'[Bug 115419] MSN does not connect (error 17)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 115419] MSN does not connect (error 17)
From:       Thiago Macieira <thiago () kde ! org>
Date:       2005-11-01 0:52:13
Message-ID: 20051101005213.18650.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=115419         
thiago kde org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adawit kde org



------- Additional Comments From thiago kde org  2005-11-01 01:52 -------
It's SVN commit 474301 that broke MSN. Excerpt:

=================
SVN commit 474301 by adawit:

Sanitize custom HTTP headers for safety sake.

 M  +38 -12    http.cc  
--- branches/KDE/3.5/kdelibs/kioslave/http/http.cc #474300:474301
 @ -158,7 +158,33  @
   return true;
 }
 
+/*
+  Eliminates any custom header that could potentically alter the request
+*/
+static QString sanitizeCustomHTTPHeader(const QString& _header)
+{
+  QString sanitizedHeaders;
+  QStringList headers = QStringList::split("\r\n", _header);
 
+  for(QStringList::Iterator it = headers.begin(); it != headers.end(); ++it)
+  {
+    QString header = (*it).lower();
+    // Do not allow Request line to be specified and ignore
+    // the other HTTP headers.
+    if (header.find(':') == -1 || header.startsWith("host") ||
+        header.startsWith("authorization") ||
+        header.startsWith("proxy-authorization") ||
+        header.startsWith("via"))
+      continue;
=================

This broke the MSN support because it has to support the non-standard Passport \
authentication. From kopete/protocols/msn/msnsecureloginhandler.cpp:

QString authRequest = "Authorization: Passport1.4 "
                      "OrgVerb=GET,"
                      "OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,"
                      "sign-in=" + KURL::encode_string(m_accountId) +
                      ",pwd=" + KURL::encode_string( m_password ) +
                      "," + m_authentification + "\r\n";

Dawit, how can we restore the old behaviour?


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic