Review Request: Catch a bogus username in a url intented to fool a user into visiting a site unintentionally

Albert Astals Cid tsdgeos at terra.es
Wed May 25 22:32:06 BST 2011



> On May 25, 2011, 9:31 p.m., Albert Astals Cid wrote:
> > kioslave/http/http.cpp, line 4334
> > <http://git.reviewboard.kde.org/r/101440/diff/1/?file=18043#file18043line4334>
> >
> >     You are not using i18nc correctly, you need to have the parameters inside the call, not use arg

Obviously i did not mean this line but the one above


- Albert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/101440/#review3530
-----------------------------------------------------------


On May 25, 2011, 6:14 p.m., Dawit Alemayehu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/101440/
> -----------------------------------------------------------
> 
> (Updated May 25, 2011, 6:14 p.m.)
> 
> 
> Review request for kdelibs and David Faure.
> 
> 
> Summary
> -------
> 
> The attached KIO HTTP patch adds the same kind of preventative measure as Mozilla to stop a user from being fooled into visiting a site through the "bogus username" trick. For example, http://www.microsoft.com%26item%3Dq209354rexsddiuyjkiuylkuryt2583453453fsesfsdfsfasfdfdsf@www.kde.org/.
> 
> 
> This addresses bug 94867.
>     http://bugs.kde.org/show_bug.cgi?id=94867
> 
> 
> Diffs
> -----
> 
>   kioslave/http/http.cpp b937856 
> 
> Diff: http://git.reviewboard.kde.org/r/101440/diff
> 
> 
> Testing
> -------
> 
> Tested using the links provided in bug report a sample of which is provided in the description area above.
> 
> 
> Thanks,
> 
> Dawit
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110525/f49e770f/attachment.htm>


More information about the kde-core-devel mailing list