aboutsummaryrefslogtreecommitdiff
path: root/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
diff options
context:
space:
mode:
Diffstat (limited to 'x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave')
-rw-r--r--x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave16
1 files changed, 16 insertions, 0 deletions
diff --git a/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave b/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
new file mode 100644
index 000000000000..0024b941e34d
--- /dev/null
+++ b/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
@@ -0,0 +1,16 @@
+--- ./kioslave/info/info.cc 2009/10/02 15:51:26 1030578
++++ ./kioslave/info/info.cc 2009/10/02 15:53:30 1030579
+@@ -89,6 +89,13 @@
+ return;
+ }
+
++ // '<' in the path looks suspicious, someone is trying info:/dir/<script>alert('xss')</script>
++ if (url.path().contains('<'))
++ {
++ error(KIO::ERR_DOES_NOT_EXIST, url.url());
++ return;
++ }
++
+ mimeType("text/html");
+ // extract the path and node from url
+ decodeURL( url );
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 13:23:51 +0000