[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 115419] MSN does not connect (error 17)
From: Thiago Macieira <thiago () kde ! org>
Date: 2005-11-01 0:52:13
Message-ID: 20051101005213.18650.qmail () ktown ! kde ! org
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=115419
thiago kde org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adawit kde org
------- Additional Comments From thiago kde org 2005-11-01 01:52 -------
It's SVN commit 474301 that broke MSN. Excerpt:
=================
SVN commit 474301 by adawit:
Sanitize custom HTTP headers for safety sake.
M +38 -12 http.cc
--- branches/KDE/3.5/kdelibs/kioslave/http/http.cc #474300:474301
@ -158,7 +158,33 @
return true;
}
+/*
+ Eliminates any custom header that could potentically alter the request
+*/
+static QString sanitizeCustomHTTPHeader(const QString& _header)
+{
+ QString sanitizedHeaders;
+ QStringList headers = QStringList::split("\r\n", _header);
+ for(QStringList::Iterator it = headers.begin(); it != headers.end(); ++it)
+ {
+ QString header = (*it).lower();
+ // Do not allow Request line to be specified and ignore
+ // the other HTTP headers.
+ if (header.find(':') == -1 || header.startsWith("host") ||
+ header.startsWith("authorization") ||
+ header.startsWith("proxy-authorization") ||
+ header.startsWith("via"))
+ continue;
=================
This broke the MSN support because it has to support the non-standard Passport \
authentication. From kopete/protocols/msn/msnsecureloginhandler.cpp:
QString authRequest = "Authorization: Passport1.4 "
"OrgVerb=GET,"
"OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,"
"sign-in=" + KURL::encode_string(m_accountId) +
",pwd=" + KURL::encode_string( m_password ) +
"," + m_authentification + "\r\n";
Dawit, how can we restore the old behaviour?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic