Review Request: Catch a bogus username in a url intented to fool a user into visiting a site unintentionally

Dawit Alemayehu adawit at kde.org
Wed May 25 19:14:32 BST 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/101440/
-----------------------------------------------------------

Review request for kdelibs and David Faure.


Summary
-------

The attached KIO HTTP patch adds the same kind of preventative measure as Mozilla to stop a user from being fooled into visiting a site through the "bogus username" trick. For example, http://www.microsoft.com%26item%3Dq209354rexsddiuyjkiuylkuryt2583453453fsesfsdfsfasfdfdsf@www.kde.org/.


This addresses bug 94867.
    http://bugs.kde.org/show_bug.cgi?id=94867


Diffs
-----

  kioslave/http/http.cpp b937856 

Diff: http://git.reviewboard.kde.org/r/101440/diff


Testing
-------

Tested using the links provided in bug report a sample of which is provided in the description area above.


Thanks,

Dawit

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110525/d49e2171/attachment.htm>


More information about the kde-core-devel mailing list