diff options
Diffstat (limited to 'kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch')
-rw-r--r-- | kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch new file mode 100644 index 000000000000..f9f398652d95 --- /dev/null +++ b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch @@ -0,0 +1,38 @@ +commit f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 +Author: Albert Astals Cid <aacid@kde.org> +Date: Tue Feb 28 19:00:48 2017 +0100 + + Sanitize URLs before passing them to FindProxyForURL + + Remove user/password information + For https: remove path and query + + Thanks to safebreach.com for reporting the problem + + CCMAIL: yoni.fridburg@safebreach.com + CCMAIL: amit.klein@safebreach.com + CCMAIL: itzik.kotler@safebreach.com + +diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp +index a0235f73..2485c54d 100644 +--- a/src/kpac/script.cpp ++++ b/src/kpac/script.cpp +@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) + } + } + ++ QUrl cleanUrl = url; ++ cleanUrl.setUserInfo(QString()); ++ if (cleanUrl.scheme() == QLatin1String("https")) { ++ cleanUrl.setPath(QString()); ++ cleanUrl.setQuery(QString()); ++ } ++ + QScriptValueList args; +- args << url.url(); +- args << url.host(); ++ args << cleanUrl.url(); ++ args << cleanUrl.host(); + + QScriptValue result = func.call(QScriptValue(), args); + if (result.isError()) { |