kdelibs/kdelibs-4.5.5-CVE-2011-1168...

16 lines
829 B
Diff

diff -up kdelibs-4.5.5/khtml/khtml_part.cpp.me kdelibs-4.5.5/khtml/khtml_part.cpp
--- kdelibs-4.5.5/khtml/khtml_part.cpp.me 2011-04-11 16:48:49.000000000 +0200
+++ kdelibs-4.5.5/khtml/khtml_part.cpp 2011-04-11 16:50:27.000000000 +0200
@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
stream >> errorName >> techName >> description >> causes >> solutions;
QString url, protocol, datetime;
- url = Qt::escape( reqUrl.prettyUrl() );
+
+ // This is somewhat confusing, but we have to escape the externally-
+ // controlled URL twice: once for i18n, and once for HTML.
+ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
protocol = reqUrl.protocol();
datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
KLocale::LongDate );