diff options
Diffstat (limited to 'irc/kvirc/files/patch-svn4693')
-rw-r--r-- | irc/kvirc/files/patch-svn4693 | 118 |
1 files changed, 0 insertions, 118 deletions
diff --git a/irc/kvirc/files/patch-svn4693 b/irc/kvirc/files/patch-svn4693 deleted file mode 100644 index b791afd12b31..000000000000 --- a/irc/kvirc/files/patch-svn4693 +++ /dev/null @@ -1,118 +0,0 @@ -Index: ./src/modules/dcc/requests.cpp -=================================================================== ---- ./src/modules/dcc/requests.cpp (revision 4417) -+++ ./src/modules/dcc/requests.cpp (revision 4693) -@@ -87,5 +87,6 @@ - { - QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr(), errText); -- dcc_module_reply_errmsg(dcc,szError); -+ //since szError contains an user-suppplied string, we simplify it to avoid any kind of injection (bug #858) -+ dcc_module_reply_errmsg(dcc,szError.simplified()); - } - } -Index: ./src/kvirc/sparser/kvi_sp_ctcp.cpp -=================================================================== ---- ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4350) -+++ ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4693) -@@ -627,5 +627,5 @@ - - --const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks) -+const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks, bool bSafeOnly) - { - // -@@ -659,15 +659,18 @@ - case '\\': - // backslash : escape sequence -- if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin); -- msg_ptr++; -- if(*msg_ptr) -- { -- // decode the escape -- msg_ptr = decodeCtcpEscape(msg_ptr,buffer); -- begin = msg_ptr; -+ if(bSafeOnly)msg_ptr++; -+ else { -+ if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin); -+ msg_ptr++; -+ if(*msg_ptr) -+ { -+ // decode the escape -+ msg_ptr = decodeCtcpEscape(msg_ptr,buffer); -+ begin = msg_ptr; -+ } -+ // else it is a senseless trailing backslash. -+ // Just ignore and let the function -+ // return spontaneously. - } -- // else it is a senseless trailing backslash. -- // Just ignore and let the function -- // return spontaneously. - break; - case ' ': -@@ -684,5 +687,5 @@ - break; - case '"': -- if(bInString) -+ if(bInString && !bSafeOnly) - { - // A string terminator. We don't return -@@ -712,5 +715,5 @@ - } - --const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks) -+const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks, bool bSafeOnly) - { - // -@@ -744,13 +747,16 @@ - case '\\': - // backslash : escape sequence -- msg_ptr++; -- if(*msg_ptr) -- { -- // decode the escape -- msg_ptr = decodeCtcpEscape(msg_ptr,buffer); -+ if(bSafeOnly)msg_ptr++; -+ else { -+ msg_ptr++; -+ if(*msg_ptr) -+ { -+ // decode the escape -+ msg_ptr = decodeCtcpEscape(msg_ptr,buffer); -+ } -+ // else it is a senseless trailing backslash. -+ // Just ignore and let the function -+ // return spontaneously. - } -- // else it is a senseless trailing backslash. -- // Just ignore and let the function -- // return spontaneously. - break; - case ' ': -@@ -770,5 +776,5 @@ - break; - case '"': -- if(bInString) -+ if(bInString && !bSafeOnly) - { - // A string terminator. We don't return -@@ -1708,5 +1714,5 @@ - KviDccRequest p; - KviStr aux = msg->pData; -- msg->pData = extractCtcpParameter(msg->pData,p.szType); -+ msg->pData = extractCtcpParameter(msg->pData,p.szType, true, true); - msg->pData = extractCtcpParameter(msg->pData,p.szParam1); - msg->pData = extractCtcpParameter(msg->pData,p.szParam2); -Index: ./src/kvirc/sparser/kvi_sparser.h -=================================================================== ---- ./src/kvirc/sparser/kvi_sparser.h (revision 3958) -+++ ./src/kvirc/sparser/kvi_sparser.h (revision 4693) -@@ -261,6 +261,6 @@ - static const char * decodeCtcpEscape(const char * msg_ptr,KviStr &buffer); - static const char * decodeCtcpEscape(const char * msg_ptr,QByteArray &buffer); -- static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true); -- static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true); -+ static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false); -+ static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false); - }; - |