nixpkgs/pkgs/desktops/kde-4.14/CVE-2014-8600.diff

--- a/kioslave/bookmarks/kio_bookmarks.cpp
+++ b/kioslave/bookmarks/kio_bookmarks.cpp
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 
 #include <qregexp.h>
+#include <qtextdocument.h>
 
 #include <kapplication.h>
 #include <kcmdlineargs.h>
@@ -197,7 +198,7 @@
     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
   } else {
     echoHead();
-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
+    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
   }
   finished();
 }
kde: fix CVE-2014-8600 by upstream patches https://www.kde.org/info/security/advisory-20141113-1.txt I couldn't find kio-extras, so I hope we don't have it disguised somewhere. 2014-12-10 18:38:50 +00:00			`--- a/kioslave/bookmarks/kio_bookmarks.cpp`
			`+++ b/kioslave/bookmarks/kio_bookmarks.cpp`
			`@@ -22,6 +22,7 @@`
			`#include <stdlib.h>`

			`#include <qregexp.h>`
			`+#include <qtextdocument.h>`

			`#include <kapplication.h>`
			`#include <kcmdlineargs.h>`
			`@@ -197,7 +198,7 @@`
			`echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));`
			`} else {`
			`echoHead();`
			`- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");`
			`+ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");`
			`}`
			`finished();`
			`}`