[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdelibs/kdecore/network
From: Thiago Macieira <thiago () kde ! org>
Date: 2005-04-05 2:05:48
Message-ID: 20050405020548.5F489492 () office ! kde ! org
[Download RAW message or body]
CVS commit by thiago:
Instead of returning the original domain lowercased, rejoin the
multiple parts with periods. In most cases, this won't make a
difference, but IDN spec allows other separators in domain names other
than the dot.
I do not believe this to be a security risk, nor a source of
phishing/scams. Unlike the homograph attack (which prompted this
return to be added in the first place), you cannot create a
near-looking domain with this feature: the domain IS the same.
i.e., www.google.com === www.google。com
CCMAIL:security@kde.org
M +1 -1 kresolver.cpp 1.46
--- kdelibs/kdecore/network/kresolver.cpp #1.45:1.46
@@ -895,5 +895,5 @@ QCString KResolver::domainToAscii(const
// Do we allow IDN names for this TLD?
if (input.count() && !idnDomains->contains(input[input.count()-1].lower()))
- return unicodeDomain.lower().latin1(); // No IDN allowed for this TLD
+ return input.join(".").lower().latin1(); // No IDN allowed for this TLD
// 3) decide whether to enforce the STD3 rules for chars < 0x7F
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic