kdelibs3/kdelibs-3.5.x-CVE-2011-3365.patch

112 lines
4.3 KiB
Diff

--- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2007-05-14 09:52:36.000000000 +0200
+++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2011-10-07 20:38:30.000000000 +0200
@@ -253,6 +253,14 @@
layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1);
d->m_layout->addMultiCell(layout, 2, 2, 0, 2);
+ ipl->setTextFormat(Qt::PlainText);
+ urlLabel->setTextFormat(Qt::PlainText);
+ d->_serialNum->setTextFormat(Qt::PlainText);
+ d->_csl->setTextFormat(Qt::PlainText);
+ d->_validFrom->setTextFormat(Qt::PlainText);
+ d->_validUntil->setTextFormat(Qt::PlainText);
+ d->_digest->setTextFormat(Qt::PlainText);
+
displayCert(cert);
}
@@ -400,32 +408,32 @@
if (!(tmp = cert.getValue("O")).isEmpty()) {
label = new QLabel(i18n("Organization:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("OU")).isEmpty()) {
label = new QLabel(i18n("Organizational unit:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("L")).isEmpty()) {
label = new QLabel(i18n("Locality:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("ST")).isEmpty()) {
label = new QLabel(i18n("Federal State","State:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("C")).isEmpty()) {
label = new QLabel(i18n("Country:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("CN")).isEmpty()) {
label = new QLabel(i18n("Common name:"), _frame);
label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
- new QLabel(tmp, _frame);
+ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
}
if (!(tmp = cert.getValue("Email")).isEmpty()) {
label = new QLabel(i18n("Email:"), _frame);
@@ -435,6 +443,7 @@
connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &)));
} else {
label = new QLabel(tmp, _frame);
+ label->setTextFormat(Qt::PlainText);
}
}
if (label && viewport()) {
--- kdelibs-3.5.10/kioslave/http/http.cc 2008-02-13 10:41:06.000000000 +0100
+++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc 2011-10-07 21:09:39.000000000 +0200
@@ -183,6 +183,26 @@
return sanitizedHeaders.stripWhiteSpace();
}
+static QString htmlEscape(const QString &plain)
+{
+ QString rich;
+ rich.reserve(uint(plain.length() * 1.1));
+ for (uint i = 0; i < plain.length(); ++i) {
+ if (plain.at(i) == '<')
+ rich += "&lt;";
+ else if (plain.at(i) == '>')
+ rich += "&gt;";
+ else if (plain.at(i) == '&')
+ rich += "&amp;";
+ else if (plain.at(i) == '"')
+ rich += "&quot;";
+ else
+ rich += plain.at(i);
+ }
+ rich.squeeze();
+ return rich;
+}
+
#define NO_SIZE ((KIO::filesize_t) -1)
@@ -5173,7 +5193,7 @@
info.verifyPath = false;
info.digestInfo = m_strAuthorization;
info.commentLabel = i18n( "Site:" );
- info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strRealm ).arg( m_request.hostname );
+ info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname );
}
}
else if ( m_responseCode == 407 )
@@ -5190,7 +5210,7 @@
info.verifyPath = false;
info.digestInfo = m_strProxyAuthorization;
info.commentLabel = i18n( "Proxy:" );
- info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strProxyRealm ).arg( m_proxyURL.host() );
+ info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() );
}
}
}