[Bug 94812] popup windows from Konqueror have a security bug
Waldo Bastian
bastian at kde.org
Sat Dec 11 07:37:27 GMT 2004
On Friday 10 December 2004 23:24, Giovanni Venturi wrote:
> As I reported to
> http://bugs.kde.org/show_bug.cgi?id=94812
>
> there is a bug in all konqueror 3.x possibly. I tested it on 3.2 and 3.3.2.
> Gianni
Confirmed, need review of attached patches.
The problem is in KonqMainWindow::childView
This tries to find the window/frame. For the frame it uses findFrameParent()
which does domain checks, but for the window it compares view->viewName()
without doing any such checks.
Attached khtml patch is a cruel hack to let findFrameParent return itself,
subject to domain restrictions, if it is a toplevel part and its name matches
the framename.
The konqueror patch moves the findFrameParent check up, and skips the view if
findFrameParent doesn't find the frame.
Cheers,
Waldo
--
bastian at kde.org | Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com | http://www.novell.com/products/desktop/eval.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: khtml_part.diff
Type: text/x-diff
Size: 1376 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20041211/3acc54f0/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: konq_mainwindow.diff
Type: text/x-diff
Size: 1534 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20041211/3acc54f0/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20041211/3acc54f0/attachment.sig>
More information about the kfm-devel
mailing list