From 62f646f835cbf8d0fa9c12fb0a8f96c489b4e92b Mon Sep 17 00:00:00 2001
From: Francois Andriot <francois.andriot@free.fr>
Date: Sat, 1 Jun 2013 18:08:42 +0200
Subject: Fix security issue when displaying certificate informations
 (CVE-2011-3365) (cherry picked from commit
 a67a48107f8996a6c753fdd02d15e234dbd17ceb)

---
 kio/kssl/ksslinfodlg.cc | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'kio/kssl')

diff --git a/kio/kssl/ksslinfodlg.cc b/kio/kssl/ksslinfodlg.cc
index ae2a4a3ae..cc4f71938 100644
--- a/kio/kssl/ksslinfodlg.cc
+++ b/kio/kssl/ksslinfodlg.cc
@@ -253,6 +253,14 @@ void KSSLInfoDlg::setup(KSSLCertificate *cert,
     layout->addWidget(new TQLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1);
     d->m_layout->addMultiCell(layout, 2, 2, 0, 2);
 
+    ipl->setTextFormat(TQt::PlainText);
+    urlLabel->setTextFormat(TQt::PlainText);
+    d->_serialNum->setTextFormat(TQt::PlainText);
+    d->_csl->setTextFormat(TQt::PlainText);
+    d->_validFrom->setTextFormat(TQt::PlainText);
+    d->_validUntil->setTextFormat(TQt::PlainText);
+    d->_digest->setTextFormat(TQt::PlainText);
+
     displayCert(cert);
 }
 
@@ -400,32 +408,32 @@ void KSSLCertBox::setValues(TQString certName, TQWidget *mailCatcher) {
     if (!(tmp = cert.getValue("O")).isEmpty()) {
         label = new TQLabel(i18n("Organization:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("OU")).isEmpty()) {
         label = new TQLabel(i18n("Organizational unit:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("L")).isEmpty()) {
         label = new TQLabel(i18n("Locality:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("ST")).isEmpty()) {
         label = new TQLabel(i18n("Federal State","State:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("C")).isEmpty()) {
         label = new TQLabel(i18n("Country:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("CN")).isEmpty()) {
         label = new TQLabel(i18n("Common name:"), _frame);
         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
-        new TQLabel(tmp, _frame);
+        (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText);
     }
     if (!(tmp = cert.getValue("Email")).isEmpty()) {
         label = new TQLabel(i18n("Email:"), _frame);
@@ -435,6 +443,7 @@ void KSSLCertBox::setValues(TQString certName, TQWidget *mailCatcher) {
             connect(mail, TQT_SIGNAL(leftClickedURL(const TQString &)), mailCatcher, TQT_SLOT(mailClicked(const TQString &)));
         } else {
             label = new TQLabel(tmp, _frame);
+            label->setTextFormat(TQt::PlainText);
         }
     }
     if (label && viewport()) {
-- 
cgit v1.2.1