Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:lafenghu
kdelibs3
kdelibs-fedora-3.5.x-CVE-2011-3365.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kdelibs-fedora-3.5.x-CVE-2011-3365.patch of Package kdelibs3
--- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2007-05-14 09:52:36.000000000 +0200 +++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2011-10-07 20:38:30.000000000 +0200 @@ -253,6 +253,14 @@ layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1); d->m_layout->addMultiCell(layout, 2, 2, 0, 2); + ipl->setTextFormat(Qt::PlainText); + urlLabel->setTextFormat(Qt::PlainText); + d->_serialNum->setTextFormat(Qt::PlainText); + d->_csl->setTextFormat(Qt::PlainText); + d->_validFrom->setTextFormat(Qt::PlainText); + d->_validUntil->setTextFormat(Qt::PlainText); + d->_digest->setTextFormat(Qt::PlainText); + displayCert(cert); } @@ -400,32 +408,32 @@ if (!(tmp = cert.getValue("O")).isEmpty()) { label = new QLabel(i18n("Organization:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("OU")).isEmpty()) { label = new QLabel(i18n("Organizational unit:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("L")).isEmpty()) { label = new QLabel(i18n("Locality:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("ST")).isEmpty()) { label = new QLabel(i18n("Federal State","State:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("C")).isEmpty()) { label = new QLabel(i18n("Country:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("CN")).isEmpty()) { label = new QLabel(i18n("Common name:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("Email")).isEmpty()) { label = new QLabel(i18n("Email:"), _frame); @@ -435,6 +443,7 @@ connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &))); } else { label = new QLabel(tmp, _frame); + label->setTextFormat(Qt::PlainText); } } if (label && viewport()) { --- kdelibs-3.5.10/kioslave/http/http.cc 2008-02-13 10:41:06.000000000 +0100 +++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc 2011-10-07 21:09:39.000000000 +0200 @@ -183,6 +183,26 @@ return sanitizedHeaders.stripWhiteSpace(); } +static QString htmlEscape(const QString &plain) +{ + QString rich; + rich.reserve(uint(plain.length() * 1.1)); + for (uint i = 0; i < plain.length(); ++i) { + if (plain.at(i) == '<') + rich += "<"; + else if (plain.at(i) == '>') + rich += ">"; + else if (plain.at(i) == '&') + rich += "&"; + else if (plain.at(i) == '"') + rich += """; + else + rich += plain.at(i); + } + rich.squeeze(); + return rich; +} + #define NO_SIZE ((KIO::filesize_t) -1) @@ -5173,7 +5193,7 @@ info.verifyPath = false; info.digestInfo = m_strAuthorization; info.commentLabel = i18n( "Site:" ); - info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strRealm ).arg( m_request.hostname ); + info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname ); } } else if ( m_responseCode == 407 ) @@ -5190,7 +5210,7 @@ info.verifyPath = false; info.digestInfo = m_strProxyAuthorization; info.commentLabel = i18n( "Proxy:" ); - info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strProxyRealm ).arg( m_proxyURL.host() ); + info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() ); } } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor