LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File kdelibs-fedora-3.5.x-CVE-2011-3365.patch of Package kdelibs3 (Project KDE:KDE3)

--- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc	2007-05-14 09:52:36.000000000 +0200
+++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc	2011-10-07 20:38:30.000000000 +0200
@@ -253,6 +253,14 @@ 
     layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1);
     d->m_layout->addMultiCell(layout, 2, 2, 0, 2);
 
+    ipl->setTextFormat(Qt::PlainText);
+    urlLabel->setTextFormat(Qt::PlainText);
+    d->_serialNum->setTextFormat(Qt::PlainText);
+    d->_csl->setTextFormat(Qt::PlainText);
+    d->_validFrom->setTextFormat(Qt::PlainText);
+    d->_validUntil->setTextFormat(Qt::PlainText);
+    d->_digest->setTextFormat(Qt::PlainText);
+
     displayCert(cert);
 }
 
@@ -400,32 +408,32 @@ 
     if (!(tmp = cert.getValue("O")).isEmpty()) {
         label = new QLabel(i18n("Organization:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("OU")).isEmpty()) {
         label = new QLabel(i18n("Organizational unit:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("L")).isEmpty()) {
         label = new QLabel(i18n("Locality:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("ST")).isEmpty()) {
         label = new QLabel(i18n("Federal State","State:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("C")).isEmpty()) {
         label = new QLabel(i18n("Country:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("CN")).isEmpty()) {
         label = new QLabel(i18n("Common name:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new QLabel(tmp, _frame);
+        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
     }
     if (!(tmp = cert.getValue("Email")).isEmpty()) {
         label = new QLabel(i18n("Email:"), _frame);
@@ -435,6 +443,7 @@ 
             connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &)));
         } else {
             label = new QLabel(tmp, _frame);
+            label->setTextFormat(Qt::PlainText);
         }
     }
     if (label && viewport()) {
--- kdelibs-3.5.10/kioslave/http/http.cc	2008-02-13 10:41:06.000000000 +0100
+++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc	2011-10-07 21:09:39.000000000 +0200
@@ -183,6 +183,26 @@
   return sanitizedHeaders.stripWhiteSpace();
 }
 
+static QString htmlEscape(const QString &plain)
+{
+    QString rich;
+    rich.reserve(uint(plain.length() * 1.1));
+    for (uint i = 0; i < plain.length(); ++i) {
+        if (plain.at(i) == '<')
+            rich += "&lt;";
+        else if (plain.at(i) == '>')
+            rich += "&gt;";
+        else if (plain.at(i) == '&')
+            rich += "&amp;";
+        else if (plain.at(i) == '"')
+            rich += "&quot;";
+        else
+            rich += plain.at(i);
+    }
+    rich.squeeze();
+    return rich;
+}
+
 
 #define NO_SIZE		((KIO::filesize_t) -1)
 
@@ -5173,7 +5193,7 @@
       info.verifyPath = false;
       info.digestInfo = m_strAuthorization;
       info.commentLabel = i18n( "Site:" );
-      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strRealm ).arg( m_request.hostname );
+      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname );
     }
   }
   else if ( m_responseCode == 407 )
@@ -5190,7 +5210,7 @@
       info.verifyPath = false;
       info.digestInfo = m_strProxyAuthorization;
       info.commentLabel = i18n( "Proxy:" );
-      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strProxyRealm ).arg( m_proxyURL.host() );
+      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() );
     }
   }
 }