x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

--- ./kioslave/info/info.cc	2009/10/02 15:51:26	1030578
+++ ./kioslave/info/info.cc	2009/10/02 15:53:30	1030579
@@ -89,6 +89,13 @@
         return;
     }
 
+    // '<' in the path looks suspicious, someone is trying info:/dir/<script>alert('xss')</script>
+    if (url.path().contains('<'))
+    {
+        error(KIO::ERR_DOES_NOT_EXIST, url.url());
+        return;
+    }
+
     mimeType("text/html");
     // extract the path and node from url
     decodeURL( url );