Package: kdepimlibs / 4:4.14.10-11

CVE-2016-7966_part2.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -389,7 +389,23 @@ QString LinkLocator::convertToHtml( cons
         bool badUrl = false;
         str = locator.getUrlAndCheckValidHref(&badUrl);
         if (badUrl) {
-            return locator.mText;
+            QString resultBadUrl;
+            const int helperTextSize(locator.mText.count());
+            for (int i = 0; i < helperTextSize; ++i) {
+                const QChar chBadUrl = locator.mText[i];
+                if (chBadUrl == QLatin1Char('&')) {
+                    resultBadUrl += QLatin1String("&amp;");
+                } else if (chBadUrl == QLatin1Char('"')) {
+                    resultBadUrl += QLatin1String("&quot;");
+                } else if (chBadUrl == QLatin1Char('<')) {
+                    resultBadUrl += QLatin1String("&lt;");
+                } else if (chBadUrl == QLatin1Char('>')) {
+                    resultBadUrl += QLatin1String("&gt;");
+                } else {
+                    resultBadUrl += chBadUrl;
+                }
+            }
+            return resultBadUrl;
         }
 
         if ( !str.isEmpty() ) {