From 6aaaea77a86d238a99586927ba741c58879f37a3 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 14 Nov 2009 15:32:45 +0000 Subject: [PATCH] unused-patch --- ...-4.3.3-oCERT-2009-015-xmlhttprequest.patch | 120 ------------------ 1 file changed, 120 deletions(-) delete mode 100644 kdelibs-4.3.3-oCERT-2009-015-xmlhttprequest.patch diff --git a/kdelibs-4.3.3-oCERT-2009-015-xmlhttprequest.patch b/kdelibs-4.3.3-oCERT-2009-015-xmlhttprequest.patch deleted file mode 100644 index 3c9dc71..0000000 --- a/kdelibs-4.3.3-oCERT-2009-015-xmlhttprequest.patch +++ /dev/null @@ -1,120 +0,0 @@ -Index: khtml/ecma/xmlhttprequest.cpp -=================================================================== ---- khtml/ecma/xmlhttprequest.cpp (revision 1035538) -+++ khtml/ecma/xmlhttprequest.cpp (revision 1035539) -@@ -49,7 +49,7 @@ - - using namespace KJS; - using namespace DOM; --// -+// - ////////////////////// XMLHttpRequest Object //////////////////////// - - /* Source for XMLHttpRequestProtoTable. -@@ -269,7 +269,7 @@ - static bool canSetRequestHeader(const QString& name) - { - static QSet forbiddenHeaders; -- -+ - if (forbiddenHeaders.isEmpty()) { - static const char* hdrs[] = { - "accept-charset", -@@ -298,12 +298,12 @@ - "transfer-encoding", - "unlock", - "upgrade", -- "via" -+ "via" - }; - for (size_t i = 0; i < sizeof(hdrs)/sizeof(char*); ++i) - forbiddenHeaders.insert(CaseInsensitiveString(hdrs[i])); - } -- -+ - return !forbiddenHeaders.contains(name); - } - -@@ -326,9 +326,9 @@ - - XMLHttpRequest::~XMLHttpRequest() - { -- if (onLoadListener) -+ if (onLoadListener) - onLoadListener->deref(); -- if (onReadyStateChangeListener) -+ if (onReadyStateChangeListener) - onReadyStateChangeListener->deref(); - delete qObject; - qObject = 0; -@@ -412,18 +412,19 @@ - return; - } - -+ const QString protocol = url.protocol().toLower(); -+ // Abandon the request when the protocol is other than "http", -+ // instead of blindly doing a KIO::get on other protocols like file:/. -+ if (!protocol.startsWith(QLatin1String("http")) && -+ !protocol.startsWith(QLatin1String("webdav"))) -+ { -+ ec = DOMException::INVALID_ACCESS_ERR; -+ abort(); -+ return; -+ } -+ - if (method == "post") { -- QString protocol = url.protocol().toLower(); - -- // Abondon the request when the protocol is other than "http", -- // instead of blindly changing it to a "get" request. -- if (!protocol.startsWith(QLatin1String("http")) && -- !protocol.startsWith(QLatin1String("webdav"))) -- { -- abort(); -- return; -- } -- - // FIXME: determine post encoding correctly by looking in headers - // for charset. - QByteArray buf = _body.toUtf8(); -@@ -580,7 +581,7 @@ - ec = DOMException::INVALID_STATE_ERR; - return jsString(""); - } -- -+ - // ### test error flag, return jsNull - - if (responseHeaders.isEmpty()) { -@@ -809,7 +810,7 @@ - setDOMException(exec, ec); - return ret; - } -- case XMLHttpRequest::GetResponseHeader: -+ case XMLHttpRequest::GetResponseHeader: - { - if (args.size() < 1) - return throwError(exec, SyntaxError, "Not enough arguments"); -@@ -852,11 +853,11 @@ - DOM::NodeImpl* docNode = toNode(args[0]); - if (docNode && docNode->isDocumentNode()) { - DOM::DocumentImpl *doc = static_cast(docNode); -- -+ - try { - body = doc->toString().string(); - // FIXME: also need to set content type, including encoding! -- -+ - } catch(DOM::DOMException&) { - return throwError(exec, GeneralError, "Exception serializing document"); - } -@@ -866,7 +867,7 @@ - } - - request->send(body, ec); -- setDOMException(exec, ec); -+ setDOMException(exec, ec); - return jsUndefined(); - } - case XMLHttpRequest::SetRequestHeader: