Packagers, You might consider hot-patching your kdelibs with this. The code that conceivably might display a user password has been in kdelibs since 2009-07-08 Probably means whatever kdelibs 4.x you are shipping needs this fix.
---------- Forwarded Message ---------- Subject: [kdelibs/KDE/4.10] kioslave/http: Don't show passwords contained in HTTP URLs in error messages Date: Wednesday, May 08, 2013, 11:38:51 PM From: Grégory Oestreicher <g...@kamago.net> To: kde-comm...@kde.org Git commit 65d736dab592bced4410ccfa4699de89f78c96ca by Grégory Oestreicher. Committed on 08/05/2013 at 23:16. Pushed by goestreicher into branch 'KDE/4.10'. Don't show passwords contained in HTTP URLs in error messages BUG: 319428 M +3 -3 kioslave/http/http.cpp http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp index 2d139a9..129fc7b 100644 --- a/kioslave/http/http.cpp +++ b/kioslave/http/http.cpp @@ -3056,7 +3056,7 @@ try_again: ; // Ignore error } else { if (!sendErrorPageNotification()) { - error(ERR_INTERNAL_SERVER, m_request.url.url()); + error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl()); return false; } } @@ -3072,9 +3072,9 @@ try_again: // Tell that we will only get an error page here. if (!sendErrorPageNotification()) { if (m_request.responseCode == 403) - error(ERR_ACCESS_DENIED, m_request.url.url()); + error(ERR_ACCESS_DENIED, m_request.url.prettyUrl()); else - error(ERR_DOES_NOT_EXIST, m_request.url.url()); + error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl()); return false; } } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) { ----------------------------------------- _______________________________________________ release-team mailing list release-team@kde.org https://mail.kde.org/mailman/listinfo/release-team