Fix QML XmlHttpRequest Insecure Redirection Flaw

Fix the redirection flaw in QML's XmlHttpRequest implementation that is described in http://lists.qt-project.org/pipermail/announce/2012-November/000014.html Change-Id: I5190e63648f4664753003b70c20cb8dbd20ab150 Reviewed-by: Lars Knoll <lars.knoll@digia.com>
author: Richard Moore <rich@kde.org> 2012-11-30 11:21:15 +0000
committer: The Qt Project <gerrit-noreply@qt-project.org> 2012-12-01 08:26:19 +0100
commit: 71bc3a1b01217c692d2604bc9c8d9bea008035ec (patch)
tree: 5f8f1f4594c9d8c7c79909713ebb60a3c08f89d4 /src
parent: 960e961ca1470f0eb2dbacaa69be5f5e464131f4 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/declarative/qml/qdeclarativexmlhttprequest.cpp b/src/declarative/qml/qdeclarativexmlhttprequest.cpp
index 37e73089..bb16a9c1 100644
--- a/src/declarative/qml/qdeclarativexmlhttprequest.cpp
+++ b/src/declarative/qml/qdeclarativexmlhttprequest.cpp
@@ -1269,9 +1269,11 @@ void QDeclarativeXMLHttpRequest::finished()
         QVariant redirect = m_network->attribute(QNetworkRequest::RedirectionTargetAttribute);
         if (redirect.isValid()) {
             QUrl url = m_network->url().resolved(redirect.toUrl());
-            destroyNetwork();
-            requestFromUrl(url);
-            return;
+            if (url.scheme() != QLatin1String("file")) {
+                destroyNetwork();
+                requestFromUrl(url);
+                return;
+            }
         }
     }
author	Richard Moore <rich@kde.org>	2012-11-30 11:21:15 +0000
committer	The Qt Project <gerrit-noreply@qt-project.org>	2012-12-01 08:26:19 +0100
commit	71bc3a1b01217c692d2604bc9c8d9bea008035ec (patch)
tree	5f8f1f4594c9d8c7c79909713ebb60a3c08f89d4 /src
parent	960e961ca1470f0eb2dbacaa69be5f5e464131f4 (diff)