[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: =?utf-8?q?=5Bkdelibs=5D_kioslave/http=3A_Do_not_show_the_spoofed?=
From: Dawit Alemayehu <adawit () kde ! org>
Date: 2011-06-19 14:34:50
Message-ID: 20110619143450.9DCC5A60A6 () git ! kde ! org
[Download RAW message or body]
Git commit 80e1df8a7281dadaa3122888acd5c1f0bc74ad43 by Dawit Alemayehu.
Committed on 19/06/2011 at 16:30.
Pushed by adawit into branch 'master'.
Do not show the spoofed warning box when a username is in the URL, but the
request has already been preemtively authenticated. This should address the
last use case that was not accounted for.
CCBUG: 94867
(cherry picked from commit c21ab4d337240dee22dbdc5aad3be038cb01bf15)
M +10 -4 kioslave/http/http.cpp
http://commits.kde.org/kdelibs/80e1df8a7281dadaa3122888acd5c1f0bc74ad43
diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
index cf63616..9bbd531 100644
--- a/kioslave/http/http.cpp
+++ b/kioslave/http/http.cpp
@@ -195,11 +195,17 @@ static QString sanitizeCustomHTTPHeader(const QString& _header)
static bool isPotentialSpoofingAttack(const HTTPProtocol::HTTPRequest& request, \
const KConfigGroup* config) {
// kDebug(7113) << request.url << "response code: " << request.responseCode << \
"previous response code:" << request.prevResponseCode;
- if (!request.url.user().isEmpty()) {
- const QString userName = \
config->readEntry(QLatin1String("LastSpoofedUserName"), QString());
- return ((userName.isEmpty() || userName != request.url.user()) && \
request.responseCode != 401 && request.prevResponseCode != 401); + if \
(request.url.user().isEmpty()) { + return false;
}
- return false;
+
+ // We already have cached authentication.
+ if (config->readEntry(QLatin1String("cached-www-auth"), false)) {
+ return false;
+ }
+
+ const QString userName = config->readEntry(QLatin1String("LastSpoofedUserName"), \
QString()); + return ((userName.isEmpty() || userName != request.url.user()) && \
request.responseCode != 401 && request.prevResponseCode != 401); }
// for a given response code, conclude if the response is going to/likely to have a \
response body
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic