diff options
Diffstat (limited to 'kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch')
-rw-r--r-- | kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch | 117 |
1 files changed, 0 insertions, 117 deletions
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch deleted file mode 100644 index 4fbd5e39ace1..000000000000 --- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch +++ /dev/null @@ -1,117 +0,0 @@ -From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Tue, 11 Oct 2016 11:11:08 +0200 -Subject: [PATCH] Add more autotests - ---- - autotests/ktexttohtmltest.cpp | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index c5690e8..0179a00 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data() - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "https://\"><!--"; - -+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://192.168.1.1:\"><!--"; -+ -+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:\"><!--"; -+ -+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/\"><!--"; -+ -+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/\"><script>alert(1);</script><!--"; - } - - --- -2.7.3 - -From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Tue, 11 Oct 2016 11:40:10 +0200 -Subject: [PATCH] Display bad url - ---- - autotests/ktexttohtmltest.cpp | 14 +++++++++----- - src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++- - 2 files changed, 26 insertions(+), 6 deletions(-) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 0179a00..ccac29a 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data() - //Fix url exploit - QTest::newRow("url-exec-html") << "https://\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://\"><!--"; -+ << "https://"><!--"; - - QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://192.168.1.1:\"><!--"; -+ << "https://192.168.1.1:"><!--"; - - QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:\"><!--"; -+ << "https://<IP>:"><!--"; - - QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:/\"><!--"; -+ << "https://<IP>:/"><!--"; - - QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:/\"><script>alert(1);</script><!--"; -+ << "https://<IP>:/"><script>alert(1);</script><!--"; -+ -+ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2"; - } - - -diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp -index 97c5eab..30e0b5d 100644 ---- a/src/lib/text/ktexttohtml.cpp -+++ b/src/lib/text/ktexttohtml.cpp -@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - bool badUrl = false; - str = helper.getUrl(&badUrl); - if (badUrl) { -- return helper.mText; -+ QString resultBadUrl; -+ const int helperTextSize(helper.mText.count()); -+ for (int i = 0; i < helperTextSize; ++i) { -+ const QChar chBadUrl = helper.mText[i]; -+ if (chBadUrl == QLatin1Char('&')) { -+ resultBadUrl += QLatin1String("&"); -+ } else if (chBadUrl == QLatin1Char('"')) { -+ resultBadUrl += QLatin1String("""); -+ } else if (chBadUrl == QLatin1Char('<')) { -+ resultBadUrl += QLatin1String("<"); -+ } else if (chBadUrl == QLatin1Char('>')) { -+ resultBadUrl += QLatin1String(">"); -+ } else { -+ resultBadUrl += chBadUrl; -+ } -+ } -+ return resultBadUrl; - } - if (!str.isEmpty()) { - QString hyperlink; --- -2.7.3 - |