From 3c7b0419cf7edf5f72284f660ce41980453a8c38 Mon Sep 17 00:00:00 2001
From: Ivailo Monev <xakepa10@gmail.com>
Date: Sat, 1 Jun 2024 03:49:39 +0300
Subject: [PATCH] kioslave: do not redirect to URL that shows the password from
 curl slave

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
---
 kioslave/curl/kio_curl.cpp | 31 +++++++++----------------------
 1 file changed, 9 insertions(+), 22 deletions(-)

diff --git a/kioslave/curl/kio_curl.cpp b/kioslave/curl/kio_curl.cpp
index 77876972..d1885da9 100644
--- a/kioslave/curl/kio_curl.cpp
+++ b/kioslave/curl/kio_curl.cpp
@@ -1067,8 +1067,6 @@ bool CurlProtocol::setupCurl(const KUrl &url, const bool ftp)
     return true;
 }
 
-// NOTE: redirection is done so that the URL in navigation is corrected, notably its user and
-// password part
 CURLcode CurlProtocol::performCurl(const KUrl &url, KUrl *redirecturl)
 {
     CURLcode curlresult = CURLE_OK;
@@ -1083,16 +1081,6 @@ CURLcode CurlProtocol::performCurl(const KUrl &url, KUrl *redirecturl)
             return curlresult;
         }
         curlresult = curl_easy_perform(m_curl);
-        if (curlresult != CURLE_OK) {
-            KIO::Error kioerror = curlToKIOError(curlresult, m_curl);
-            if (kioerror != KIO::ERR_COULD_NOT_LOGIN) {
-                kDebug(7103) << "Going to redirect for cached authorization";
-                KUrl newurl(url);
-                newurl.setUserName(kioauthinfo.username);
-                newurl.setPassword(kioauthinfo.password);
-                *redirecturl = newurl;
-            }
-        }
     } else {
         kDebug(7103) << "No cached authorization" << url.prettyUrl();
         curlresult = curl_easy_perform(m_curl);
@@ -1122,20 +1110,19 @@ CURLcode CurlProtocol::performCurl(const KUrl &url, KUrl *redirecturl)
                     cacheAuthentication(kioauthinfo);
                 }
                 curlresult = curl_easy_perform(m_curl);
-                if (curlresult != CURLE_OK) {
-                    kioerror = curlToKIOError(curlresult, m_curl);
-                    if (kioerror != KIO::ERR_COULD_NOT_LOGIN) {
-                        kDebug(7103) << "Going to redirect for authorization";
-                        KUrl newurl(url);
-                        newurl.setUserName(kioauthinfo.username);
-                        newurl.setPassword(kioauthinfo.password);
-                        *redirecturl = newurl;
-                    }
-                }
             }
         }
     }
 
+    // NOTE: redirection is done so that the URL in navigation is corrected, notably its user part.
+    // the password is not made visible for security reasons
+    if (kioauthinfo.username != url.userName()) {
+        kDebug(7103) << "Going to redirect for authorization";
+        KUrl newurl(url);
+        newurl.setUserName(kioauthinfo.username);
+        *redirecturl = newurl;
+    }
+
     return curlresult;
 }