From fd311fd5ffa7cbccbf561f13ee4474f626ea6582 Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Mon, 30 Sep 2024 17:45:28 +0800 Subject: [PATCH] Reduce sensitive data instances There is no reason for `WebUI` class to retain this information. PR #21373. --- src/webui/webui.cpp | 15 ++++++++++----- src/webui/webui.h | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/webui/webui.cpp b/src/webui/webui.cpp index 20036c156..fc177d56b 100644 --- a/src/webui/webui.cpp +++ b/src/webui/webui.cpp @@ -42,7 +42,7 @@ WebUI::WebUI(IApplication *app, const QByteArray &tempPasswordHash) : ApplicationComponent(app) - , m_passwordHash {tempPasswordHash} + , m_tempPasswordHash {tempPasswordHash} { configure(); connect(Preferences::instance(), &Preferences::changed, this, &WebUI::configure); @@ -54,12 +54,17 @@ void WebUI::configure() m_errorMsg.clear(); const Preferences *pref = Preferences::instance(); + m_isEnabled = pref->isWebUIEnabled(); const QString username = pref->getWebUIUsername(); - if (const QByteArray passwordHash = pref->getWebUIPassword(); !passwordHash.isEmpty()) - m_passwordHash = passwordHash; + QByteArray passwordHash = m_tempPasswordHash; + if (const QByteArray prefPasswordHash = pref->getWebUIPassword(); !prefPasswordHash.isEmpty()) + { + passwordHash = prefPasswordHash; + m_tempPasswordHash.clear(); + } - if (m_isEnabled && (username.isEmpty() || m_passwordHash.isEmpty())) + if (m_isEnabled && (username.isEmpty() || passwordHash.isEmpty())) { setError(tr("Credentials are not set")); } @@ -98,7 +103,7 @@ void WebUI::configure() } m_webapp->setUsername(username); - m_webapp->setPasswordHash(m_passwordHash); + m_webapp->setPasswordHash(passwordHash); if (pref->isWebUIHttpsEnabled()) { diff --git a/src/webui/webui.h b/src/webui/webui.h index fa0589c2a..01820060b 100644 --- a/src/webui/webui.h +++ b/src/webui/webui.h @@ -77,5 +77,5 @@ private: QPointer m_dnsUpdater; QPointer m_webapp; - QByteArray m_passwordHash; + QByteArray m_tempPasswordHash; };