Date: Friday, November 14, 2014 @ 14:08:23 Author: andrea Revision: 226235
upgpkg: kio-extras 5.1.1-2 Sanitize input Added: kio-extras/trunk/sanitize-input.patch Modified: kio-extras/trunk/PKGBUILD ----------------------+ PKGBUILD | 11 ++++++++--- sanitize-input.patch | 31 +++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-11-14 13:03:48 UTC (rev 226234) +++ PKGBUILD 2014-11-14 13:08:23 UTC (rev 226235) @@ -4,7 +4,7 @@ pkgname=kio-extras pkgver=5.1.1 -pkgrel=1 +pkgrel=2 pkgdesc="Additional components to increase the functionality of KIO" arch=('i686' 'x86_64') url='https://projects.kde.org/projects/kde/workspace/kio-extras' @@ -13,11 +13,16 @@ makedepends=('extra-cmake-modules' 'kdoctools' 'python') options=('!buildflags') install="${pkgname}.install" -source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz") -md5sums=('831fb9bc8960932233cf6042f6097751') +source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz" + 'sanitize-input.patch') +md5sums=('831fb9bc8960932233cf6042f6097751' + '6462465f886decd5c7706d09bc71b2b8') prepare() { mkdir -p build + + cd ${pkgname}-${pkgver} + patch -p1 -i "${srcdir}"/sanitize-input.patch } build() { Added: sanitize-input.patch =================================================================== --- sanitize-input.patch (rev 0) +++ sanitize-input.patch 2014-11-14 13:08:23 UTC (rev 226235) @@ -0,0 +1,31 @@ +From: Martin Sandsmark <martin.sandsm...@kde.org> +Date: Thu, 13 Nov 2014 12:42:49 +0000 +Subject: Sanitize path +X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd +--- +Sanitize path + +Reviewed at secur...@kde.org +--- + + +--- a/bookmarks/kio_bookmarks.cpp ++++ b/bookmarks/kio_bookmarks.cpp +@@ -22,6 +22,7 @@ + #include <stdlib.h> + + #include <qregexp.h> ++#include <qtextdocument.h> + #include <qurlquery.h> + + #include <kapplication.h> +@@ -198,7 +199,7 @@ + echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size")); + } else { + echoHead(); +- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>"); ++ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>"); + } + finished(); + } +