File: CVE-2016-7966_part2.diff

package info (click to toggle)
kdepimlibs 4:4.14.10-11
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 35,856 kB
  • sloc: cpp: 269,391; xml: 4,188; ansic: 2,946; yacc: 1,904; perl: 381; ruby: 60; sh: 60; makefile: 13
file content (27 lines) | stat: -rw-r--r-- 1,145 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -389,7 +389,23 @@ QString LinkLocator::convertToHtml( cons
         bool badUrl = false;
         str = locator.getUrlAndCheckValidHref(&badUrl);
         if (badUrl) {
-            return locator.mText;
+            QString resultBadUrl;
+            const int helperTextSize(locator.mText.count());
+            for (int i = 0; i < helperTextSize; ++i) {
+                const QChar chBadUrl = locator.mText[i];
+                if (chBadUrl == QLatin1Char('&')) {
+                    resultBadUrl += QLatin1String("&amp;");
+                } else if (chBadUrl == QLatin1Char('"')) {
+                    resultBadUrl += QLatin1String("&quot;");
+                } else if (chBadUrl == QLatin1Char('<')) {
+                    resultBadUrl += QLatin1String("&lt;");
+                } else if (chBadUrl == QLatin1Char('>')) {
+                    resultBadUrl += QLatin1String("&gt;");
+                } else {
+                    resultBadUrl += chBadUrl;
+                }
+            }
+            return resultBadUrl;
         }
 
         if ( !str.isEmpty() ) {