'=?utf-8?q?=5Bkdelibs=5D_kioslave/http=3A_Do_not_show_the_spoofed?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    =?utf-8?q?=5Bkdelibs=5D_kioslave/http=3A_Do_not_show_the_spoofed?=
From:       Dawit Alemayehu <adawit () kde ! org>
Date:       2011-06-19 14:34:50
Message-ID: 20110619143450.9DCC5A60A6 () git ! kde ! org
[Download RAW message or body]

Git commit 80e1df8a7281dadaa3122888acd5c1f0bc74ad43 by Dawit Alemayehu.
Committed on 19/06/2011 at 16:30.
Pushed by adawit into branch 'master'.

Do not show the spoofed warning box when a username is in the URL, but the
request has already been preemtively authenticated. This should address the
last use case that was not accounted for.

CCBUG: 94867

(cherry picked from commit c21ab4d337240dee22dbdc5aad3be038cb01bf15)

M  +10   -4    kioslave/http/http.cpp     

http://commits.kde.org/kdelibs/80e1df8a7281dadaa3122888acd5c1f0bc74ad43

diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
index cf63616..9bbd531 100644
--- a/kioslave/http/http.cpp
+++ b/kioslave/http/http.cpp
@@ -195,11 +195,17 @@ static QString sanitizeCustomHTTPHeader(const QString& _header)
 static bool isPotentialSpoofingAttack(const HTTPProtocol::HTTPRequest& request, \
const KConfigGroup* config)  {
     // kDebug(7113) << request.url << "response code: " << request.responseCode << \
                "previous response code:" << request.prevResponseCode;
-    if (!request.url.user().isEmpty()) {
-        const QString userName = \
                config->readEntry(QLatin1String("LastSpoofedUserName"), QString());
-        return ((userName.isEmpty() || userName != request.url.user()) && \
request.responseCode != 401 && request.prevResponseCode != 401); +    if \
(request.url.user().isEmpty()) { +        return false;
     }
-    return false;
+
+    // We already have cached authentication.
+    if (config->readEntry(QLatin1String("cached-www-auth"), false)) {
+        return false;
+    }
+
+    const QString userName = config->readEntry(QLatin1String("LastSpoofedUserName"), \
QString()); +    return ((userName.isEmpty() || userName != request.url.user()) && \
request.responseCode != 401 && request.prevResponseCode != 401);  }
 
 // for a given response code, conclude if the response is going to/likely to have a \
response body


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic