File kadu-inject-js-into-history-fix.patch of Package kadu-qt4

Overview Repositories Revisions Requests Users Attributes Meta

File kadu-inject-js-into-history-fix.patch of Package kadu-qt4

Index: kadu-core/gui/widgets/buddy-info-panel.cpp
===================================================================
--- kadu-core/gui/widgets/buddy-info-panel.cpp.orig
+++ kadu-core/gui/widgets/buddy-info-panel.cpp
@@ -52,6 +52,11 @@ BuddyInfoPanel::BuddyInfoPanel(QWidget *
 	setAttribute(Qt::WA_OpaquePaintEvent, false);
 
 	connect(BuddyPreferredManager::instance(), SIGNAL(buddyUpdated(Buddy&)), this, SLOT(buddyUpdated(Buddy&)));
+
+	page()->currentFrame()->evaluateJavaScript(
+		"XMLHttpRequest.prototype.open = function() { return false; };"
+		"XMLHttpRequest.prototype.send = function() { return false; };"
+	);
 }
 
 BuddyInfoPanel::~BuddyInfoPanel()
Index: kadu-core/gui/widgets/chat-messages-view.cpp
===================================================================
--- kadu-core/gui/widgets/chat-messages-view.cpp.orig
+++ kadu-core/gui/widgets/chat-messages-view.cpp
@@ -62,6 +62,11 @@ ChatMessagesView::ChatMessagesView(const
 	settings()->setAttribute(QWebSettings::JavascriptEnabled, true);
 	settings()->setAttribute(QWebSettings::PluginsEnabled, true);
 
+	page()->currentFrame()->evaluateJavaScript(
+		"XMLHttpRequest.prototype.open = function() { return false; };"
+		"XMLHttpRequest.prototype.send = function() { return false; };"
+	);
+
 	connectChat();
 
 	connect(this->page()->mainFrame(), SIGNAL(contentsSizeChanged(const QSize &)), this, SLOT(scrollToBottom()));
Index: kadu-core/gui/widgets/chat-view-network-access-manager.cpp
===================================================================
--- kadu-core/gui/widgets/chat-view-network-access-manager.cpp.orig
+++ kadu-core/gui/widgets/chat-view-network-access-manager.cpp
@@ -36,6 +36,9 @@ ChatViewNetworkAccessManager::ChatViewNe
 
 QNetworkReply * ChatViewNetworkAccessManager::createRequest(QNetworkAccessManager::Operation operation, const QNetworkRequest &request, QIODevice *device)
 {
+	if (QNetworkAccessManager::GetOperation != operation && QNetworkAccessManager::HeadOperation != operation)
+		operation = QNetworkAccessManager::GetOperation;
+
 	if (request.url().scheme() != "kaduimg")
 		return QNetworkAccessManager::createRequest(operation, request, device);
 
Index: kadu-core/gui/widgets/chat-view-network-access-manager.h
===================================================================
--- kadu-core/gui/widgets/chat-view-network-access-manager.h.orig
+++ kadu-core/gui/widgets/chat-view-network-access-manager.h
@@ -33,6 +33,7 @@ public:
 
 protected:
 	virtual QNetworkReply * createRequest(Operation operation, const QNetworkRequest &request, QIODevice *device);
+
 };
 
 #endif // CHAT_VIEW_NETWORK_ACCESS_MANAGER
Index: modules/sql_history/storage/history-sql-storage.cpp
===================================================================
--- modules/sql_history/storage/history-sql-storage.cpp.orig
+++ modules/sql_history/storage/history-sql-storage.cpp
@@ -23,6 +23,7 @@
  */
 
 #include <QtCore/QDir>
+#include <QtGui/QTextDocument>
 #include <QtSql/QSqlError>
 #include <QtSql/QSqlRecord>
 
@@ -991,6 +992,20 @@ void HistorySqlStorage::executeQuery(QSq
 	kdebugm(KDEBUG_INFO, "db query: %s\n", qPrintable(query.executedQuery()));
 }
 
+QString HistorySqlStorage::stripAllScriptTags(const QString &string)
+{
+	QString beforeReplace = string;
+	QString afterReplace = beforeReplace;
+
+	afterReplace.replace("<script", "", Qt::CaseInsensitive);
+	while (beforeReplace != afterReplace)
+	{
+		beforeReplace = afterReplace;
+		afterReplace.replace("<script", "", Qt::CaseInsensitive);
+	}
+
+	return afterReplace;
+}
 
 QList<Message> HistorySqlStorage::messagesFromQuery(QSqlQuery &query)
 {
@@ -1014,7 +1029,7 @@ QList<Message> HistorySqlStorage::messag
 		message.setMessageChat(chat);
 		message.setType(type);
 		message.setMessageSender(sender);
-		message.setContent(query.value(2).toString());
+		message.setContent(stripAllScriptTags(query.value(2).toString()));
 		message.setSendDate(query.value(3).toDateTime());
 		message.setReceiveDate(query.value(4).toDateTime());
 		message.setStatus(outgoing ? Message::StatusDelivered : Message::StatusReceived);
@@ -1038,7 +1053,7 @@ QList<TimedStatus> HistorySqlStorage::st
 
 		Status status;
 		status.setType(query.value(1).toString());
-		status.setDescription(query.value(2).toString());
+		status.setDescription(Qt::escape(query.value(2).toString()));
 
 		TimedStatus timedStatus(status, query.value(3).toDateTime());
 
@@ -1059,7 +1074,7 @@ QList<Message> HistorySqlStorage::smsFro
 		message.setType(Message::TypeSystem);
 		message.setReceiveDate(query.value(1).toDateTime());
 		message.setSendDate(query.value(1).toDateTime());
-		message.setContent(query.value(0).toString());
+		message.setContent(Qt::escape(query.value(0).toString()));
 
 		messages.append(message);
 	}
Index: modules/sql_history/storage/history-sql-storage.h
===================================================================
--- modules/sql_history/storage/history-sql-storage.h.orig
+++ modules/sql_history/storage/history-sql-storage.h
@@ -60,6 +60,8 @@ class HistorySqlStorage : public History
 	QString chatWhere(const Chat &chat);
 	QString buddyContactsWhere(const Buddy &buddy);
 
+	static QString stripAllScriptTags(const QString &string);
+
 	void executeQuery(QSqlQuery &query);
 	QList<Message> messagesFromQuery(QSqlQuery &query);
 	QList<TimedStatus> statusesFromQuery(QSqlQuery query);

Places

File kadu-inject-js-into-history-fix.patch of Package kadu-qt4

Places