|
Kevin Kofler |
d8e5e67 |
diff -ur kdelibs-3.5.10/kioslave/http/http.cc kdelibs-3.5.10-CVE-2013-2074/kioslave/http/http.cc
|
|
Kevin Kofler |
d8e5e67 |
--- kdelibs-3.5.10/kioslave/http/http.cc 2008-02-13 10:41:06.000000000 +0100
|
|
Kevin Kofler |
d8e5e67 |
+++ kdelibs-3.5.10-CVE-2013-2074/kioslave/http/http.cc 2013-05-14 17:54:42.000000000 +0200
|
|
Kevin Kofler |
d8e5e67 |
@@ -288,7 +288,7 @@
|
|
Kevin Kofler |
d8e5e67 |
m_bUseProxy = m_proxyURL.isValid();
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
kdDebug(7113) << "(" << m_pid << ") Using proxy: " << m_bUseProxy <<
|
|
Kevin Kofler |
d8e5e67 |
- " URL: " << m_proxyURL.url() <<
|
|
Kevin Kofler |
d8e5e67 |
+ " URL: " << m_proxyURL.prettyURL() <<
|
|
Kevin Kofler |
d8e5e67 |
" Realm: " << m_strProxyRealm << endl;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
@@ -458,7 +458,7 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
bool HTTPProtocol::checkRequestURL( const KURL& u )
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug (7113) << "(" << m_pid << ") HTTPProtocol::checkRequestURL: " << u.url() << endl;
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug (7113) << "(" << m_pid << ") HTTPProtocol::checkRequestURL: " << u.prettyURL() << endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
m_request.url = u;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
@@ -640,7 +640,7 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
void HTTPProtocol::listDir( const KURL& url )
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::listDir " << url.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::listDir " << url.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if ( !checkRequestURL( url ) )
|
|
Kevin Kofler |
d8e5e67 |
@@ -807,7 +807,7 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
void HTTPProtocol::davGeneric( const KURL& url, KIO::HTTP_METHOD method )
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::davGeneric " << url.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::davGeneric " << url.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if ( !checkRequestURL( url ) )
|
|
Kevin Kofler |
d8e5e67 |
@@ -1206,7 +1206,7 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
void HTTPProtocol::mkdir( const KURL& url, int )
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::mkdir " << url.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::mkdir " << url.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if ( !checkRequestURL( url ) )
|
|
Kevin Kofler |
d8e5e67 |
@@ -1228,7 +1228,7 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
void HTTPProtocol::get( const KURL& url )
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::get " << url.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::get " << url.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if ( !checkRequestURL( url ) )
|
|
Kevin Kofler |
d8e5e67 |
@@ -1543,8 +1543,10 @@
|
|
Kevin Kofler |
d8e5e67 |
callError = true;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
+ // Huh? This looks like inverted logic to me (it doesn't make sense to me as
|
|
Kevin Kofler |
d8e5e67 |
+ // written), but I'm only fixing the CVE now. -- Kevin Kofler
|
|
Kevin Kofler |
d8e5e67 |
if ( !url.isNull() )
|
|
Kevin Kofler |
d8e5e67 |
- url = m_request.url.url();
|
|
Kevin Kofler |
d8e5e67 |
+ url = m_request.url.prettyURL();
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
QString action, errorString;
|
|
Kevin Kofler |
d8e5e67 |
KIO::Error kError;
|
|
Kevin Kofler |
d8e5e67 |
@@ -1840,7 +1842,7 @@
|
|
Kevin Kofler |
d8e5e67 |
if ( !checkRequestURL( url ) )
|
|
Kevin Kofler |
d8e5e67 |
continue;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::multi_get " << url.url() << endl;
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") HTTPProtocol::multi_get " << url.prettyURL() << endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
m_request.method = HTTP_GET;
|
|
Kevin Kofler |
d8e5e67 |
m_request.path = url.path();
|
|
Kevin Kofler |
d8e5e67 |
@@ -2212,12 +2214,12 @@
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if (bCacheOnly)
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- error( ERR_DOES_NOT_EXIST, m_request.url.url() );
|
|
Kevin Kofler |
d8e5e67 |
+ error( ERR_DOES_NOT_EXIST, m_request.url.prettyURL() );
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
if (bOffline)
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- error( ERR_COULD_NOT_CONNECT, m_request.url.url() );
|
|
Kevin Kofler |
d8e5e67 |
+ error( ERR_COULD_NOT_CONNECT, m_request.url.prettyURL() );
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
@@ -2891,7 +2893,7 @@
|
|
Kevin Kofler |
d8e5e67 |
errorPage();
|
|
Kevin Kofler |
d8e5e67 |
else
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- error(ERR_INTERNAL_SERVER, m_request.url.url());
|
|
Kevin Kofler |
d8e5e67 |
+ error(ERR_INTERNAL_SERVER, m_request.url.prettyURL());
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
@@ -2931,7 +2933,7 @@
|
|
Kevin Kofler |
d8e5e67 |
errorPage();
|
|
Kevin Kofler |
d8e5e67 |
else
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- error(ERR_DOES_NOT_EXIST, m_request.url.url());
|
|
Kevin Kofler |
d8e5e67 |
+ error(ERR_DOES_NOT_EXIST, m_request.url.prettyURL());
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
m_request.bCachedWrite = false; // Don't put in cache
|
|
Kevin Kofler |
d8e5e67 |
@@ -3584,7 +3586,7 @@
|
|
Kevin Kofler |
d8e5e67 |
KURL u(m_request.url, locationStr);
|
|
Kevin Kofler |
d8e5e67 |
if(!u.isValid())
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
- error(ERR_MALFORMED_URL, u.url());
|
|
Kevin Kofler |
d8e5e67 |
+ error(ERR_MALFORMED_URL, u.prettyURL());
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
if ((u.protocol() != "http") && (u.protocol() != "https") &&
|
|
Kevin Kofler |
d8e5e67 |
@@ -3592,7 +3594,7 @@
|
|
Kevin Kofler |
d8e5e67 |
(u.protocol() != "webdavs"))
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
redirection(u);
|
|
Kevin Kofler |
d8e5e67 |
- error(ERR_ACCESS_DENIED, u.url());
|
|
Kevin Kofler |
d8e5e67 |
+ error(ERR_ACCESS_DENIED, u.prettyURL());
|
|
Kevin Kofler |
d8e5e67 |
return false;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
@@ -3613,10 +3615,10 @@
|
|
Kevin Kofler |
d8e5e67 |
sendMetaData();
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") request.url: " << m_request.url.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") request.url: " << m_request.url.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl << "LocationStr: " << locationStr.data() << endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") Requesting redirection to: " << u.url()
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") Requesting redirection to: " << u.prettyURL()
|
|
Kevin Kofler |
d8e5e67 |
<< endl;
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
// If we're redirected to a http:// url, remember that we're doing webdav...
|
|
Kevin Kofler |
d8e5e67 |
@@ -3832,7 +3834,7 @@
|
|
Kevin Kofler |
d8e5e67 |
if (!m_request.fcache)
|
|
Kevin Kofler |
d8e5e67 |
{
|
|
Kevin Kofler |
d8e5e67 |
m_request.bCachedWrite = false; // Error creating cache entry.
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") Error creating cache entry for " << m_request.url.url()<<"!\n";
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") Error creating cache entry for " << m_request.url.prettyURL()<<"!\n";
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
m_request.expireDate = expireDate;
|
|
Kevin Kofler |
d8e5e67 |
m_maxCacheSize = config()->readNumEntry("MaxCacheSize", DEFAULT_MAX_CACHE_SIZE) / 2;
|
|
Kevin Kofler |
d8e5e67 |
@@ -3840,11 +3842,11 @@
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|
|
Kevin Kofler |
d8e5e67 |
if (m_request.bCachedWrite && !m_strMimeType.isEmpty())
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") Cache, adding \"" << m_request.url.url() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") Cache, adding \"" << m_request.url.prettyURL() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
else if (m_request.bCachedWrite && m_strMimeType.isEmpty())
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") Cache, pending \"" << m_request.url.url() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") Cache, pending \"" << m_request.url.prettyURL() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
else
|
|
Kevin Kofler |
d8e5e67 |
- kdDebug(7113) << "(" << m_pid << ") Cache, not adding \"" << m_request.url.url() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
+ kdDebug(7113) << "(" << m_pid << ") Cache, not adding \"" << m_request.url.prettyURL() << "\"" << endl;
|
|
Kevin Kofler |
d8e5e67 |
return true;
|
|
Kevin Kofler |
d8e5e67 |
}
|
|
Kevin Kofler |
d8e5e67 |
|