File CVE-2012-5624.diff of Package libqt4

commit 96311def2466dd44de64d77a1c815b22fbf68f71
Author: Richard Moore <rich@kde.org>
Date:   Mon Nov 19 20:48:39 2012 +0000

    Make the rules for redirects a bit stricter.
    
    Change-Id: I7a3cec664aa028202de3d3bda9f499e4deb2998d
    Reviewed-by: Lars Knoll <lars.knoll@digia.com>

--- src/declarative/qml/qdeclarativexmlhttprequest.cpp	2011-08-23 14:02:27.000000000 +0200
+++ src/declarative/qml/qdeclarativexmlhttprequest.cpp	2012-12-27 13:31:12.569067610 +0100
@@ -1269,9 +1269,11 @@
         QVariant redirect = m_network->attribute(QNetworkRequest::RedirectionTargetAttribute);
         if (redirect.isValid()) {
             QUrl url = m_network->url().resolved(redirect.toUrl());
-            destroyNetwork();
-            requestFromUrl(url);
-            return;
+            if (url.scheme().toLower() != QLatin1String("file")) {
+                destroyNetwork();
+                requestFromUrl(url);
+                return;
+            }
         }
     }
Places

File CVE-2012-5624.diff of Package libqt4

Places
