summaryrefslogtreecommitdiff
path: root/irc/kvirc/files/patch-svn4693
diff options
context:
space:
mode:
Diffstat (limited to 'irc/kvirc/files/patch-svn4693')
-rw-r--r--irc/kvirc/files/patch-svn4693118
1 files changed, 0 insertions, 118 deletions
diff --git a/irc/kvirc/files/patch-svn4693 b/irc/kvirc/files/patch-svn4693
deleted file mode 100644
index b791afd12b31..000000000000
--- a/irc/kvirc/files/patch-svn4693
+++ /dev/null
@@ -1,118 +0,0 @@
-Index: ./src/modules/dcc/requests.cpp
-===================================================================
---- ./src/modules/dcc/requests.cpp (revision 4417)
-+++ ./src/modules/dcc/requests.cpp (revision 4693)
-@@ -87,5 +87,6 @@
- {
- QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr(), errText);
-- dcc_module_reply_errmsg(dcc,szError);
-+ //since szError contains an user-suppplied string, we simplify it to avoid any kind of injection (bug #858)
-+ dcc_module_reply_errmsg(dcc,szError.simplified());
- }
- }
-Index: ./src/kvirc/sparser/kvi_sp_ctcp.cpp
-===================================================================
---- ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4350)
-+++ ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4693)
-@@ -627,5 +627,5 @@
-
-
--const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks)
-+const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks, bool bSafeOnly)
- {
- //
-@@ -659,15 +659,18 @@
- case '\\':
- // backslash : escape sequence
-- if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin);
-- msg_ptr++;
-- if(*msg_ptr)
-- {
-- // decode the escape
-- msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
-- begin = msg_ptr;
-+ if(bSafeOnly)msg_ptr++;
-+ else {
-+ if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin);
-+ msg_ptr++;
-+ if(*msg_ptr)
-+ {
-+ // decode the escape
-+ msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
-+ begin = msg_ptr;
-+ }
-+ // else it is a senseless trailing backslash.
-+ // Just ignore and let the function
-+ // return spontaneously.
- }
-- // else it is a senseless trailing backslash.
-- // Just ignore and let the function
-- // return spontaneously.
- break;
- case ' ':
-@@ -684,5 +687,5 @@
- break;
- case '"':
-- if(bInString)
-+ if(bInString && !bSafeOnly)
- {
- // A string terminator. We don't return
-@@ -712,5 +715,5 @@
- }
-
--const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks)
-+const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks, bool bSafeOnly)
- {
- //
-@@ -744,13 +747,16 @@
- case '\\':
- // backslash : escape sequence
-- msg_ptr++;
-- if(*msg_ptr)
-- {
-- // decode the escape
-- msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
-+ if(bSafeOnly)msg_ptr++;
-+ else {
-+ msg_ptr++;
-+ if(*msg_ptr)
-+ {
-+ // decode the escape
-+ msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
-+ }
-+ // else it is a senseless trailing backslash.
-+ // Just ignore and let the function
-+ // return spontaneously.
- }
-- // else it is a senseless trailing backslash.
-- // Just ignore and let the function
-- // return spontaneously.
- break;
- case ' ':
-@@ -770,5 +776,5 @@
- break;
- case '"':
-- if(bInString)
-+ if(bInString && !bSafeOnly)
- {
- // A string terminator. We don't return
-@@ -1708,5 +1714,5 @@
- KviDccRequest p;
- KviStr aux = msg->pData;
-- msg->pData = extractCtcpParameter(msg->pData,p.szType);
-+ msg->pData = extractCtcpParameter(msg->pData,p.szType, true, true);
- msg->pData = extractCtcpParameter(msg->pData,p.szParam1);
- msg->pData = extractCtcpParameter(msg->pData,p.szParam2);
-Index: ./src/kvirc/sparser/kvi_sparser.h
-===================================================================
---- ./src/kvirc/sparser/kvi_sparser.h (revision 3958)
-+++ ./src/kvirc/sparser/kvi_sparser.h (revision 4693)
-@@ -261,6 +261,6 @@
- static const char * decodeCtcpEscape(const char * msg_ptr,KviStr &buffer);
- static const char * decodeCtcpEscape(const char * msg_ptr,QByteArray &buffer);
-- static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true);
-- static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true);
-+ static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false);
-+ static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false);
- };
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 10:59:59 +0000