home:Fisiu:branches:openSUSE:11.4:Contrib/kadu-qt4 -> openSUSE:11.4:Contrib/kadu-qt4
https://build.opensuse.org/request/show/107054
Description: - Security fix: inject js code into history. Fix bnc#749036.
changes files:
--------------
--- kadu.changes
+++ kadu.changes
@@ -1,0 +2,5 @@
+Sun Feb 26 11:36:07 UTC 2012 - fisiu@opensuse.org
+
+- Security fix: inject js code into history. Fix bnc#749036.
+
+-------------------------------------------------------------------
new:
----
kadu-inject-js-into-history-fix.patch
spec files:
-----------
--- kadu.spec
+++ kadu.spec
@@ -26,6 +26,8 @@
Url: http://www.kadu.net/
Group: Productivity/Networking/Instant Messenger
Source0: kadu-0.9.2.tar.bz2
+# PATCH-FIX-UPSTREAM -- kadu-inject-js-into-history-fix.patch -- Rafał Malinowski
+Patch0: kadu-inject-js-into-history-fix.patch
### 1x - External Modules ###
Source10: anonymous_check-0.6.6.1.tar.bz2
Source11: globalhotkeys-0.6.6-22.tar.gz
@@ -239,7 +241,7 @@
ver=${ver:0:2}.${ver:2:1}
sed -e "s:</b><br />: openSUSE $ver</b><br />:" -i kadu-core/gui/windows/about.cpp
# apply patches
-# none atm
+%patch0
%build
%ifarch x86_64
other changes:
--------------
++++++ kadu-inject-js-into-history-fix.patch (new)
--- kadu-inject-js-into-history-fix.patch
+++ kadu-inject-js-into-history-fix.patch
@@ -0,0 +1,131 @@
+Index: kadu-core/gui/widgets/buddy-info-panel.cpp
+===================================================================
+--- kadu-core/gui/widgets/buddy-info-panel.cpp.orig
++++ kadu-core/gui/widgets/buddy-info-panel.cpp
+@@ -52,6 +52,11 @@ BuddyInfoPanel::BuddyInfoPanel(QWidget *
+ setAttribute(Qt::WA_OpaquePaintEvent, false);
+
+ connect(BuddyPreferredManager::instance(), SIGNAL(buddyUpdated(Buddy&)), this, SLOT(buddyUpdated(Buddy&)));
++
++ page()->currentFrame()->evaluateJavaScript(
++ "XMLHttpRequest.prototype.open = function() { return false; };"
++ "XMLHttpRequest.prototype.send = function() { return false; };"
++ );
+ }
+
+ BuddyInfoPanel::~BuddyInfoPanel()
+Index: kadu-core/gui/widgets/chat-messages-view.cpp
+===================================================================
+--- kadu-core/gui/widgets/chat-messages-view.cpp.orig
++++ kadu-core/gui/widgets/chat-messages-view.cpp
+@@ -62,6 +62,11 @@ ChatMessagesView::ChatMessagesView(const
+ settings()->setAttribute(QWebSettings::JavascriptEnabled, true);
+ settings()->setAttribute(QWebSettings::PluginsEnabled, true);
+
++ page()->currentFrame()->evaluateJavaScript(
++ "XMLHttpRequest.prototype.open = function() { return false; };"
++ "XMLHttpRequest.prototype.send = function() { return false; };"
++ );
++
+ connectChat();
+
+ connect(this->page()->mainFrame(), SIGNAL(contentsSizeChanged(const QSize &)), this, SLOT(scrollToBottom()));
+Index: kadu-core/gui/widgets/chat-view-network-access-manager.cpp
+===================================================================
+--- kadu-core/gui/widgets/chat-view-network-access-manager.cpp.orig
++++ kadu-core/gui/widgets/chat-view-network-access-manager.cpp
+@@ -36,6 +36,9 @@ ChatViewNetworkAccessManager::ChatViewNe
+
+ QNetworkReply * ChatViewNetworkAccessManager::createRequest(QNetworkAccessManager::Operation operation, const QNetworkRequest &request, QIODevice *device)
+ {
++ if (QNetworkAccessManager::GetOperation != operation && QNetworkAccessManager::HeadOperation != operation)
++ operation = QNetworkAccessManager::GetOperation;
++
+ if (request.url().scheme() != "kaduimg")
+ return QNetworkAccessManager::createRequest(operation, request, device);
+
+Index: kadu-core/gui/widgets/chat-view-network-access-manager.h
+===================================================================
+--- kadu-core/gui/widgets/chat-view-network-access-manager.h.orig
++++ kadu-core/gui/widgets/chat-view-network-access-manager.h
+@@ -33,6 +33,7 @@ public:
+
+ protected:
+ virtual QNetworkReply * createRequest(Operation operation, const QNetworkRequest &request, QIODevice *device);
++
+ };
+
+ #endif // CHAT_VIEW_NETWORK_ACCESS_MANAGER
+Index: modules/sql_history/storage/history-sql-storage.cpp
+===================================================================
+--- modules/sql_history/storage/history-sql-storage.cpp.orig
++++ modules/sql_history/storage/history-sql-storage.cpp
+@@ -23,6 +23,7 @@
+ */
+
+ #include
++#include
+ #include
+ #include
+
+@@ -991,6 +992,20 @@ void HistorySqlStorage::executeQuery(QSq
+ kdebugm(KDEBUG_INFO, "db query: %s\n", qPrintable(query.executedQuery()));
+ }
+
++QString HistorySqlStorage::stripAllScriptTags(const QString &string)
++{
++ QString beforeReplace = string;
++ QString afterReplace = beforeReplace;
++
++ afterReplace.replace("