void-packages/srcpkgs/kdepimlibs/patches/CVE-2016-7966_part2.patch

30 lines
1.1 KiB
Diff

--- kpimutils/linklocator.cpp
+++ kpimutils/linklocator.cpp
@@ -389,7 +389,23 @@
bool badUrl = false;
str = locator.getUrlAndCheckValidHref(&badUrl);
if (badUrl) {
- return locator.mText;
+ QString resultBadUrl;
+ const int helperTextSize(locator.mText.count());
+ for (int i = 0; i < helperTextSize; ++i) {
+ const QChar chBadUrl = locator.mText[i];
+ if (chBadUrl == QLatin1Char('&')) {
+ resultBadUrl += QLatin1String("&amp;");
+ } else if (chBadUrl == QLatin1Char('"')) {
+ resultBadUrl += QLatin1String("&quot;");
+ } else if (chBadUrl == QLatin1Char('<')) {
+ resultBadUrl += QLatin1String("&lt;");
+ } else if (chBadUrl == QLatin1Char('>')) {
+ resultBadUrl += QLatin1String("&gt;");
+ } else {
+ resultBadUrl += chBadUrl;
+ }
+ }
+ return resultBadUrl;
}
if ( !str.isEmpty() ) {