From kde-commits  Fri Jul 04 13:30:32 2003
From: Waldo Bastian <bastian () kde ! org>
Date: Fri, 04 Jul 2003 13:30:32 +0000
To: kde-commits
Subject: KDE_3_0_BRANCH: kdelibs/kioslave/http
X-MARC-Message: https://marc.info/?l=kde-commits&m=105732543924897

CVS commit by waba: 

Sanitize referrer.


  M +25 -12    http.cc   1.470.2.21


--- kdelibs/kioslave/http/http.cc  #1.470.2.20:1.470.2.21
@@ -196,16 +196,29 @@ void HTTPProtocol::resetSessionSettings(
   m_request.window = config()->readEntry("window-id");
 
-  bool sendReferrer = config()->readBoolEntry("SendReferrer", true);
-  if ( sendReferrer )
-     m_request.referrer = metaData("referrer");
-  else
+
      m_request.referrer = QString::null;
+  if ( config()->readBoolEntry("SendReferrer", true) )
+  {
+     KURL referrerURL = metaData("referrer");
+     if (referrerURL.isValid())
+     {
+        // Sanitize
+        QString protocol = referrerURL.protocol();
+        if (protocol.startsWith("webdav"))
+        {
+           protocol.replace(0, 6, "http");
+           referrerURL.setProtocol(protocol);
+        }
      
-  if (!m_request.referrer.startsWith("http"))
+        if ((protocol == "http") || 
+            ((protocol == "https") && ((m_protocol == "https") || (m_protocol == "webdavs")))
+           )
   {
-     if (m_request.referrer.startsWith("webdav"))
-        m_request.referrer.replace(0, 6, "http");
-     else
-        m_request.referrer = QString::null;
+           referrerURL.setRef(QString::null);
+           referrerURL.setUser(QString::null);
+           referrerURL.setPass(QString::null);
+           m_request.referrer = referrerURL.url();
+        }
+     }
   }