summaryrefslogtreecommitdiff
path: root/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch')
-rw-r--r--kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch
new file mode 100644
index 000000000000..21108ae1fb6f
--- /dev/null
+++ b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch
@@ -0,0 +1,29 @@
+From 1fd737870f5a9c5bf44ad9fbd153ab4cf44e135d Mon Sep 17 00:00:00 2001
+From: Laurent Montel <montel@kde.org>
+Date: Fri, 23 Nov 2018 07:37:02 +0100
+Subject: [PATCH] Exclude Refresh from MetaData (Not necessary)
+
+---
+ .../src/messagepartthemes/default/defaultrenderer.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp
+index a7ffe824..d5d41cf6 100644
+--- a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp
++++ b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp
+@@ -308,6 +308,12 @@ QString processHtml(const QString &htmlSource, QString &extraHead)
+ return htmlSource;
+ }
+ extraHead = s.mid(startIndex + 6 , endIndex - startIndex - 6);
++
++ //Don't authorize to refresh content.
++ if (s.contains(QStringLiteral("http-equiv=\"REFRESH\""), Qt::CaseInsensitive)) {
++ extraHead.clear();
++ }
++
+ s = s.mid(endIndex + 7).trimmed();
+ }
+
+--
+2.19.2
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 07:13:27 +0000