summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch')
-rw-r--r--kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch117
1 files changed, 0 insertions, 117 deletions
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch
deleted file mode 100644
index 4fbd5e39ace..00000000000
--- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Tue, 11 Oct 2016 11:11:08 +0200
-Subject: [PATCH] Add more autotests
-
----
- autotests/ktexttohtmltest.cpp | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index c5690e8..0179a00 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
- << "https://\"><!--";
-
-+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://192.168.1.1:\"><!--";
-+
-+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://<IP>:\"><!--";
-+
-+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://<IP>:/\"><!--";
-+
-+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://<IP>:/\"><script>alert(1);</script><!--";
- }
-
-
---
-2.7.3
-
-From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Tue, 11 Oct 2016 11:40:10 +0200
-Subject: [PATCH] Display bad url
-
----
- autotests/ktexttohtmltest.cpp | 14 +++++++++-----
- src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++-
- 2 files changed, 26 insertions(+), 6 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 0179a00..ccac29a 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
- //Fix url exploit
- QTest::newRow("url-exec-html") << "https://\"><!--"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-- << "https://\"><!--";
-+ << "https://&quot;&gt;&lt;!--";
-
- QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-- << "https://192.168.1.1:\"><!--";
-+ << "https://192.168.1.1:&quot;&gt;&lt;!--";
-
- QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-- << "https://<IP>:\"><!--";
-+ << "https://&lt;IP&gt;:&quot;&gt;&lt;!--";
-
- QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-- << "https://<IP>:/\"><!--";
-+ << "https://&lt;IP&gt;:/&quot;&gt;&lt;!--";
-
- QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-- << "https://<IP>:/\"><script>alert(1);</script><!--";
-+ << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--";
-+
-+ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--\nTest2";
- }
-
-
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index 97c5eab..30e0b5d 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- bool badUrl = false;
- str = helper.getUrl(&badUrl);
- if (badUrl) {
-- return helper.mText;
-+ QString resultBadUrl;
-+ const int helperTextSize(helper.mText.count());
-+ for (int i = 0; i < helperTextSize; ++i) {
-+ const QChar chBadUrl = helper.mText[i];
-+ if (chBadUrl == QLatin1Char('&')) {
-+ resultBadUrl += QLatin1String("&amp;");
-+ } else if (chBadUrl == QLatin1Char('"')) {
-+ resultBadUrl += QLatin1String("&quot;");
-+ } else if (chBadUrl == QLatin1Char('<')) {
-+ resultBadUrl += QLatin1String("&lt;");
-+ } else if (chBadUrl == QLatin1Char('>')) {
-+ resultBadUrl += QLatin1String("&gt;");
-+ } else {
-+ resultBadUrl += chBadUrl;
-+ }
-+ }
-+ return resultBadUrl;
- }
- if (!str.isEmpty()) {
- QString hyperlink;
---
-2.7.3
-