screenShield: Only allow graphs to lift shield when locked

Since commit 67615a0cbc, any printable key can be used to lift the screen shield rather than just escape/enter/space. While this is convenient for unlocking where the input is forwarded to the password entry, it is potentially dangerous when the screen is inactive but not locked: If the user types her password, the first character will lift the shield and the remaining input will go to the focused window. To prevent this from happening, only allow printable keys when the screen is actually locked and restrict the key presses that lift the shield to the original set of escape/enter/space otherwise. https://bugzilla.gnome.org/show_bug.cgi?id=773328
2016-10-21 18:03:44 +02:00 · 2016-10-21 18:03:44 +02:00 · 205880e74e
commit 205880e74e
parent 009d021e4f
1 changed files with 4 additions and 1 deletions
--- a/js/ui/screenShield.js
+++ b/js/ui/screenShield.js
@ -665,7 +665,10 @@ const ScreenShield = new Lang.Class({
        let isEnter = (symbol == Clutter.KEY_Return ||
                       symbol == Clutter.KEY_KP_Enter ||
                       symbol == Clutter.KEY_ISO_Enter);
-        if (!isEnter && !(GLib.unichar_isprint(unichar) || symbol == Clutter.KEY_Escape))
+        let isEscape = (symbol == Clutter.KEY_Escape);
+        let isLiftChar = (GLib.unichar_isprint(unichar) &&
+                          (this._isLocked || !GLib.unichar_isgraph(unichar)));
+        if (!isEnter && !isEscape && !isLiftChar)
            return Clutter.EVENT_PROPAGATE;

        if (this._isLocked &&