summaryrefslogtreecommitdiffstats
path: root/kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
blob: d05e44b830bd1381aececaecc5563eb4a46234e1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
commit 9ca2b26fc67c3f921e1943c1725fca623e395854
Author: David Faure <faure@kde.org>
Date:   Thu Jun 30 23:43:45 2011 +0200

    Security fix: don't interpret html tags
    
    Credits to Tim Brown for the find.
    (cherry picked from commit bd70d4e589711fda9ab07738c46e37eee8376214)

diff --git a/kio/kssl/ksslcertificatebox.cpp b/kio/kssl/ksslcertificatebox.cpp
index 4ffc613..094787a 100644
--- a/kio/kssl/ksslcertificatebox.cpp
+++ b/kio/kssl/ksslcertificatebox.cpp
@@ -36,6 +36,10 @@ KSslCertificateBox::KSslCertificateBox(QWidget *parent)
    d(new KSslCertificateBoxPrivate())
 {
     d->ui.setupUi(this);
+    // No fooling us with html tags
+    Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
+        label->setTextFormat(Qt::PlainText);
+    }
 }