41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
|
From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001
|
||
|
From: Albert Astals Cid <aacid@kde.org>
|
||
|
Date: Tue, 28 Feb 2017 19:00:48 +0100
|
||
|
Subject: [PATCH] Sanitize URLs before passing them to FindProxyForURL
|
||
|
|
||
|
Remove user/password information
|
||
|
For https: remove path and query
|
||
|
|
||
|
Thanks to safebreach.com for reporting the problem
|
||
|
|
||
|
CCMAIL: yoni.fridburg@safebreach.com
|
||
|
CCMAIL: amit.klein@safebreach.com
|
||
|
CCMAIL: itzik.kotler@safebreach.com
|
||
|
---
|
||
|
src/kpac/script.cpp | 11 +++++++++--
|
||
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp
|
||
|
index a0235f7..2485c54 100644
|
||
|
--- a/src/kpac/script.cpp
|
||
|
+++ b/src/kpac/script.cpp
|
||
|
@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ QUrl cleanUrl = url;
|
||
|
+ cleanUrl.setUserInfo(QString());
|
||
|
+ if (cleanUrl.scheme() == QLatin1String("https")) {
|
||
|
+ cleanUrl.setPath(QString());
|
||
|
+ cleanUrl.setQuery(QString());
|
||
|
+ }
|
||
|
+
|
||
|
QScriptValueList args;
|
||
|
- args << url.url();
|
||
|
- args << url.host();
|
||
|
+ args << cleanUrl.url();
|
||
|
+ args << cleanUrl.host();
|
||
|
|
||
|
QScriptValue result = func.call(QScriptValue(), args);
|
||
|
if (result.isError()) {
|