4b33531050
Added sanitize_path.patch from upstream, CVE-2014-8600 OBS-URL: https://build.opensuse.org/request/show/261513 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kio-extras5?expand=0&rev=13
32 lines
830 B
Diff
32 lines
830 B
Diff
From: Martin Sandsmark <martin.sandsmark@kde.org>
|
|
Date: Thu, 13 Nov 2014 12:42:49 +0000
|
|
Subject: Sanitize path
|
|
X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
|
|
---
|
|
Sanitize path
|
|
|
|
Reviewed at security@kde.org
|
|
---
|
|
|
|
|
|
--- a/bookmarks/kio_bookmarks.cpp
|
|
+++ b/bookmarks/kio_bookmarks.cpp
|
|
@@ -22,6 +22,7 @@
|
|
#include <stdlib.h>
|
|
|
|
#include <qregexp.h>
|
|
+#include <qtextdocument.h>
|
|
#include <qurlquery.h>
|
|
|
|
#include <kapplication.h>
|
|
@@ -198,7 +199,7 @@
|
|
echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
|
|
} else {
|
|
echoHead();
|
|
- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
|
|
+ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
|
|
}
|
|
finished();
|
|
}
|
|
|