Commit 410e92a9 authored by chriadam's avatar chriadam

[buteo-sync-plugin-carddav] Sanitize journal output from CalDAV discovery. Contributes to JB#48307

parent 93e781e2
......@@ -320,11 +320,14 @@ void CalDAVDiscovery::requestUserPrincipalUrlFinished()
originalUrl.setPath(discoveryPath);
}
QUrl sanitizedRedirectUrl = redirectUrl;
sanitizedRedirectUrl.setUserName(QString());
sanitizedRedirectUrl.setPassword(QString());
if (originalUrl.path().endsWith(QStringLiteral(".well-known/caldav"))) {
qDebug() << "being redirected from" << originalUrl << "to" << redirectUrl;
qDebug() << "being redirected from" << originalUrl << "to" << sanitizedRedirectUrl;
requestUserPrincipalUrl(redirectUrl.toString());
} else {
qWarning() << "ignoring possibly malicious redirect from" << originalUrl << "to" << redirectUrl;
qWarning() << "ignoring possibly malicious redirect from" << originalUrl << "to" << sanitizedRedirectUrl;
emitError(CurrentUserPrincipalNotFoundError);
}
} else {
......@@ -611,7 +614,8 @@ void CalDAVDiscovery::handleSslErrors(const QList<QSslError> &errors)
void CalDAVDiscovery::emitNetworkReplyError(const QNetworkReply &reply)
{
qWarning() << QString("QNetworkReply error: %1: %2").arg(reply.error()).arg(reply.errorString());
const int httpCode = reply.attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
qDebug() << QString("QNetworkReply error: %1 with HTTP code: %2").arg(reply.error()).arg(httpCode);
switch (reply.error()) {
case QNetworkReply::AuthenticationRequiredError:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment