Fix QML XmlHttpRequest Insecure Redirection Flaw

Fix the redirection flaw in QML's XmlHttpRequest implementation that is described in http://lists.qt-project.org/pipermail/announce/2012-November/000014.html Change-Id: Idfad4bc5dde6eda8840737c38e85568f3a4c0420 Reviewed-by: Lars Knoll <lars.knoll@digia.com>
author: Richard Moore <rich@kde.org> 2012-11-30 11:16:51 +0000
committer: The Qt Project <gerrit-noreply@qt-project.org> 2012-12-01 00:22:35 +0100
commit: da1f30e36a77dd96d54e8145e402a36c4596be92 (patch)
tree: 87be405e67f0e65de093573d982abab926038b87
parent: 6b54575fb08b31e3f4776ab91d51d541619a1af7 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp
index c289ec5acd..c2a0741529 100644
--- a/src/qml/qml/qqmlxmlhttprequest.cpp
+++ b/src/qml/qml/qqmlxmlhttprequest.cpp
@@ -1338,9 +1338,11 @@ void QQmlXMLHttpRequest::finished()
         QVariant redirect = m_network->attribute(QNetworkRequest::RedirectionTargetAttribute);
         if (redirect.isValid()) {
             QUrl url = m_network->url().resolved(redirect.toUrl());
-            destroyNetwork();
-            requestFromUrl(url);
-            return;
+            if (url.scheme() != QLatin1String("file")) {
+                destroyNetwork();
+                requestFromUrl(url);
+                return;
+            }
         }
     }
author	Richard Moore <rich@kde.org>	2012-11-30 11:16:51 +0000
committer	The Qt Project <gerrit-noreply@qt-project.org>	2012-12-01 00:22:35 +0100
commit	da1f30e36a77dd96d54e8145e402a36c4596be92 (patch)
tree	87be405e67f0e65de093573d982abab926038b87
parent	6b54575fb08b31e3f4776ab91d51d541619a1af7 (diff)