fix: Fix dconfig input text not conforming to JSON standards

[pengfeixx]

Fix dconfig input text not conforming to JSON standards

Log: Fix dconfig input text not conforming to JSON standards
pms: BUG-317315

Summary by Sourcery

Validate dconfig text inputs that look like JSON before converting or applying them to prevent invalid JSON structures from being processed.

Bug Fixes:

• Prevent non-conforming JSON-like dconfig input text from being converted and applied in the editor and CLI tools by adding strict validation for object/array-style values.

Enhancements:

• Add a helper to selectively validate text values as JSON when they resemble JSON objects or arrays while allowing plain string and numeric inputs to pass unchanged.

[sourcery-ai]

Reviewer's Guide

Adds JSON-structure validation for free-text dconfig values and wires it into both the GUI editor and CLI set command so that object/array-like inputs must be valid JSON before being converted via stringToQVariant or sent over GDBus.

Sequence diagram for GUI dconfig text value validation on editingFinished

sequenceDiagram
    actor User
    participant KeyContent
    participant DLineEditWidget
    participant Helper
    participant Logger

    User->>DLineEditWidget: enter_text()
    User->>DLineEditWidget: editingFinished()

    DLineEditWidget->>Helper: isValidTextJsonValue(text)
    alt invalid_json_structure
        Helper-->>DLineEditWidget: false
        DLineEditWidget->>Logger: qWarning(invalid json value)
        DLineEditWidget-->>User: keep_focus_state_unchanged
    else valid_or_non_structural_text
        Helper-->>DLineEditWidget: true
        DLineEditWidget->>KeyContent: valueChanged(stringToQVariant(text))
        DLineEditWidget-->>User: clearFocus()
    end

Loading

Sequence diagram for CLI dconfig setCommand text JSON validation

sequenceDiagram
    actor User
    participant DdeDconfigCLI
    participant CommandManager
    participant Helper
    participant ConfigManager
    participant StdErr

    User->>DdeDconfigCLI: dde-dconfig set key value
    DdeDconfigCLI->>CommandManager: setCommand()

    CommandManager->>CommandManager: parse_arguments()
    CommandManager->>CommandManager: determine_type(bool/double/other)

    alt other_text_type
        CommandManager->>Helper: isValidTextJsonValue(value)
        alt invalid_json_structure
            Helper-->>CommandManager: false
            CommandManager->>StdErr: outpuSTDError("the value:[value] is not a valid json text.")
            CommandManager-->>DdeDconfigCLI: return 1
        else valid_or_non_structural_text
            Helper-->>CommandManager: true
            CommandManager->>ConfigManager: setValue(key, stringToQVariant(value))
            ConfigManager-->>CommandManager: ack
            CommandManager-->>DdeDconfigCLI: return 0
        end
    else bool_or_double_type
        CommandManager->>ConfigManager: setValue(key, converted_numeric_or_bool)
        ConfigManager-->>CommandManager: ack
        CommandManager-->>DdeDconfigCLI: return 0
    end

Loading

File-Level Changes

Change	Details	Files
Introduce helper to validate whether a text value that looks like a JSON object/array is syntactically valid JSON before further processing.	Add isValidTextJsonValue(QString) utility that treats empty strings as valid, trims input, and only runs QJsonDocument::fromJson when the text starts with '{' or '[' Use QJsonParseError to determine if candidate JSON text parses without errors Allow non-object/array plain strings or scalar-looking values to bypass strict JSON validation while still being handled by existing conversion logic	dconfig-center/common/helper.hpp
Guard GUI text edits in the dconfig editor with JSON validation to prevent committing malformed JSON-like text values.	Hook isValidTextJsonValue into DLineEdit editingFinished handler for key content values Log a qWarning with the invalid JSON text when validation fails Short-circuit the handler on invalid JSON so valueChanged is not emitted and stringToQVariant is not invoked	dconfig-center/dde-dconfig-editor/mainwindow.cpp
Guard CLI set commands for text values with JSON validation and fail fast on malformed JSON-like input.	Before calling stringToQVariant for non-boolean, non-double values, validate the text using isValidTextJsonValue On validation failure, print an error to stderr indicating the offending value is not valid JSON text and exit with code 1 Keep existing handling for numeric and other value types unchanged	dconfig-center/dde-dconfig/main.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In isValidTextJsonValue, consider passing trimmed.toUtf8() to QJsonDocument::fromJson instead of the original s to avoid false negatives when the input has leading/trailing whitespace but is otherwise valid JSON.
• When JSON validation fails in the DLineEdit::editingFinished handler, only a qWarning is logged and the user receives no visible feedback; consider surfacing an error in the UI (e.g., highlighting the field or showing a brief message) so users understand why their change was ignored.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `isValidTextJsonValue`, consider passing `trimmed.toUtf8()` to `QJsonDocument::fromJson` instead of the original `s` to avoid false negatives when the input has leading/trailing whitespace but is otherwise valid JSON.
- When JSON validation fails in the `DLineEdit::editingFinished` handler, only a `qWarning` is logged and the user receives no visible feedback; consider surfacing an error in the UI (e.g., highlighting the field or showing a brief message) so users understand why their change was ignored.

## Individual Comments

### Comment 1
<location path="dconfig-center/dde-dconfig-editor/mainwindow.cpp" line_range="736-739" />
<code_context>
         auto widget = new DLineEdit(this);
         widget->setEnabled(canWrite);
         connect(widget, &DLineEdit::editingFinished, widget, [this, widget](){
+            if (!isValidTextJsonValue(widget->text())) {
+                qWarning() << "invalid json value" << widget->text();
+                return;
+            }
             widget->clearFocus();
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Handling invalid JSON only via qWarning may leave the user with silent failures and an unchanged, invalid value.

Right now the handler just logs and returns, leaving invalid text in the field with no visible indication that it was rejected. Please either restore the last valid value or provide inline feedback (e.g., highlight the field or show an error) so users understand the input wasn’t accepted.

Suggested implementation:

```cpp
        auto widget = new DLineEdit(this);
        widget->setEnabled(canWrite);
        // remember the last valid value so we can restore it on invalid input
        widget->setProperty("lastValidValue", widget->text());
        connect(widget, &DLineEdit::editingFinished, widget, [this, widget](){
            if (!isValidTextJsonValue(widget->text())) {
                qWarning() << "invalid json value" << widget->text();
                // restore the last valid value and visually indicate the error
                const QVariant lastValid = widget->property("lastValidValue");
                if (lastValid.isValid())
                    widget->setText(lastValid.toString());
                widget->setAlert(true);
                return;
            }
            // input is valid: clear any previous error indication and update last valid value
            widget->setAlert(false);
            widget->setProperty("lastValidValue", widget->text());
            widget->clearFocus();
            emit valueChanged(stringToQVariant(widget->text()));
        });

```

If `DLineEdit` in your version of DTK does not provide `setAlert(bool)`, replace those calls with an equivalent inline feedback mechanism already used in this project (e.g., setting a warning style class or palette) so the user still gets a visible indication when JSON input is rejected.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (bug_risk): Handling invalid JSON only via qWarning may leave the user with silent failures and an unchanged, invalid value.

Right now the handler just logs and returns, leaving invalid text in the field with no visible indication that it was rejected. Please either restore the last valid value or provide inline feedback (e.g., highlight the field or show an error) so users understand the input wasn’t accepted.

Suggested implementation:

        auto widget = new DLineEdit(this);
        widget->setEnabled(canWrite);
        // remember the last valid value so we can restore it on invalid input
        widget->setProperty("lastValidValue", widget->text());
        connect(widget, &DLineEdit::editingFinished, widget, [this, widget](){
            if (!isValidTextJsonValue(widget->text())) {
                qWarning() << "invalid json value" << widget->text();
                // restore the last valid value and visually indicate the error
                const QVariant lastValid = widget->property("lastValidValue");
                if (lastValid.isValid())
                    widget->setText(lastValid.toString());
                widget->setAlert(true);
                return;
            }
            // input is valid: clear any previous error indication and update last valid value
            widget->setAlert(false);
            widget->setProperty("lastValidValue", widget->text());
            widget->clearFocus();
            emit valueChanged(stringToQVariant(widget->text()));
        });

If DLineEdit in your version of DTK does not provide setAlert(bool), replace those calls with an equivalent inline feedback mechanism already used in this project (e.g., setting a warning style class or palette) so the user still gets a visible indication when JSON input is rejected.

[18202781743]

这种如果传入的希望是['a', 'b', 'c']，它会被转成“abc”么？

[pengfeixx]

这种如果传入的希望是['a', 'b', 'c']，它会被转成“abc”么？

不会，这个会转成一整个字符串 "['a', 'b', 'c']" 传进去

[18202781743]

bug是输入了错误的值，被识别成了QVariantList，然后QChar又没有被注册，导致被卡了，如果是这样改的话，可以注册QChar到dbus上，这样也不会卡吧，
另外，这样没处理它实际上保存的值是一个list，只是用命令获取的时候是相对正常的，
我们是不是应该还是应该在输入上去做这种处理呀，

[Copilot]

Pull request overview

This PR adds stricter validation for dconfig text inputs that look like JSON (notably object/array-style values) before converting/applying them, to avoid producing or persisting invalid JSON-like structures via the CLI and editor.

Changes:

• Introduce validateTextInput() helper to detect/validate JSON-looking text inputs.
• Apply validation in the CLI set command before calling stringToQVariant().
• Apply validation in editor line-edit handlers before updating the underlying model/value.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
dconfig-center/dde-dconfig/main.cpp	Validate CLI --value text input before converting/setting it.
dconfig-center/dde-dconfig-editor/oemdialog.cpp	Validate per-item text edits before writing to the item model.
dconfig-center/dde-dconfig-editor/mainwindow.cpp	Validate key-value edits before emitting valueChanged.
dconfig-center/common/helper.hpp	Add validateTextInput() helper used by CLI and editor.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

validateTextInput() treats values wrapped in double quotes as “JSON strings” and validates them via QJsonDocument::fromJson(). QJsonDocument only supports top-level JSON objects/arrays, so inputs like "abc" will be flagged as invalid even though they are valid JSON scalars; this can also break copy/paste workflows where CLI output includes quotes. Consider validating only object/array-looking inputs, or switch to a scalar-capable JSON parser/strategy for quoted strings.

Suggested change

	bool looksLikeJsonString = (firstChar == '"' && lastChar == '"');
	if (!looksLikeJsonObject && !looksLikeJsonArray && !looksLikeJsonString) {
	if (!looksLikeJsonObject && !looksLikeJsonArray) {

[Copilot]

This new validation will reject values that are quoted (e.g. "foo"). The query value path prints non-bool/non-double values with surrounding quotes, so users copying that output into set --value may now hit a validation error even when they’re just setting a string. Either avoid quoting the query output for strings, or ensure validateTextInput() accepts quoted strings (or doesn’t attempt to validate them).

Suggested change

	if (!validateTextInput(value, errorMsg)) {
	outpuSTDError(errorMsg);
	return 1;
	}
	manager->setValue(key, stringToQVariant(value));
	QString sanitizedValue = value;
	if (!validateTextInput(sanitizedValue, errorMsg)) {
	// If validation fails, try again after stripping surrounding quotes (e.g. "foo" -> foo)
	const int len = sanitizedValue.size();
	if (len >= 2 && sanitizedValue.startsWith(QLatin1Char('"')) && sanitizedValue.endsWith(QLatin1Char('"'))) {
	QString unquoted = sanitizedValue.mid(1, len - 2);
	errorMsg.clear();
	if (!validateTextInput(unquoted, errorMsg)) {
	outpuSTDError(errorMsg);
	return 1;
	}
	sanitizedValue = unquoted;
	} else {
	outpuSTDError(errorMsg);
	return 1;
	}
	}
	manager->setValue(key, stringToQVariant(sanitizedValue));

[Copilot]

textChanged fires on every keystroke; once the text starts/ends with {} or [], validateTextInput() will parse JSON on every change (including edits in the middle while the closing brace remains). This can cause noticeable UI lag for larger values. Consider validating on editingFinished (or using a short debounce timer) instead of on every textChanged event.

[deepin-ci-robot]

deepin pr auto review

这段代码的 diff 展示了在 dconfig-center 项目中新增了一个 validateTextInput 函数，并在三个不同的地方（mainwindow.cpp、oemdialog.cpp 和 main.cpp）调用了它，目的是在将用户输入转换为 QVariant 之前验证其是否为有效的 JSON（如果输入看起来像 JSON 的话）。

以下是对这段代码的审查意见，包括语法逻辑、代码质量、代码性能和代码安全方面：

1. 语法逻辑

• 边界检查：在 validateTextInput 中，代码先检查了 trimmed.isEmpty()。这很好。但在检查 firstChar 和 lastChar 之前，虽然前面检查了 isEmpty，但为了防御性编程，如果 trimmed 长度小于 2，直接返回 true 会更安全，尽管逻辑上 isEmpty 已经涵盖了长度为 0 的情况，但逻辑上区分"非 JSON"和"无效 JSON"会更清晰。
• 索引访问：trimmed[0] 和 trimmed[trimmed.length() - 1] 在 isEmpty() 为 false 时是安全的，但代码风格上，使用 trimmed.front() 和 trimmed.back() (C++11 起) 通常比索引访问更具可读性，且在 Qt 容器中通常也是高效的。

2. 代码质量

• 函数设计：
  • validateTextInput 函数名清晰，意图明确。
  • 通过引用 QString &errorMsg 返回错误信息，而不是直接抛出异常或仅返回 bool，符合 Qt 的风格。
• 用户体验 (UX)：
  • 在 mainwindow.cpp 和 oemdialog.cpp 中，当验证失败时，代码仅调用了 qWarning() << errorMsg; 然后 return。这意味着用户输入了无效的 JSON，但焦点被清除（widget->clearFocus() 在 return 前被调用，或者根本没调用，取决于顺序），用户可能不知道为什么输入没有生效，或者焦点还在输入框内但无法提交。建议：应该在 UI 上给用户一个提示（例如 DDialog 或 DTipLabel），告诉用户输入的 JSON 格式不正确，而不是仅在控制台打印警告。
• 信号连接：
  • 在 oemdialog.cpp 中，原代码连接的是 textChanged 信号，新代码改为了 editingFinished。这是一个非常好的改进。textChanged 会在用户每次按键时触发，导致频繁的验证和转换，甚至可能导致用户还没输入完 { 就报错。editingFinished（通常在失去焦点或按下回车时触发）更适合这种场景。

3. 代码性能

• 字符串操作：
  • s.trimmed() 会创建一个新的 QString 对象。
  • trimmed.toUtf8() 会再次创建一个 QByteArray 对象用于 JSON 解析。
  • 建议：对于短文本（如配置项），这通常不是问题。但如果需要处理大量或极长的文本，可以考虑优化。但在当前上下文中，这是可以接受的。
• JSON 解析：
  • QJsonDocument::fromJson 是相对昂贵的操作。代码先通过检查首尾字符（{} 或 []）来"短路"判断，避免对非 JSON 格式的文本进行解析。这是一个很好的性能优化策略。

4. 代码安全

• 输入验证：新增的函数正是为了进行输入验证，防止将格式错误的 JSON 字符串传递给后续处理逻辑，这提高了程序的健壮性。
• 错误处理：
  • 在 main.cpp (CLI 工具) 中，验证失败时调用 outpuSTDError 并返回 1，这是标准的命令行错误处理方式，很好。
  • 在 GUI 部分（mainwindow.cpp 和 oemdialog.cpp），如前所述，仅打印 qWarning 可能不够，用户可能不知道操作失败了。虽然这不算"安全"漏洞，但属于"可用性"问题。

改进建议

1. UI 反馈：在 mainwindow.cpp 和 oemdialog.cpp 中，当 validateTextInput 返回 false 时，除了 qWarning，最好给用户一个可视化的反馈。

   • 例如：可以设置 DLineEdit 显示为警告状态（如果 Dtk 支持），或者弹出一个简单的提示框。
   • 如果不想打断用户流（弹窗），可以显示一个红色的提示文本或图标。

2. 代码逻辑微调：

   • 在 validateTextInput 中，为了更加严谨，可以将首尾字符检查改为：

     if (trimmed.length() < 2) {
         return true; // 长度小于2不可能是合法的 JSON 对象或数组
     }

     这样逻辑更严密，虽然 isEmpty 已经处理了长度为0的情况。

3. 拼写错误：

   • 在 main.cpp 中，函数名 outpuSTDError 看起来像是一个拼写错误（多了一个大写 S，或者是驼峰命名不一致）。如果这是项目中既定的函数名，请忽略；如果是新写的，建议检查拼写（如 outputStdError）。

总结

这段代码是一个高质量的改进。它有效地增加了对 JSON 输入的验证，修复了 textChanged 信号导致的潜在性能和逻辑问题，并提供了合理的错误处理路径。主要的改进点在于 GUI 部分的用户反馈机制，建议在验证失败时给予用户更明确的 UI 提示，而不仅仅是后台日志。

[18202781743]

这个可能溢出吧，

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

On invalid JSON-like input, the handler only logs a warning and returns, leaving the editor with text that looks accepted but is not applied to the underlying item/model. This is easy to miss for users. Consider providing in-UI feedback (e.g., dialog/toast/inline error state) and/or reverting the line edit back to the last valid value so the UI and stored value can’t silently diverge.

[Copilot]

When validation fails, this path just logs a warning and returns, but editingFinished has already fired so the user receives no actionable feedback and the displayed text may not match the persisted value. Consider surfacing the error in the UI (dialog/inline error) and/or restoring the previous value and returning focus to the field to prompt correction.

Suggested change

	qWarning() << errorMsg;
	qWarning() << errorMsg;
	const QString message = errorMsg.isEmpty()
	? tr("The entered value is invalid.")
	: errorMsg;
	QMessageBox::warning(widget,
	tr("Invalid input"),
	message);
	widget->setFocus();
	widget->selectAll();

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, pengfeixx

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pengfeixx]

/merge