aboutsummaryrefslogtreecommitdiff
path: root/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp')
-rw-r--r--deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp38
1 files changed, 0 insertions, 38 deletions
diff --git a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
deleted file mode 100644
index 29f035a3c9fc..000000000000
--- a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix for https://www.kde.org/info/security/advisory-20170227-1.txt
---- ktnef/ktnefparser.cpp.orig 2017-03-11 20:23:43 UTC
-+++ ktnef/ktnefparser.cpp
-@@ -40,7 +40,9 @@
-
- #include <QtCore/QDateTime>
- #include <QtCore/QDataStream>
-+#include <QtCore/QDir>
- #include <QtCore/QFile>
-+#include <QtCore/QFileInfo>
- #include <QtCore/QVariant>
- #include <QtCore/QList>
-
-@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt
- bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att,
- const QString &dirname )
- {
-- QString filename = dirname + '/';
-+ const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".."
-+
-+ QString filename = destDir + '/';
- if ( !att->fileName().isEmpty()) {
- filename += att->fileName();
- } else {
-@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract
- if ( !device_->seek( att->offset() ) ) {
- return false;
- }
-+ const QFileInfo fi( filename );
-+ if ( !fi.absoluteFilePath().startsWith( destDir ) ) {
-+ kWarning() << "Attempted extract into" << fi.absoluteFilePath()
-+ << "which is outside of the extraction root folder" << destDir << "."
-+ << "Changing export of contained files to extraction root folder.";
-+ filename = destDir + QLatin1Char( '/' ) + fi.fileName();
-+ }
- KSaveFile outfile( filename );
- if ( !outfile.open() ) {
- return false;
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-22 22:19:57 +0000