Fix use secure temp directory for remote sync (keepassxreboot#10911)

src/gui/DatabaseWidget.cpp

@@ -1145,6 +1145,8 @@ void DatabaseWidget::uploadAndFinishSync(const RemoteParams* params, RemoteHandl
 
 void DatabaseWidget::finishSync(const RemoteParams* params, RemoteHandler::RemoteResult result)
 {
+    QScopedPointer<RemoteHandler> remoteHandler(new RemoteHandler(this));
+    remoteHandler->cleanup(result.filePath);
     setDisabled(false);
     emit updateSyncProgress(-1, "");
     if (result.success) {

src/gui/remote/DatabaseSettingsWidgetRemote.cpp

@@ -196,5 +196,6 @@ void DatabaseSettingsWidgetRemote::testDownload()
         return;
     }
 
+    remoteHandler->cleanup(result.filePath);
     m_ui->messageWidget->showMessage(tr("Download successful."), MessageWidget::Positive);
 }

src/gui/remote/RemoteHandler.cpp

@@ -23,16 +23,6 @@
 #include "core/AsyncTask.h"
 #include "core/Database.h"
 
-namespace
-{
-    QString getTempFileLocation()
-    {
-        QString uuid = QUuid::createUuid().toString().remove(0, 1);
-        uuid.chop(1);
-        return QDir::toNativeSeparators(QDir::temp().absoluteFilePath("RemoteDatabase-" + uuid + ".kdbx"));
-    }
-} // namespace
-
 std::function<QScopedPointer<RemoteProcess>(QObject*)> RemoteHandler::m_createRemoteProcess([](QObject* parent) {
     return QScopedPointer<RemoteProcess>(new RemoteProcess(parent));
 });
@@ -103,6 +93,7 @@ RemoteHandler::RemoteResult RemoteHandler::upload(const QString& filePath, const
 {
     return AsyncTask::runAndWaitForFuture([filePath, params] {
         RemoteResult result;
+        result.filePath = filePath;
         if (!params) {
             result.success = false;
             result.errorMessage = tr("Invalid database pointer or upload parameters provided.");
@@ -143,3 +134,27 @@ RemoteHandler::RemoteResult RemoteHandler::upload(const QString& filePath, const
         return result;
     });
 }
+
+QString RemoteHandler::getTempFileLocation()
+{
+    QString uuid = QUuid::createUuid().toString().remove(0, 1);
+    uuid.chop(1);
+    QString writableLocation = QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation);
+    if (writableLocation.isEmpty()) {
+        writableLocation = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+    }
+    QString tempLocation = QDir(writableLocation).absoluteFilePath(PREFIX + uuid);
+    QDir().mkdir(tempLocation);
+    QDir uuidPath(tempLocation);
+    QFile(uuidPath.path()).setPermissions(QFileDevice::ReadOwner | QFileDevice::WriteOwner | QFileDevice::ExeOwner);
+
+    return QDir::toNativeSeparators(uuidPath.absoluteFilePath("RemoteDatabase-" + uuid + ".kdbx"));
+}
+
+void RemoteHandler::cleanup(QString& tempFileLocation)
+{
+    QFileInfo file(tempFileLocation);
+    if (file.absoluteDir().exists() && file.absoluteDir().dirName().startsWith(PREFIX)) {
+        file.absoluteDir().removeRecursively();
+    }
+}

src/gui/remote/RemoteHandler.h

@@ -44,12 +44,16 @@ class RemoteHandler : public QObject
     RemoteResult download(const RemoteParams* params);
     RemoteResult upload(const QString& filePath, const RemoteParams* params);
 
+    void cleanup(QString& tempFileLocation);
+
     // Used for testing only
     static void setRemoteProcessFunc(std::function<QScopedPointer<RemoteProcess>(QObject*)> func);
 
 private:
+    static QString getTempFileLocation();
+
     static std::function<QScopedPointer<RemoteProcess>(QObject*)> m_createRemoteProcess;
-    static QString m_tempFileLocation;
+    inline static const QString PREFIX = "KPXC-Sync-";
 
     Q_DISABLE_COPY(RemoteHandler)
 };

src/gui/remote/RemoteProcess.cpp

@@ -17,7 +17,6 @@
 
 #include "RemoteProcess.h"
 
-#include <QTemporaryDir>
 #include <QUuid>
 
 RemoteProcess::RemoteProcess(QObject* parent)