[kmail2] [Bug 480193] KMail QML HTML injection via --subject and --attach
https://bugs.kde.org/show_bug.cgi?id=480193 Laurent Montel changed: What|Removed |Added CC||mon...@kde.org --- Comment #3 from Laurent Montel --- For subject I fixed it. For attachment, I don't see how I can fix it... -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 451036] attachment: tempfile should be readonly
https://bugs.kde.org/show_bug.cgi?id=451036 Jonathan Marten changed: What|Removed |Added CC||j...@keelhaul.me.uk -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 480193] KMail QML HTML injection via --subject and --attach
https://bugs.kde.org/show_bug.cgi?id=480193 --- Comment #2 from Laurent Montel --- Git commit 3442628448349d1f12d97a28efc397d5e08c3001 by Laurent Montel. Committed on 23/01/2024 at 07:01. Pushed by mlaurent into branch 'master'. Don't insert HTML in subject M +2-2src/editor/kmcomposerwin.cpp https://invent.kde.org/pim/kmail/-/commit/3442628448349d1f12d97a28efc397d5e08c3001 -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 480193] KMail QML HTML injection via --subject and --attach
https://bugs.kde.org/show_bug.cgi?id=480193 --- Comment #1 from Laurent Montel --- Git commit a10fca4cb4d16440db694a9e007186c1230eba69 by Laurent Montel. Committed on 23/01/2024 at 06:59. Pushed by mlaurent into branch 'release/24.02'. Don't insert HTML in subject M +2-2src/editor/kmcomposerwin.cpp https://invent.kde.org/pim/kmail/-/commit/a10fca4cb4d16440db694a9e007186c1230eba69 -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 480193] New: KMail QML HTML injection via --subject and --attach
https://bugs.kde.org/show_bug.cgi?id=480193 Bug ID: 480193 Summary: KMail QML HTML injection via --subject and --attach Classification: Applications Product: kmail2 Version: unspecified Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: composer Assignee: kdepim-bugs@kde.org Reporter: benjaminfle...@icloud.com Target Milestone: --- SUMMARY *** HTML injection into KMail UI afaik not security issue because external image urls are not followed *** STEPS TO REPRODUCE 1. kmail --composer --body '' --attach 'HTML Injection bfhttps://www.spyber.com/sig-25163.png; width="100" height="100" />' 2. kmail --composer --attach 'asdasd HTML Injection @bf ' --subject 'injectkoasdasd' OBSERVED RESULT custom HTML in kmail UI and alert dialogs EXPECTED RESULT no custom HTML in kmail UI SOFTWARE/OS VERSIONS kmail2 5.24.4 (23.08.4) -- You are receiving this mail because: You are the assignee for the bug.
[kaddressbook] [Bug 480163] Feature Regression: execute command for phone number mising
https://bugs.kde.org/show_bug.cgi?id=480163 --- Comment #1 from H.H. --- My own (ugly) workaround for now: - added "x-scheme-handler/tel=twinkle.desktop" to .config/mimeapps.list - modified the twinkle-uri-handler to prepend a zero to the phone number (this would be destroyed on next twinkle update) (before I could add the zero in kaddressbook command line parameter setting) -- You are receiving this mail because: You are the assignee for the bug.
[kaddressbook] [Bug 480163] New: Feature Regression: execute command for phone number mising
https://bugs.kde.org/show_bug.cgi?id=480163 Bug ID: 480163 Summary: Feature Regression: execute command for phone number mising Classification: Applications Product: kaddressbook Version: 5.16.3 Platform: openSUSE OS: Linux Status: REPORTED Severity: major Priority: NOR Component: general Assignee: kdepim-bugs@kde.org Reporter: cyberb...@gmx.de Target Milestone: --- I made a distribution upgrade, and suddenly, when I click on the phone-number in kaddressbook, a dialog for kdeconnect opens, although I expected to execute the previously configured twinkle (IP telephony software) command. The setting (also the settings gui) seems gone. How can I get that back? Is there a workaround? -- You are receiving this mail because: You are the assignee for the bug.
