[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Porting KUrl::prettyUrl: please do not reintroduce CVE-2013-2074!
From: Kevin Kofler <kevin.kofler () chello ! at>
Date: 2014-10-17 0:53:25
Message-ID: m1ppa7$4dk$1 () ger ! gmane ! org
[Download RAW message or body]
Hi,
just a small public service announcement: The correct replacement for:
url.prettyUrl()
in Qt 5 is NOT:
url.toString() // BAD!
but:
url.toString(QUrl::RemovePassword)
The old KUrl::prettyUrl() always removed passwords. You DON'T want to show
passwords in user output:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074
(I found this reviewing the initial port of Kompare.)
Thanks for reading,
Kevin Kofler
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic