Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[buteo-sync-plugin-carddav] Sanitize journal output from CalDAV disco…
…very. Contributes to JB#48307
  • Loading branch information
Chris Adams committed Dec 10, 2019
1 parent 93e781e commit 410e92a
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions tools/cdavtool/helpers.cpp
Expand Up @@ -320,11 +320,14 @@ void CalDAVDiscovery::requestUserPrincipalUrlFinished()
originalUrl.setPath(discoveryPath);
}

QUrl sanitizedRedirectUrl = redirectUrl;
sanitizedRedirectUrl.setUserName(QString());
sanitizedRedirectUrl.setPassword(QString());
if (originalUrl.path().endsWith(QStringLiteral(".well-known/caldav"))) {
qDebug() << "being redirected from" << originalUrl << "to" << redirectUrl;
qDebug() << "being redirected from" << originalUrl << "to" << sanitizedRedirectUrl;
requestUserPrincipalUrl(redirectUrl.toString());
} else {
qWarning() << "ignoring possibly malicious redirect from" << originalUrl << "to" << redirectUrl;
qWarning() << "ignoring possibly malicious redirect from" << originalUrl << "to" << sanitizedRedirectUrl;
emitError(CurrentUserPrincipalNotFoundError);
}
} else {
Expand Down Expand Up @@ -611,7 +614,8 @@ void CalDAVDiscovery::handleSslErrors(const QList<QSslError> &errors)

void CalDAVDiscovery::emitNetworkReplyError(const QNetworkReply &reply)
{
qWarning() << QString("QNetworkReply error: %1: %2").arg(reply.error()).arg(reply.errorString());
const int httpCode = reply.attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
qDebug() << QString("QNetworkReply error: %1 with HTTP code: %2").arg(reply.error()).arg(httpCode);

switch (reply.error()) {
case QNetworkReply::AuthenticationRequiredError:
Expand Down

0 comments on commit 410e92a

Please sign in to comment.