git » kio-extras.git » commit 748679f

Sanitize input

author Andrea Scarpino
2014-11-14 13:08:23 UTC
committer Andrea Scarpino
2014-11-14 13:08:23 UTC
parent edbc323fc9108f4669e481c8c95120ad16388b4e
Sanitize input
PKGBUILD +8 -3
sanitize-input.patch +31 -0 
diff --git a/PKGBUILD b/PKGBUILD
index 08f67be..9657b81 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 
 pkgname=kio-extras
 pkgver=5.1.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Additional components to increase the functionality of KIO"
 arch=('i686' 'x86_64')
 url='https://projects.kde.org/projects/kde/workspace/kio-extras'
@@ -12,11 +12,16 @@ depends=('kdelibs4support' 'khtml' 'kdnssd' 'libssh' 'smbclient' 'exiv2' 'openex
 makedepends=('extra-cmake-modules' 'kdoctools' 'python')
 options=('!buildflags')
 install="${pkgname}.install"
-source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz")
-md5sums=('831fb9bc8960932233cf6042f6097751')
+source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz"
+        'sanitize-input.patch')
+md5sums=('831fb9bc8960932233cf6042f6097751'
+         '6462465f886decd5c7706d09bc71b2b8')
 
 prepare() {
   mkdir -p build
+
+  cd ${pkgname}-${pkgver}
+  patch -p1 -i "${srcdir}"/sanitize-input.patch
 }
 
 build() {
diff --git a/sanitize-input.patch b/sanitize-input.patch
new file mode 100644
index 0000000..b7a5a18
--- /dev/null
+++ b/sanitize-input.patch
@@ -0,0 +1,31 @@
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu, 13 Nov 2014 12:42:49 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
+---
+Sanitize path
+
+Reviewed at security@kde.org
+---
+
+
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+ 
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+   }
+   finished();
+ }
+