Dr Konqi still misbehaving - advice needed

Ian Wadham iandw.au at gmail.com
Sun Nov 30 05:26:19 GMT 2014


Hi Thomas,

Thank you very much for your help.

On 30/11/2014, at 10:19 AM, Thomas Lübking wrote:
> On Samstag, 29. November 2014 22:13:30 CEST, Ian Wadham wrote:
>> IOW, can I offer that as a workaround until we can release your fix?  Or does BKO leave stale cookies in the jar?
> 
> Had a stale cookie there, might have been added by rekonq or konqueror (i usually used qupzilla lately)
> After kicking that (kcmshell4 cookies) the token login worked as well.
> 
> DrKonqi added another cookie ("Bugzilla_login_request_cookie"), but that is no harm (did a third invalid bug report)
> 
> Logging in with konqueror adds a second cookie ("Bugzilla_login") which expires 2038 and is among the ones I deleted before. I strongly believe that this will break it again, but won't risk to spam another bug for that purpose.
> 
> Sum up:
> -------
> a) Password login works with 4.4.6 (at least bugs.kde.org version) and is robust against stale cookies in kcookiejar
> b) getting rid of bugs.kde.org cookies fixes token security, but
> c) web login via kio_http (or anything making use of kcookiejar) will (most likely) re-add a bad cookie
> 
> => Since telling users to delete bugs.kde.org cookies on bugreporting is no viable solution, I'd propose to either go for passwod logins or unleash the cookie monster on all cookied from the bugzilla domain. (KCookieJar has a promising "eatCookie*" function set, but I'd have to look up how to access the global cookie jar.

I have posted a short bulletin about this on https://bugs.kde.org/show_bug.cgi?id=337742#c54

I will polish up your fix and commit a patch to KDE 4 kde-runtime master.

Do I need to do a reviewboard on that?  I hope not… :-(

I will also pass on the good word to Hrvoje, to amend his KF5 patch.

*************************************************************************************
Lastly, how and when is a new KDE 4 kde-runtime patch likely to be released?
Albert?
*************************************************************************************

>> You mean you added a spurious report to the live BKO DB?  Tsk, tsk… :-)
> One? Three! - By now ;-)
> But I promised to do no more, so please don't make me a liar =)

You are supposed to use bugstest.kde.org, by changing 2 lines in
drkonqi/drkonqi_globals.h…

Cheers, Ian W.





More information about the kde-core-devel mailing list