summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'kde-base/kdebase-kioslaves/files/kdebase-kioslaves-CVE-2014-8600.patch')
-rw-r--r--kde-base/kdebase-kioslaves/files/kdebase-kioslaves-CVE-2014-8600.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/kde-base/kdebase-kioslaves/files/kdebase-kioslaves-CVE-2014-8600.patch b/kde-base/kdebase-kioslaves/files/kdebase-kioslaves-CVE-2014-8600.patch
new file mode 100644
index 000000000000..dcb20f8cb1f7
--- /dev/null
+++ b/kde-base/kdebase-kioslaves/files/kdebase-kioslaves-CVE-2014-8600.patch
@@ -0,0 +1,29 @@
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu, 13 Nov 2014 12:29:01 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kde-runtime.git&a=commitdiff&h=d68703900edc8416fbcd2550cd336cbbb76decb9
+---
+Sanitize path
+---
+
+
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@
+ echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+ }
+ finished();
+ }
+