FISH: Security fix backport from KDE

"Only store password in KWallet if the user asked for it"
d813cef3ce

Author:  David Faure
Licence: GPLv2

This mitigates CVE-2020-12755.

Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
(cherry picked from commit d59c8ee79f)

tdeioslave/fish/fish.cpp

@@ -570,7 +570,9 @@ int fishProtocol::establishConnection(char *buffer, TDEIO::fileoffset_t len) {
             infoMessage(i18n("Initiating protocol..."));
             if (!connectionAuth.password.isEmpty()) {
                 connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1);
-                cacheAuthentication(connectionAuth);
+                if (connectionAuth.keepPassword) {
+                    cacheAuthentication(connectionAuth);
+                }
             }
             isLoggedIn = true;
             return 0;