[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: branches/KDE/3.5/kdelibs/kdecore
From: David Faure <faure () kde ! org>
Date: 2007-11-02 11:23:57
Message-ID: 1194002637.004358.26641.nullmailer () svn ! kde ! org
[Download RAW message or body]
SVN commit 731945 by dfaure:
You cannot messup prettyURL in ways that break its definition. Its definition is \
KURL(u.prettyURL()) == u. The security issue has to be fixed in a better way.
BUG: 150973
CCMAIL: mueller@kde.org
M +1 -8 kurl.cpp
M +15 -1 tests/kurltest.cpp
--- branches/KDE/3.5/kdelibs/kdecore/kurl.cpp #731944:731945
@@ -30,7 +30,6 @@
#include <kglobal.h>
#include <kidna.h>
#include <kprotocolinfo.h>
-#include <kstringhandler.h>
#endif
#include <stdio.h>
@@ -1541,13 +1540,7 @@
u += "//";
if ( hasUser() )
{
- QString s = m_strUser;
-#ifndef KDE_QT_ONLY
- // shorten the username, its unlikely to be valid without password anyway
- if (!hasPass())
- s = KStringHandler::csqueeze(s, 16);
-#endif
- u += encode(s, 0, 0);
+ u += encode(m_strUser, 0, 0);
// Don't show password!
u += "@";
}
--- branches/KDE/3.5/kdelibs/kdecore/tests/kurltest.cpp #731944:731945
@@ -92,6 +92,7 @@
check( "KURL::isValid()", emptyURL.isValid() ? "TRUE":"FALSE", "FALSE");
check( "KURL::isEmpty()", emptyURL.isEmpty() ? "TRUE":"FALSE", "TRUE");
check( "prettyURL()", emptyURL.prettyURL(), "");
+ check( "isLocalFile()", emptyURL.isLocalFile()?"TRUE":"FALSE", "FALSE" );
emptyURL = "";
check( "KURL::isMalformed()", emptyURL.isMalformed() ? "TRUE":"FALSE", "TRUE");
@@ -159,6 +160,15 @@
check("KURL::encodedHtmlRef()", url1.ref(), "%6a");
check("KURL::htmlRef()", url1.htmlRef(), "j");
+ KURL dxOffEagle( KURL("http://something/other.html"), "newpage.html?[{\"foo: \
bar\"}]" ); + check("isValid", dxOffEagle.isValid() ? "OK" : "KO", "OK");
+ check("url", dxOffEagle.url(), \
QString("http://something/newpage.html?[{\"foo:%20bar\"}]") ); +
+ KURL javascript( KURL("javascript:window.location+\"__flashplugin_unique__\"") );
+ check("isValid", javascript.isValid() ? "OK" : "KO", "OK");
+ check("url", javascript.url(), \
QString("javascript:window.location+\"__flashplugin_unique__\"") ); +
+
u1 = "file:///home/dfaure/my#myref";
url1 = u1;
check("KURL::url()", url1.url(), "file:///home/dfaure/my#myref");
@@ -288,6 +298,10 @@
check("KURL::prettyURL()", url15582.prettyURL(), \
"http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html"); \
check("KURL::url()", url15582.url(), \
"http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html");
+ KURL longUserName("http://thisisaverylongusername@foobar.com/");
+ check("KURL::prettyURL()", longUserName.prettyURL(), \
"http://thisisaverylongusername@foobar.com/"); + check("KURL(KURL::prettyURL())", \
KURL(longUserName.prettyURL()).url(), "http://thisisaverylongusername@foobar.com/"); \
+ KURL whitespaceInUser("http://google.com%20%20%20@foobar.com/");
check("KURL::prettyURL()", whitespaceInUser.prettyURL(), \
"http://google.com%20%20%20@foobar.com/");
@@ -609,7 +623,7 @@
"www.meinestadt.de&url_plain=http");
check("http: URL with empty path string", waba1.htmlURL(),
"http://www.meinestadt.de&url_plain=http");
-
+
check("http: URL with empty path string", waba1.path(),
"");
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic