diff --git a/CHANGELOG.md b/CHANGELOG.md index ecc94631..fb48720a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added Exclude specific boxes from 'Terminate all processes' [#3108](https://github.com/sandboxie-plus/Sandboxie/issues/3108) - Note: press the panic button hot key 3 times with less then 1 second between clicks to Terminate All with NO exceptions - added Customizable global hotkey that toggles the state of "pause forced programs" [#2441](https://github.com/sandboxie-plus/Sandboxie/issues/2441) +- added Warn or prevent broad "forced folder" settings [#650](https://github.com/sandboxie-plus/Sandboxie/issues/650) ### Changed - improved suspend process ahndling [#3375](https://github.com/sandboxie-plus/Sandboxie/issues/3375) diff --git a/SandboxiePlus/SandMan/Windows/OptionsForce.cpp b/SandboxiePlus/SandMan/Windows/OptionsForce.cpp index f9e82256..06bc3f9f 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsForce.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsForce.cpp @@ -203,8 +203,7 @@ void COptionsWindow::OnForceProg() if (Value.isEmpty()) return; AddForcedEntry(Value, (int)eProcess); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnBreakoutProg() @@ -212,9 +211,10 @@ void COptionsWindow::OnBreakoutProg() QString Value = SelectProgram(); if (Value.isEmpty()) return; + if (!CheckForcedItem(Value, (int)eProcess)) + return; AddBreakoutEntry(Value, (int)eProcess); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnForceBrowse() @@ -222,9 +222,10 @@ void COptionsWindow::OnForceBrowse() QString Value = QFileDialog::getOpenFileName(this, tr("Select Executable File"), "", tr("Executable Files (*.exe)")); if (Value.isEmpty()) return; + if (!CheckForcedItem(Value, (int)eProcess)) + return; AddForcedEntry(Split2(Value, "/", true).second, (int)eProcess); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnBreakoutBrowse() @@ -233,8 +234,7 @@ void COptionsWindow::OnBreakoutBrowse() if (Value.isEmpty()) return; AddBreakoutEntry(Split2(Value, "/", true).second, (int)eProcess); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnForceDir() @@ -242,9 +242,10 @@ void COptionsWindow::OnForceDir() QString Value = QFileDialog::getExistingDirectory(this, tr("Select Directory")).replace("/", "\\"); if (Value.isEmpty()) return; + if (!CheckForcedItem(Value, (int)ePath)) + return; AddForcedEntry(Value, (int)ePath); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnBreakoutDir() @@ -253,28 +254,66 @@ void COptionsWindow::OnBreakoutDir() if (Value.isEmpty()) return; AddBreakoutEntry(Value, (int)ePath); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnDelForce() { DeleteAccessEntry(ui.treeForced->currentItem()); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } void COptionsWindow::OnDelBreakout() { DeleteAccessEntry(ui.treeBreakout->currentItem()); - m_ForcedChanged = true; - OnOptChanged(); + OnForcedChanged(); } -void COptionsWindow::OnForcedChanged() +void COptionsWindow::OnForcedChanged() { - //QString Test = pItem->data(1, Qt::UserRole).toString(); - //qDebug() << Test; m_ForcedChanged = true; OnOptChanged(); } + +bool COptionsWindow::CheckForcedItem(const QString& Value, int type) +{ + bool bDangerous = false; + + QString winPath = QString::fromUtf8(qgetenv("SystemRoot")); + + if (type == eProcess) + { + if (Value.compare("explorer.exe", Qt::CaseInsensitive) == 0 || Value.compare(winPath + "\\explorer.exe", Qt::CaseInsensitive) == 0) + bDangerous = true; + else if (Value.compare("taskmgr.exe", Qt::CaseInsensitive) == 0 || Value.compare(winPath + "\\system32\\taskmgr.exe", Qt::CaseInsensitive) == 0) + bDangerous = true; + else if (Value.contains("sbiesvc.exe", Qt::CaseInsensitive) == 0) + bDangerous = true; + else if (Value.contains("sandman.exe", Qt::CaseInsensitive) == 0) + bDangerous = true; + } + else + { + if (Value.left(3).compare(winPath.left(3), Qt::CaseInsensitive) == 0) + bDangerous = true; // SystemDrive (C:\) + else if (Value.compare(winPath, Qt::CaseInsensitive) == 0) + bDangerous = true; // SystemRoot (C:\Windows) + else if (Value.left(winPath.length() + 1).compare(winPath + "\\", Qt::CaseInsensitive) == 0) + bDangerous = true; // sub path of C:\Windows + } + + if (bDangerous && QMessageBox::warning(this, "Sandboxie-Plus", tr("The forcing the specified folder will most likely break windows, are you sure you want to proceed?") + , QDialogButtonBox::Yes, QDialogButtonBox::No) != QDialogButtonBox::Yes) + return false; + return true; +} + +void COptionsWindow::OnForcedChanged(QTreeWidgetItem *pItem, int) +{ + QString Value = pItem->data(1, Qt::UserRole).toString(); + if (pItem->checkState(0) == Qt::Checked && !CheckForcedItem(Value, pItem->data(0, Qt::UserRole).toInt())) + pItem->setCheckState(0, Qt::Unchecked); + //qDebug() << Test; + OnForcedChanged(); +} + diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp index d8143ec1..33cce3c8 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp @@ -117,7 +117,9 @@ public: if (pBox) { QString Value = pBox->property("value").toString(); + bool prev = m_pTree->blockSignals(true); pItem->setText(index.column(), pBox->currentText()); + m_pTree->blockSignals(prev); //QString Text = pBox->currentText(); //QVariant Data = pBox->currentData(); pItem->setData(index.column(), Qt::UserRole, Value); @@ -125,7 +127,9 @@ public: QLineEdit* pEdit = qobject_cast(editor); if (pEdit) { + bool prev = m_pTree->blockSignals(true); pItem->setText(index.column(), pEdit->text()); + m_pTree->blockSignals(prev); QString Value = pEdit->text(); if (m_Group) Value = "<" + Value + ">"; pItem->setData(index.column(), Qt::UserRole, Value); @@ -450,7 +454,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri //ui.treeForced->setEditTriggers(QAbstractItemView::DoubleClicked); ui.treeForced->setItemDelegateForColumn(0, new NoEditDelegate(this)); ui.treeForced->setItemDelegateForColumn(1, new ProgramsDelegate(this, ui.treeForced, -1, this)); - connect(ui.treeForced, SIGNAL(itemChanged(QTreeWidgetItem *, int)), this, SLOT(OnForcedChanged())); + connect(ui.treeForced, SIGNAL(itemChanged(QTreeWidgetItem *, int)), this, SLOT(OnForcedChanged(QTreeWidgetItem *, int))); connect(ui.chkDisableForced, SIGNAL(clicked(bool)), this, SLOT(OnForcedChanged())); connect(ui.btnBreakoutProg, SIGNAL(clicked(bool)), this, SLOT(OnBreakoutProg())); @@ -464,7 +468,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri //ui.treeBreakout->setEditTriggers(QAbstractItemView::DoubleClicked); ui.treeBreakout->setItemDelegateForColumn(0, new NoEditDelegate(this)); ui.treeBreakout->setItemDelegateForColumn(1, new ProgramsDelegate(this, ui.treeBreakout, -1, this)); - connect(ui.treeBreakout, SIGNAL(itemChanged(QTreeWidgetItem*, int)), this, SLOT(OnForcedChanged())); + connect(ui.treeBreakout, SIGNAL(itemChanged(QTreeWidgetItem *, int)), this, SLOT(OnBreakoutChanged(QTreeWidgetItem *, int))); // // Stop diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.h b/SandboxiePlus/SandMan/Windows/OptionsWindow.h index e80fb26e..82159daf 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsWindow.h +++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.h @@ -89,12 +89,14 @@ private slots: void OnDelForce(); void OnShowForceTmpl() { LoadForcedTmpl(true); } void OnForcedChanged(); + void OnForcedChanged(QTreeWidgetItem *pItem, int); void OnBreakoutProg(); void OnBreakoutBrowse(); void OnBreakoutDir(); void OnDelBreakout(); void OnShowBreakoutTmpl() { LoadBreakoutTmpl(true); } + void OnBreakoutChanged(QTreeWidgetItem *pItem, int); void OnAddLingering(); void OnDelStopProg(); @@ -390,6 +392,7 @@ protected: void LoadBreakoutTmpl(bool bUpdate = false); void AddBreakoutEntry(const QString& Name, int type, bool disabled = false, const QString& Template = QString()); void SaveForced(); + bool CheckForcedItem(const QString& Value, int type); void LoadStop();