summaryrefslogtreecommitdiff
path: root/patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff')
-rw-r--r--patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff14
1 files changed, 14 insertions, 0 deletions
diff --git a/patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff b/patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff
new file mode 100644
index 00000000..9a81db70
--- /dev/null
+++ b/patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff
@@ -0,0 +1,14 @@
+--- a/khtml/khtml_part.cpp
++++ b/khtml/khtml_part.cpp
+@@ -1848,7 +1848,10 @@ void KHTMLPart::htmlError( int errorCode
+ stream >> errorName >> techName >> description >> causes >> solutions;
+
+ QString url, protocol, datetime;
+- url = Qt::escape( reqUrl.prettyUrl() );
++
++ // This is somewhat confusing, but we have to escape the externally-
++ // controlled URL twice: once for i18n, and once for HTML.
++ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
+ protocol = reqUrl.protocol();
+ datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
+ KLocale::LongDate );
generated by cgit v1.2.3 (git 2.26.2) at 2023-06-09 08:58:48 +0000