Fwd: [kdelibs/KDE/4.10] kioslave/http: Don't show passwords contained in HTTP URLs in error messages
Allen Winter
winter at kde.org
Wed May 8 23:50:03 UTC 2013
Packagers,
You might consider hot-patching your kdelibs with this.
The code that conceivably might display a user password has been in kdelibs since 2009-07-08
Probably means whatever kdelibs 4.x you are shipping needs this fix.
---------- Forwarded Message ----------
Subject: [kdelibs/KDE/4.10] kioslave/http: Don't show passwords contained in HTTP URLs in error messages
Date: Wednesday, May 08, 2013, 11:38:51 PM
From: Grégory Oestreicher <greg at kamago.net>
To: kde-commits at kde.org
Git commit 65d736dab592bced4410ccfa4699de89f78c96ca by Grégory Oestreicher.
Committed on 08/05/2013 at 23:16.
Pushed by goestreicher into branch 'KDE/4.10'.
Don't show passwords contained in HTTP URLs in error messages
BUG: 319428
M +3 -3 kioslave/http/http.cpp
http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca
diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
index 2d139a9..129fc7b 100644
--- a/kioslave/http/http.cpp
+++ b/kioslave/http/http.cpp
@@ -3056,7 +3056,7 @@ try_again:
; // Ignore error
} else {
if (!sendErrorPageNotification()) {
- error(ERR_INTERNAL_SERVER, m_request.url.url());
+ error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
return false;
}
}
@@ -3072,9 +3072,9 @@ try_again:
// Tell that we will only get an error page here.
if (!sendErrorPageNotification()) {
if (m_request.responseCode == 403)
- error(ERR_ACCESS_DENIED, m_request.url.url());
+ error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
else
- error(ERR_DOES_NOT_EXIST, m_request.url.url());
+ error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
return false;
}
} else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {
-----------------------------------------
More information about the release-team
mailing list