Blame kdelibs-3.5.10-CVE-2017-6410.patch
|
Kevin Kofler |
ab3d736 |
diff -ur kdelibs-3.5.10/kio/misc/kpac/script.cpp kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp
|
|
Kevin Kofler |
ab3d736 |
--- kdelibs-3.5.10/kio/misc/kpac/script.cpp 2008-02-13 10:41:06.000000000 +0100
|
|
Kevin Kofler |
ab3d736 |
+++ kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp 2017-03-04 18:42:29.638992390 +0100
|
|
Kevin Kofler |
ab3d736 |
@@ -446,10 +446,18 @@
|
|
Kevin Kofler |
ab3d736 |
if (!findObj.isValid() || !findObj.implementsCall())
|
|
Kevin Kofler |
ab3d736 |
throw Error( "No such function FindProxyForURL" );
|
|
Kevin Kofler |
ab3d736 |
|
|
Kevin Kofler |
ab3d736 |
+ KURL cleanUrl = url;
|
|
Kevin Kofler |
ab3d736 |
+ cleanUrl.setPass(QString());
|
|
Kevin Kofler |
ab3d736 |
+ cleanUrl.setUser(QString());
|
|
Kevin Kofler |
ab3d736 |
+ if (cleanUrl.protocol().lower() == "https") {
|
|
Kevin Kofler |
ab3d736 |
+ cleanUrl.setPath(QString());
|
|
Kevin Kofler |
ab3d736 |
+ cleanUrl.setQuery(QString());
|
|
Kevin Kofler |
ab3d736 |
+ }
|
|
Kevin Kofler |
ab3d736 |
+
|
|
Kevin Kofler |
ab3d736 |
Object thisObj;
|
|
Kevin Kofler |
ab3d736 |
List args;
|
|
Kevin Kofler |
ab3d736 |
- args.append(String(url.url()));
|
|
Kevin Kofler |
ab3d736 |
- args.append(String(url.host()));
|
|
Kevin Kofler |
ab3d736 |
+ args.append(String(cleanUrl.url()));
|
|
Kevin Kofler |
ab3d736 |
+ args.append(String(cleanUrl.host()));
|
|
Kevin Kofler |
ab3d736 |
Value retval = findObj.call( exec, thisObj, args );
|
|
Kevin Kofler |
ab3d736 |
|
|
Kevin Kofler |
ab3d736 |
if ( exec->hadException() ) {
|