vendor_(0L),
-  application_(0L) {
+  application_(0L),
+  root_(Fl_Preferences::USER)
+{
 }
 
 // destroy the root node and all depending nodes
@@ -871,7 +924,19 @@ Fl_Preferences::RootNode::~RootNode() {
 // read a preferences file and construct the group tree and with all entry leafs
 int Fl_Preferences::RootNode::read() {
   if (!filename_)   // RUNTIME preferences
-    return -1; 
+    return -1;
+  if ( (root_ & Fl_Preferences::CORE) && !(fileAccess_ & Fl_Preferences::CORE_READ_OK) ) {
+    prefs_->node->clearDirtyFlags();
+    return -1;
+  }
+  if ( ((root_&Fl_Preferences::ROOT_MASK)==Fl_Preferences::USER) && !(fileAccess_ & Fl_Preferences::USER_READ_OK) ) {
+    prefs_->node->clearDirtyFlags();
+    return -1;
+  }
+  if ( ((root_&Fl_Preferences::ROOT_MASK)==Fl_Preferences::SYSTEM) && !(fileAccess_ & Fl_Preferences::SYSTEM_READ_OK) ) {
+    prefs_->node->clearDirtyFlags();
+    return -1;
+  }
   char buf[1024];
   FILE *f = fl_fopen( filename_, "rb" );
   if ( !f )
@@ -909,6 +974,12 @@ int Fl_Preferences::RootNode::read() {
 int Fl_Preferences::RootNode::write() {
   if (!filename_)   // RUNTIME preferences
     return -1;
+  if ( (root_ & Fl_Preferences::CORE) && !(fileAccess_ & Fl_Preferences::CORE_WRITE_OK) )
+    return -1;
+  if ( ((root_&Fl_Preferences::ROOT_MASK)==Fl_Preferences::USER) && !(fileAccess_ & Fl_Preferences::USER_WRITE_OK) )
+    return -1;
+  if ( ((root_&Fl_Preferences::ROOT_MASK)==Fl_Preferences::SYSTEM) && !(fileAccess_ & Fl_Preferences::SYSTEM_WRITE_OK) )
+    return -1;
   fl_make_path_for_file(filename_);
   FILE *f = fl_fopen( filename_, "wb" );
   if ( !f )