25 lines
937 B
Diff
25 lines
937 B
Diff
|
diff -ur kdelibs-3.5.10/kio/misc/kpac/script.cpp kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp
|
||
|
--- kdelibs-3.5.10/kio/misc/kpac/script.cpp 2008-02-13 10:41:06.000000000 +0100
|
||
|
+++ kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp 2017-03-04 18:42:29.638992390 +0100
|
||
|
@@ -446,10 +446,18 @@
|
||
|
if (!findObj.isValid() || !findObj.implementsCall())
|
||
|
throw Error( "No such function FindProxyForURL" );
|
||
|
|
||
|
+ KURL cleanUrl = url;
|
||
|
+ cleanUrl.setPass(QString());
|
||
|
+ cleanUrl.setUser(QString());
|
||
|
+ if (cleanUrl.protocol().lower() == "https") {
|
||
|
+ cleanUrl.setPath(QString());
|
||
|
+ cleanUrl.setQuery(QString());
|
||
|
+ }
|
||
|
+
|
||
|
Object thisObj;
|
||
|
List args;
|
||
|
- args.append(String(url.url()));
|
||
|
- args.append(String(url.host()));
|
||
|
+ args.append(String(cleanUrl.url()));
|
||
|
+ args.append(String(cleanUrl.host()));
|
||
|
Value retval = findObj.call( exec, thisObj, args );
|
||
|
|
||
|
if ( exec->hadException() ) {
|