[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE/kdebase/runtime/kioslave/man
From: Dirk Mueller <mueller () kde ! org>
Date: 2006-11-07 15:58:54
Message-ID: 1162915134.895457.10012.nullmailer () svn ! kde ! org
[Download RAW message or body]
SVN commit 603021 by mueller:
forwardport fix for XSS issue
M +14 -1 kio_man.cpp
--- trunk/KDE/kdebase/runtime/kioslave/man/kio_man.cpp #603020:603021
@@ -432,6 +432,19 @@
}
#endif
+static QString text2html(const QString& txt)
+{
+ QString reply = txt;
+
+ reply = reply.replace('&', "&");
+ reply = reply.replace('<', "<");
+ reply = reply.replace('>', ">");
+ reply = reply.replace('"', "&dquot;");
+ reply = reply.replace('\'', """);
+ return reply;
+}
+
+
void MANProtocol::get(const KUrl& url )
{
kDebug(7107) << "GET " << url.url() << endl;
@@ -466,7 +479,7 @@
"Be careful that you must take care about upper case and lower case characters!<br>"
"If everything looks correct, then perhaps you need to set a better search path "
"for man pages, be it by the environment variable MANPATH or a matching file "
- "in the directory /etc .", title));
+ "in the directory /etc .", text2html(title)));
pageFound=false;
}
else if (foundPages.count()>1)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic