'KDE_3_1_BRANCH: kdelibs/khtml/html'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    KDE_3_1_BRANCH: kdelibs/khtml/html
From:       George Staikos <staikos () kde ! org>
Date:       2003-04-30 21:26:13
[Download RAW message or body]

CVS commit by staikos: 

backport:
make the post data boundary less predictable
fixes 37648


  M +5 -10     html_formimpl.cpp   1.300.2.6
  M +1 -5      html_formimpl.h   1.129.2.4


--- kdelibs/khtml/html/html_formimpl.cpp  #1.300.2.5:1.300.2.6
@@ -21,5 +21,4 @@
  * Boston, MA 02111-1307, USA.
  *
- * $Id$
  */
 
@@ -51,4 +50,5 @@
 #include <kmimetype.h>
 #include <kmessagebox.h>
+#include <kapplication.h>
 #include <klocale.h>
 #include <netaccess.h>
@@ -77,5 +77,5 @@ HTMLFormElementImpl::HTMLFormElementImpl
     m_inreset = false;
     m_enctype = "application/x-www-form-urlencoded";
-    m_boundary = "----------0xKhTmLbOuNdArY";
+    m_boundary = "----------" + KApplication::randomString( 42 + 13 );
     m_acceptcharset = "UNKNOWN";
 }
@@ -250,5 +250,5 @@ QByteArray HTMLFormElementImpl::formData
                 {
                     QCString hstr("--");
-                    hstr += m_boundary.string().latin1();
+                    hstr += m_boundary.latin1();
                     hstr += "\r\n";
                     hstr += "Content-Disposition: form-data; name=\"";
@@ -304,5 +304,5 @@ QByteArray HTMLFormElementImpl::formData
 
     if (m_multipart)
-        enc_string = ("--" + m_boundary.string() + "--\r\n").ascii();
+        enc_string = ("--" + m_boundary + "--\r\n").ascii();
 
     int old_size = form_data.size();
@@ -334,9 +334,4 @@ void HTMLFormElementImpl::setEnctype( co
 }
 
-void HTMLFormElementImpl::setBoundary( const DOMString& bound )
-{
-    m_boundary = bound;
-}
-
 void HTMLFormElementImpl::submitFromKeyboard()
 {
@@ -414,5 +409,5 @@ void HTMLFormElementImpl::submit(  )
                                       m_target.string(),
                                       enctype().string(),
-                                      boundary().string() );
+                                      m_boundary );
         }
         else {

--- kdelibs/khtml/html/html_formimpl.h  #1.129.2.3:1.129.2.4
@@ -21,5 +21,4 @@
  * Boston, MA 02111-1307, USA.
  *
- * $Id$
  */
 #ifndef HTML_FORMIMPL_H
@@ -73,7 +72,4 @@ public:
     void setEnctype( const DOMString & );
 
-    DOMString boundary() const { return m_boundary; }
-    void setBoundary( const DOMString & );
-
     bool autoComplete() const { return m_autocomplete; }
 
@@ -100,5 +96,5 @@ private:
     DOMString m_target;
     DOMString m_enctype;
-    DOMString m_boundary;
+    QString m_boundary;
     DOMString m_acceptcharset;
     QString m_encCharset;


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic