Skip to content

fix: Fix Chinese password compression failure #351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pengfeixx merged 1 commit into from
Jan 20, 2026
Merged

fix: Fix Chinese password compression failure #351

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions 3rdparty/libzipplugin/libzipplugin.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,8 @@ PluginFinishType LibzipPlugin::extractFiles(const QList<FileEntry> &files, const
return PFT_Cancel;
} else {
setPassword(query.password());
zip_set_default_password(archive, m_strPassword.toUtf8().constData());
QByteArray passwordBytes = passwordUnicode(m_strPassword, 0);
zip_set_default_password(archive, passwordBytes.constData());
lastNeedPasswordIndex = i;
i--;
}
Expand Down Expand Up @@ -269,7 +270,8 @@ PluginFinishType LibzipPlugin::extractFiles(const QList<FileEntry> &files, const
return PFT_Cancel;
} else {
setPassword(query.password());
zip_set_default_password(archive, m_strPassword.toUtf8().constData());
QByteArray passwordBytes = passwordUnicode(m_strPassword, 0);
zip_set_default_password(archive, passwordBytes.constData());
i--;
}
} else {
Expand Down Expand Up @@ -668,12 +670,13 @@ bool LibzipPlugin::writeEntry(zip_t *archive, const QString &entry, const Compre
// 设置压缩的加密算法
if (options.bEncryption && !options.strEncryptionMethod.isEmpty()) { //ReadOnlyArchiveInterface::password()
int ret = 0;
QByteArray passwordBytes = passwordUnicode(options.strPassword, 0);
if (QLatin1String("AES128") == options.strEncryptionMethod) {
Comment on lines +673 to 674

@sourcery-ai sourcery-ai Bot Jan 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Avoid logging detailed password metadata (lengths) in qInfo for security/privacy reasons.

These qInfo() calls log password-related metadata (length and encoded length), and similar logging was added in passwordUnicode for Chinese detection. Even without the actual password, this information can aid password guessing and will likely persist in logs. Please remove these logs, or restrict them to a debug-only/very-verbose path that is disabled in production.

Suggested implementation:

        QByteArray passwordBytes = passwordUnicode(options.strPassword, 0);
        if (QLatin1String("AES128") == options.strEncryptionMethod) {

The review comment also refers to similar logging added inside passwordUnicode for Chinese detection. For full compliance with the security/privacy concern, you should locate that logging in passwordUnicode (likely in the same file or related source file) and either:

  1. Remove it entirely, or
  2. Wrap it in a very-verbose/debug-only mechanism that is disabled in production (e.g., behind a compile-time flag or an environment-variable-guarded qDebug()).

Apply the same principle: avoid logging password content or metadata (lengths, encodings) that can persist in logs.

ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_128, options.strPassword.toUtf8().constData());
ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_128, passwordBytes.constData());
} else if (QLatin1String("AES192") == options.strEncryptionMethod) {
ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_192, options.strPassword.toUtf8().constData());
ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_192, passwordBytes.constData());
} else if (QLatin1String("AES256") == options.strEncryptionMethod) {
ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_256, options.strPassword.toUtf8().constData());
ret = zip_file_set_encryption(archive, uindex, ZIP_EM_AES_256, passwordBytes.constData());
}
if (ret != 0) {
emit error(("Failed to set compression options for entry: %1"));
Expand Down
1 change: 1 addition & 0 deletions 3rdparty/libzipplugin/libzipplugin.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,7 @@ class LibzipPlugin : public ReadWriteArchiveInterface
QMap<QString, int> m_mapRealDirValue; // 长文件真实文件统计
QSet<QString> m_setLongName; // 存储被截取之后的文件名称(包含001之类的)
bool m_bLnfs = false; //文件系统是否支持长文件
QByteArray m_passwordData; // 存储编码后的密码数据,确保在压缩过程中保持有效
};

#endif // LIBZIPPLUGIN_H
7 changes: 5 additions & 2 deletions src/source/mainwindow.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1269,8 +1269,11 @@ void MainWindow::slotCompress(const QVariant &val)
// 判断zip格式是否使用了中文加密
bool zipPasswordIsChinese = false;
if ("application/zip" == m_stCompressParameter.strMimeType) {
if (m_stCompressParameter.strPassword.contains(REG_EXP("[\\x4e00-\\x9fa5]+"))) {
zipPasswordIsChinese = true;
for (const QChar &ch : m_stCompressParameter.strPassword) {
if (ch.unicode() >= 0x4E00 && ch.unicode() <= 0x9FA5) {
zipPasswordIsChinese = true;
break;
}
}
}

Expand Down