nixpkgs/pkgs/desktops/kde-4.14/CVE-2014-8600.diff
Vladimír Čunát 15b9626a3d kde: fix CVE-2014-8600 by upstream patches
https://www.kde.org/info/security/advisory-20141113-1.txt
I couldn't find kio-extras, so I hope we don't have it disguised somewhere.
2014-12-10 19:38:50 +01:00

19 lines
564 B
Diff

--- a/kioslave/bookmarks/kio_bookmarks.cpp
+++ b/kioslave/bookmarks/kio_bookmarks.cpp
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <qregexp.h>
+#include <qtextdocument.h>
#include <kapplication.h>
#include <kcmdlineargs.h>
@@ -197,7 +198,7 @@
echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
} else {
echoHead();
- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
+ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
}
finished();
}