Fix QML XmlHttpRequest Insecure Redirection Flaw

author Richard Moore <rich@kde.org>

Fri, 30 Nov 2012 11:16:51 +0000 (11:16 +0000)

committer The Qt Project <gerrit-noreply@qt-project.org>

Fri, 30 Nov 2012 23:22:35 +0000 (00:22 +0100)
author Richard Moore <rich@kde.org>
Fri, 30 Nov 2012 11:16:51 +0000 (11:16 +0000)
committer The Qt Project <gerrit-noreply@qt-project.org>
Fri, 30 Nov 2012 23:22:35 +0000 (00:22 +0100)
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp

index c289ec5..c2a0741 100644 (file)
--- a/src/qml/qml/qqmlxmlhttprequest.cpp
+++ b/src/qml/qml/qqmlxmlhttprequest.cpp
@@ -1338,9 +1338,11 @@ void QQmlXMLHttpRequest::finished()
          QVariant redirect = m_network->attribute(QNetworkRequest::RedirectionTargetAttribute);
          if (redirect.isValid()) {
              QUrl url = m_network->url().resolved(redirect.toUrl());
-            destroyNetwork();
-            requestFromUrl(url);
-            return;
+            if (url.scheme() != QLatin1String("file")) {
+                destroyNetwork();
+                requestFromUrl(url);
+                return;
+            }
          }
      }
author	Richard Moore <rich@kde.org>
	Fri, 30 Nov 2012 11:16:51 +0000 (11:16 +0000)
committer	The Qt Project <gerrit-noreply@qt-project.org>
	Fri, 30 Nov 2012 23:22:35 +0000 (00:22 +0100)