abef251c79
since the last patch for CVE-2016-7966 did not fix the vulnerability entirely according to the information released by the KDE project, this commit adds the second patch released to fix CVE-2016-7966.
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
--- kpimutils/linklocator.cpp
|
|
+++ kpimutils/linklocator.cpp
|
|
@@ -389,7 +389,23 @@
|
|
bool badUrl = false;
|
|
str = locator.getUrlAndCheckValidHref(&badUrl);
|
|
if (badUrl) {
|
|
- return locator.mText;
|
|
+ QString resultBadUrl;
|
|
+ const int helperTextSize(locator.mText.count());
|
|
+ for (int i = 0; i < helperTextSize; ++i) {
|
|
+ const QChar chBadUrl = locator.mText[i];
|
|
+ if (chBadUrl == QLatin1Char('&')) {
|
|
+ resultBadUrl += QLatin1String("&");
|
|
+ } else if (chBadUrl == QLatin1Char('"')) {
|
|
+ resultBadUrl += QLatin1String(""");
|
|
+ } else if (chBadUrl == QLatin1Char('<')) {
|
|
+ resultBadUrl += QLatin1String("<");
|
|
+ } else if (chBadUrl == QLatin1Char('>')) {
|
|
+ resultBadUrl += QLatin1String(">");
|
|
+ } else {
|
|
+ resultBadUrl += chBadUrl;
|
|
+ }
|
|
+ }
|
|
+ return resultBadUrl;
|
|
}
|
|
|
|
if ( !str.isEmpty() ) {
|
|
|
|
|