Skip to content

FEAT(Client): Add Documentation dialog with official resource links #7144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
FNXDOOM wants to merge 1 commit into
base: master
Choose a base branch
from
Open

FEAT(Client): Add Documentation dialog with official resource links #7144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added mumble_env.x64-windows-static-md.b1fe4a4257.7z
View file
Open in desktop
Copy link
Copy Markdown
Member

@Krzmbrzl Krzmbrzl Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be part of any commit

Copy link
Copy Markdown
Author

@FNXDOOM FNXDOOM Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about that, I'll remove it.

Binary file not shown.
2 changes: 2 additions & 0 deletions src/mumble/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,8 @@ set(MUMBLE_SOURCES
"Database.h"
"DeveloperConsole.cpp"
"DeveloperConsole.h"
"Documentation.cpp"
"Documentation.h"
Comment on lines +148 to +149
Copy link
Copy Markdown
Member

@Krzmbrzl Krzmbrzl Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file names should have Dialog in their name and they should probably be located under widgets.

"EchoCancelOption.cpp"
"EchoCancelOption.h"
"EnumStringConversions.cpp"
Expand Down
41 changes: 41 additions & 0 deletions src/mumble/Documentation.cpp
View file
Open in desktop
Copy link
Copy Markdown
Member

@Krzmbrzl Krzmbrzl Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the benefit of creating a dedicated dialog class for this rather than using a plain QDialog and setting the text accordingly?

Copy link
Copy Markdown
Author

@FNXDOOM FNXDOOM Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, dedicated class isn't really necessary. I can replace it with a plain QDialog set up inline at the call site.

Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// Copyright The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

#include "Documentation.h"

#include <QtWidgets/QPushButton>
#include <QtWidgets/QTextBrowser>
#include <QtWidgets/QVBoxLayout>

DocumentationDialog::DocumentationDialog(QWidget *parent) : QDialog(parent) {
setWindowTitle(tr("Mumble Documentation"));
resize(640, 520);
Copy link
Copy Markdown
Member

@Krzmbrzl Krzmbrzl Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hard-coded sizes are (almost) never a good idea. They will almost certainly break with certain system configurations.


QVBoxLayout *mainLayout = new QVBoxLayout(this);

QTextBrowser *documentationView = new QTextBrowser(this);
documentationView->setReadOnly(true);
documentationView->setOpenExternalLinks(true);
documentationView->setAccessibleName(tr("Documentation links"));
documentationView->setHtml(
tr("<h2>Welcome to Mumble Documentation</h2>"
"<h3>Documentation</h3>"
"<p>You can find official Mumble documentation and support resources below.</p>"
"<p>For new users, start with the <a href=\"https://www.mumble.info/documentation/user/\">User Guide</a>.</p>"
"<p>Configure key bindings with <a href=\"https://www.mumble.info/documentation/user/global-shortcuts/\">Global Shortcuts</a>.</p>"
"<p>Tune your setup with the <a href=\"https://www.mumble.info/documentation/user/audio-settings/\">Audio Settings guide</a>.</p>"
"<p>Browse all topics in <a href=\"https://www.mumble.info/documentation/\">Main Documentation</a>.</p>"
"<h3>Help and Resources</h3>"
"<p>Download the latest release from <a href=\"https://www.mumble.info/downloads/\">Downloads</a>.</p>"
"<p>Report issues or get technical help via <a href=\"https://github.com/mumble-voip/mumble/issues\">GitHub Issues</a>.</p>"
"<p>Read project updates on the <a href=\"https://www.mumble.info/blog/\">Blog</a>.</p>"
"<p>Reach the team through the <a href=\"https://www.mumble.info/contact/\">Contact page</a>.</p>"));
Comment on lines +20 to +34
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify URL-opening patterns and whether scheme validation is applied consistently.
# Expected: this new dialog currently appears with setOpenExternalLinks(true), while
# other call sites show explicit scheme checks.

rg -n -C2 'setOpenExternalLinks\s*\(\s*true\s*\)' --type=cpp
rg -n -C3 'QDesktopServices::openUrl\s*\(' --type=cpp
rg -n -C3 'allowedSchemes|url\.scheme\(\)\s*(!=|==)|contains\s*\(\s*url\.scheme\(\)\s*\)' --type=cpp

Repository: mumble-voip/mumble

Length of output: 12666

Harden external-link handling with a scheme allowlist.

setOpenExternalLinks(true) on line 20 opens any URL scheme without validation, bypassing the stricter scheme checks applied elsewhere in the codebase (e.g., ConnectDialog, MainWindow, Log). Replace with setOpenExternalLinks(false) and connect to anchorClicked to validate only http/https schemes before opening.

Note: About.cpp has the same vulnerability in multiple locations and should be addressed similarly.

Proposed fix 
 `#include` "Documentation.h"
 
+#include <QtCore/QSet>
+#include <QtGui/QDesktopServices>
 `#include` <QtWidgets/QPushButton>
 `#include` <QtWidgets/QTextBrowser>
 `#include` <QtWidgets/QVBoxLayout>
 
 DocumentationDialog::DocumentationDialog(QWidget *parent) : QDialog(parent) {
@@
 	QTextBrowser *documentationView = new QTextBrowser(this);
 	documentationView->setReadOnly(true);
-	documentationView->setOpenExternalLinks(true);
+	documentationView->setOpenExternalLinks(false);
+	connect(documentationView, &QTextBrowser::anchorClicked, this, [](const QUrl &url) {
+		static const QSet< QString > allowedSchemes = {
+			QStringLiteral("http"),
+			QStringLiteral("https"),
+		};
+
+		if (!url.isRelative() && allowedSchemes.contains(url.scheme())) {
+			QDesktopServices::openUrl(url);
+		}
+	});
 	documentationView->setAccessibleName(tr("Documentation links"));
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/mumble/Documentation.cpp` around lines 20 - 34, The documentationView
currently calls documentationView->setOpenExternalLinks(true) which allows any
URL scheme to be opened; change this to
documentationView->setOpenExternalLinks(false) and connect documentationView's
anchorClicked signal to a handler (e.g., onDocumentationAnchorClicked) that
inspects the QUrl scheme and only calls QDesktopServices::openUrl for "http" or
"https" schemes (otherwise reject/log the URL); apply the same pattern to the
analogous code in About.cpp.


QPushButton *okButton = new QPushButton(tr("OK"), this);
connect(okButton, SIGNAL(clicked()), this, SLOT(accept()));
Copy link
Copy Markdown
Member

@Krzmbrzl Krzmbrzl Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should use the type-safe overload that takes function pointers and doesn't require the SIGNAL and SLOT macro.


mainLayout->addWidget(documentationView);
mainLayout->addWidget(okButton);
}
20 changes: 20 additions & 0 deletions src/mumble/Documentation.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
// Copyright The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

#ifndef MUMBLE_MUMBLE_DOCUMENTATION_H_
#define MUMBLE_MUMBLE_DOCUMENTATION_H_

#include <QtWidgets/QDialog>

class DocumentationDialog : public QDialog {
private:
Q_OBJECT
Q_DISABLE_COPY(DocumentationDialog)

public:
explicit DocumentationDialog(QWidget *parent = nullptr);
};

#endif
10 changes: 10 additions & 0 deletions src/mumble/MainWindow.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
#include "Connection.h"
#include "Database.h"
#include "DeveloperConsole.h"
#include "Documentation.h"
#include "Log.h"
#include "MumbleConstants.h"
#include "Net.h"
Expand Down Expand Up @@ -2874,6 +2875,10 @@ void MainWindow::on_qaHelpAboutQt_triggered() {
openAboutQtDialog();
}

void MainWindow::on_qaHelpDocumentation_triggered() {
openDocumentationDialog();
}

void MainWindow::on_qaHelpVersionCheck_triggered() {
versionCheck();
}
Expand Down Expand Up @@ -4271,6 +4276,11 @@ void MainWindow::openAboutQtDialog() {
QMessageBox::aboutQt(this, tr("About Qt"));
}

void MainWindow::openDocumentationDialog() {
DocumentationDialog documentationDialog(this);
documentationDialog.exec();
}

void MainWindow::versionCheck() {
new VersionCheck(false, this);
}
Expand Down
2 changes: 2 additions & 0 deletions src/mumble/MainWindow.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,7 @@ public slots:
void on_qaHelpWhatsThis_triggered();
void on_qaHelpAbout_triggered();
void on_qaHelpAboutQt_triggered();
void on_qaHelpDocumentation_triggered();
void on_qaHelpVersionCheck_triggered();
void on_qaQuit_triggered();
void on_qteChat_tabPressed();
Expand Down Expand Up @@ -477,6 +478,7 @@ public slots:
void enableAudioTTS(bool enable);
void openAboutDialog();
void openAboutQtDialog();
void openDocumentationDialog();
void versionCheck();
void enablePositionalAudio(bool enable);
};
Expand Down
12 changes: 12 additions & 0 deletions src/mumble/MainWindow.ui
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
<string>&amp;Help</string>
</property>
<addaction name="qaHelpWhatsThis"/>
<addaction name="qaHelpDocumentation"/>
<addaction name="separator"/>
<addaction name="qaHelpAbout"/>
<addaction name="qaHelpAboutQt"/>
Expand Down Expand Up @@ -738,6 +739,17 @@ the channel's context menu.</string>
<enum>QAction::AboutQtRole</enum>
</property>
</action>
<action name="qaHelpDocumentation">
<property name="text">
<string>&amp;Documentation</string>
</property>
<property name="toolTip">
<string>Open links to official Mumble documentation resources</string>
</property>
<property name="whatsThis">
<string>Shows official Mumble documentation and support links.</string>
</property>
</action>
<action name="qaHelpVersionCheck">
<property name="text">
<string>Check for &amp;Updates</string>
Expand Down
Loading