Fix security issue CVE-2017-6410

[taken from RedHat kdelibs patches] Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
6 years ago · a3b86c2690
parent aa83c86cd3
commit a3b86c2690
1 changed files with 10 additions and 2 deletions
--- a/tdeio/misc/kpac/script.cpp
+++ b/tdeio/misc/kpac/script.cpp
@ -446,10 +446,18 @@ namespace KPAC
 	if (!findObj.isValid() || !findObj.implementsCall())
 	  throw Error( "No such function FindProxyForURL" );

+        KURL cleanUrl = url;
+        cleanUrl.setPass(QString());
+        cleanUrl.setUser(QString());
+        if (cleanUrl.protocol().lower() == "https") {
+            cleanUrl.setPath(QString());
+            cleanUrl.setQuery(QString());
+        }
+
 	Object thisObj;
 	List args;
-	args.append(String(url.url()));
-	args.append(String(url.host()));
+	args.append(String(cleanUrl.url()));
+	args.append(String(cleanUrl.host()));
 	Value retval = findObj.call( exec, thisObj, args );

 	if ( exec->hadException() ) {