From 639dd839afa2fe528027b3138d3d4d254491eef5 Mon Sep 17 00:00:00 2001
From: Jose Carlos Norte <jose@eyeos.org>
Date: Mon, 2 Mar 2009 00:03:21 +0000
Subject: Fixed a security bug in dolphin when handling malformed http urls.

svn path=/trunk/KDE/kdebase/apps/; revision=933947
---
 src/dolphinviewcontainer.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/dolphinviewcontainer.cpp')

diff --git a/src/dolphinviewcontainer.cpp b/src/dolphinviewcontainer.cpp
index 95b16448a..530055370 100644
--- a/src/dolphinviewcontainer.cpp
+++ b/src/dolphinviewcontainer.cpp
@@ -41,6 +41,7 @@
 #include <konqmimedata.h>
 #include <konq_fileitemcapabilities.h>
 #include <konq_operations.h>
+#include <kshell.h>
 #include <kurl.h>
 #include <kurlcombobox.h>
 #include <krun.h>
@@ -406,7 +407,9 @@ void DolphinViewContainer::restoreView(const KUrl& url)
             showErrorMessage(i18nc("@info:status",
                                    "Protocol not supported by Dolphin, Konqueror has been launched"));
         }
-        const QString command = app + ' ' + url.pathOrUrl();
+
+        QString secureUrl = KShell::quoteArg(url.pathOrUrl());
+        const QString command = app + ' ' + secureUrl;
         KRun::runCommand(command, app, app, this);
     } else {
         showErrorMessage(i18nc("@info:status", "Invalid protocol"));
-- 
cgit v1.3