# HG changeset patch # User zas_ # Date 1207932381 0 # Node ID a955b7fd626b40bd2cf04bbff7c80fab292a1b8e # Parent 07def8e708e13a715462d102e5e86e2aa98df905 Secure save now unlinks temporary file on error by default. It will prevent left-behind temporary files, but also prevent potential data recovery from partially written files (it should not be a problem here). diff -r 07def8e708e1 -r a955b7fd626b src/secure_save.c --- a/src/secure_save.c Fri Apr 11 16:04:37 2008 +0000 +++ b/src/secure_save.c Fri Apr 11 16:46:21 2008 +0000 @@ -83,6 +83,7 @@ ssi->secure_save = TRUE; ssi->preserve_perms = TRUE; + ssi->unlink_on_error = TRUE; ssi->file_name = g_strdup(file_name); if (!ssi->file_name) { @@ -106,7 +107,7 @@ } else { if (!S_ISREG(st.st_mode)) { /* Not a regular file, secure_save is disabled. */ - ssi->secure_save = 0; + ssi->secure_save = FALSE; } else { #ifdef HAVE_ACCESS /* XXX: access() do not work with setuid programs. */ @@ -297,7 +298,11 @@ ret = 0; /* Success. */ free: - if (ssi->tmp_file_name) g_free(ssi->tmp_file_name); + if (ssi->tmp_file_name) + { + if (ret && ssi->unlink_on_error) unlink(ssi->tmp_file_name); + g_free(ssi->tmp_file_name); + } if (ssi->file_name) g_free(ssi->file_name); if (ssi) g_free(ssi); diff -r 07def8e708e1 -r a955b7fd626b src/typedefs.h --- a/src/typedefs.h Fri Apr 11 16:04:37 2008 +0000 +++ b/src/typedefs.h Fri Apr 11 16:46:21 2008 +0000 @@ -722,9 +722,10 @@ gchar *file_name; /**< final file name */ gchar *tmp_file_name; /**< temporary file name */ gint err; /**< set to non-zero value in case of error */ - gint secure_save; /**< use secure save for this file */ - gint preserve_perms; /**< whether to preserve perms */ - gint preserve_mtime; /**< whether to preserve mtime */ + gint secure_save; /**< use secure save for this file, internal use only */ + gint preserve_perms; /**< whether to preserve perms, TRUE by default */ + gint preserve_mtime; /**< whether to preserve mtime, FALSE by default */ + gint unlink_on_error; /**< whether to remove temporary file on save failure, TRUE by default */ };