CVE-2010-1398 fix
This commit is contained in:
parent
a5dc781fae
commit
6d30a55d1e
|
@ -1,6 +1,6 @@
|
|||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-10 21:10:21.197317643 +0200
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-11 16:12:55.750525354 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
#include "ClientRect.h"
|
||||
#include "ClientRectList.h"
|
||||
|
@ -25,7 +25,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
|
|||
|
||||
#if ENABLE(SVG)
|
||||
#include "SVGNames.h"
|
||||
@@ -91,6 +94,51 @@
|
||||
@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData()
|
||||
{
|
||||
return new ElementRareData;
|
||||
}
|
||||
|
@ -77,10 +77,18 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
|
|||
|
||||
PassRefPtr<Node> Element::cloneNode(bool deep)
|
||||
{
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-10 21:09:56.802317368 +0200
|
||||
@@ -89,6 +89,8 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-14 16:54:57.639394749 +0200
|
||||
@@ -28,6 +28,7 @@
|
||||
#include "ContainerNode.h"
|
||||
#include "QualifiedName.h"
|
||||
#include "ScrollTypes.h"
|
||||
+#include "DocumentFragment.h"
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
@@ -89,6 +90,8 @@ public:
|
||||
DEFINE_ATTRIBUTE_EVENT_LISTENER(search);
|
||||
DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart);
|
||||
|
||||
|
@ -89,10 +97,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
|
|||
const AtomicString& getIDAttribute() const;
|
||||
bool hasAttribute(const QualifiedName&) const;
|
||||
const AtomicString& getAttribute(const QualifiedName&) const;
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-10 21:05:12.880192498 +0200
|
||||
@@ -1054,11 +1054,7 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-11 16:12:55.752525451 +0200
|
||||
@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range,
|
||||
|
||||
PassRefPtr<DocumentFragment> createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL)
|
||||
{
|
||||
|
@ -105,10 +113,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/
|
|||
|
||||
if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL())
|
||||
completeURLs(fragment.get(), baseURL);
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-10 21:13:26.701317282 +0200
|
||||
@@ -235,9 +235,9 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-11 16:12:55.753537613 +0200
|
||||
@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const
|
||||
return createMarkup(this);
|
||||
}
|
||||
|
||||
|
@ -120,7 +128,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
if (endTagRequirement() == TagStatusForbidden)
|
||||
return 0;
|
||||
|
||||
@@ -245,47 +245,7 @@
|
||||
@@ -245,47 +245,7 @@ PassRefPtr<DocumentFragment> HTMLElement
|
||||
hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag))
|
||||
return 0;
|
||||
|
||||
|
@ -169,7 +177,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
}
|
||||
|
||||
static inline bool hasOneChild(ContainerNode* node)
|
||||
@@ -371,7 +331,7 @@
|
||||
@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str
|
||||
|
||||
void HTMLElement::setInnerText(const String& text, ExceptionCode& ec)
|
||||
{
|
||||
|
@ -178,7 +186,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
if (endTagRequirement() == TagStatusForbidden) {
|
||||
ec = NO_MODIFICATION_ALLOWED_ERR;
|
||||
return;
|
||||
@@ -441,7 +401,7 @@
|
||||
@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str
|
||||
|
||||
void HTMLElement::setOuterText(const String &text, ExceptionCode& ec)
|
||||
{
|
||||
|
@ -187,7 +195,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
if (endTagRequirement() == TagStatusForbidden) {
|
||||
ec = NO_MODIFICATION_ALLOWED_ERR;
|
||||
return;
|
||||
@@ -469,7 +429,7 @@
|
||||
@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str
|
||||
if (ec)
|
||||
return;
|
||||
|
||||
|
@ -196,7 +204,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
Node* prev = t->previousSibling();
|
||||
if (prev && prev->isTextNode()) {
|
||||
Text* textPrev = static_cast<Text*>(prev);
|
||||
@@ -482,7 +442,7 @@
|
||||
@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str
|
||||
t = textPrev;
|
||||
}
|
||||
|
||||
|
@ -205,7 +213,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
Node* next = t->nextSibling();
|
||||
if (next && next->isTextNode()) {
|
||||
Text* textNext = static_cast<Text*>(next);
|
||||
@@ -522,7 +482,7 @@
|
||||
@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -214,7 +222,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
ec = NOT_SUPPORTED_ERR;
|
||||
return 0;
|
||||
}
|
||||
@@ -530,7 +490,7 @@
|
||||
@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const
|
||||
Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec)
|
||||
{
|
||||
if (!newChild) {
|
||||
|
@ -223,7 +231,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
|
|||
ec = TYPE_MISMATCH_ERR;
|
||||
return 0;
|
||||
}
|
||||
@@ -567,8 +527,8 @@
|
||||
@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe
|
||||
|
||||
void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue