Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch')
-rw-r--r--kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch94
1 files changed, 0 insertions, 94 deletions
diff --git a/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch b/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch
deleted file mode 100644
index b6f278a6b0a4..000000000000
--- a/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 176fee25ca79145ab5c8e2275d248f1a46a8d8cf Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Fri, 30 Sep 2016 15:55:35 +0200
-Subject: [PATCH] Backport avoid to transform as a url when we have a quote
-
----
- kpimutils/linklocator.cpp | 30 +++++++++++++++++++++++++++---
- kpimutils/linklocator.h | 3 ++-
- 2 files changed, 29 insertions(+), 4 deletions(-)
-
-diff --git a/kpimutils/linklocator.cpp b/kpimutils/linklocator.cpp
-index f5d9afd..f30e8fc 100644
---- a/kpimutils/linklocator.cpp
-+++ b/kpimutils/linklocator.cpp
-@@ -95,6 +95,12 @@ int LinkLocator::maxAddressLen() const
-
- QString LinkLocator::getUrl()
- {
-+ return getUrlAndCheckValidHref();
-+}
-+
-+
-+QString LinkLocator::getUrlAndCheckValidHref(bool *badurl)
-+{
- QString url;
- if ( atUrl() ) {
- // NOTE: see http://tools.ietf.org/html/rfc3986#appendix-A and especially appendix-C
-@@ -129,13 +135,26 @@ QString LinkLocator::getUrl()
-
- url.reserve( maxUrlLen() ); // avoid allocs
- int start = mPos;
-+ bool previousCharIsADoubleQuote = false;
- while ( ( mPos < (int)mText.length() ) &&
- ( mText[mPos].isPrint() || mText[mPos].isSpace() ) &&
- ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) ||
- ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) {
- if ( !mText[mPos].isSpace() ) { // skip whitespace
-- url.append( mText[mPos] );
-- if ( url.length() > maxUrlLen() ) {
-+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
-+ //it's an invalid url
-+ if (badurl) {
-+ *badurl = true;
-+ }
-+ return QString();
-+ }
-+ if (mText[mPos] == QLatin1Char('"')) {
-+ previousCharIsADoubleQuote = true;
-+ } else {
-+ previousCharIsADoubleQuote = false;
-+ }
-+ url.append( mText[mPos] );
-+ if ( url.length() > maxUrlLen() ) {
- break;
- }
- }
-@@ -367,7 +386,12 @@ QString LinkLocator::convertToHtml( const QString &plainText, int flags,
- } else {
- const int start = locator.mPos;
- if ( !( flags & IgnoreUrls ) ) {
-- str = locator.getUrl();
-+ bool badUrl = false;
-+ str = locator.getUrlAndCheckValidHref(&badUrl);
-+ if (badUrl) {
-+ return locator.mText;
-+ }
-+
- if ( !str.isEmpty() ) {
- QString hyperlink;
- if ( str.left( 4 ) == QLatin1String("www.") ) {
-diff --git a/kpimutils/linklocator.h b/kpimutils/linklocator.h
-index 3049397..375498d 100644
---- a/kpimutils/linklocator.h
-+++ b/kpimutils/linklocator.h
-@@ -107,6 +107,7 @@ class KPIMUTILS_EXPORT LinkLocator
- @return The URL at the current scan position, or an empty string.
- */
- QString getUrl();
-+ QString getUrlAndCheckValidHref(bool *badurl = 0);
-
- /**
- Attempts to grab an email address. If there is an @ symbol at the
-@@ -155,7 +156,7 @@ class KPIMUTILS_EXPORT LinkLocator
- */
- static QString pngToDataUrl( const QString & iconPath );
-
-- protected:
-+protected:
- /**
- The plaintext string being scanned for URLs and email addresses.
- */
---
-2.7.3
-