Katana_mirror/kdelibs
1
0
Fork 0
mirror of https://bitbucket.org/smil3y/kdelibs.git synced 2025-02-24 10:52:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

kio: do not assume the authentication message is non-empty in KHTTP

Browse source 
Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
This commit is contained in:
Ivailo Monev 2022-12-25 06:19:21 +02:00
parent 59567864f0
commit d51e0ec201
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
kio/kio/khttp.cpp
View file

@ -246,7 +246,7 @@ static QByteArray HTTPStatusToContent(const ushort httpstatus)
return httpdata; return httpdata;
} }
static KHTTPHeaders responseHeaders(const bool authenticate) static KHTTPHeaders HTTPHeaders(const bool authenticate)
{ {
KHTTPHeaders khttpheaders; KHTTPHeaders khttpheaders;
const QString httpserver = QCoreApplication::applicationName(); const QString httpserver = QCoreApplication::applicationName();
@ -260,7 +260,7 @@ static KHTTPHeaders responseHeaders(const bool authenticate)
return khttpheaders; return khttpheaders;
} }
static QByteArray responseData(const ushort httpstatus, const KHTTPHeaders &httpheaders, const qint64 datasize) static QByteArray HTTPData(const ushort httpstatus, const KHTTPHeaders &httpheaders, const qint64 datasize)
{ {
QByteArray httpdata("HTTP/1.1 "); QByteArray httpdata("HTTP/1.1 ");
httpdata.append(QByteArray::number(httpstatus)); httpdata.append(QByteArray::number(httpstatus));
@ -361,6 +361,8 @@ KHTTPPrivate::KHTTPPrivate(QObject *parent)
: QObject(parent), : QObject(parent),
tcpserver(nullptr) tcpserver(nullptr)
{ {
authmessage = HTTPStatusToContent(401);
// NOTE: the default maximum for pending connections is 30 // NOTE: the default maximum for pending connections is 30
tcpserver = new QTcpServer(this); tcpserver = new QTcpServer(this);
connect(tcpserver, SIGNAL(newConnection()), this, SLOT(slotNewConnection())); connect(tcpserver, SIGNAL(newConnection()), this, SLOT(slotNewConnection()));
@ -387,11 +389,11 @@ void KHTTPPrivate::slotNewConnection()
khttpheadersparser.parseHeaders(clientdata, requiresauthorization); khttpheadersparser.parseHeaders(clientdata, requiresauthorization);
// qDebug() << Q_FUNC_INFO << "url" << khttpheadersparser.path(); // qDebug() << Q_FUNC_INFO << "url" << khttpheadersparser.path();
KHTTPHeaders khttpheaders = responseHeaders(requiresauthorization); KHTTPHeaders khttpheaders = HTTPHeaders(requiresauthorization);
if (requiresauthorization && if (requiresauthorization &&
(khttpheadersparser.authUser() != authusername || khttpheadersparser.authPass() != authpassword)) { (khttpheadersparser.authUser() != authusername || khttpheadersparser.authPass() != authpassword)) {
kDebug(s_khttpdebugarea) << "sending unauthorized to client"; kDebug(s_khttpdebugarea) << "sending unauthorized to client";
const QByteArray httpdata = responseData(401, khttpheaders, authmessage.size()); const QByteArray httpdata = HTTPData(401, khttpheaders, authmessage.size());
client->write(httpdata); client->write(httpdata);
client->flush(); client->flush();
client->write(authmessage); client->write(authmessage);
@ -414,7 +416,7 @@ void KHTTPPrivate::slotNewConnection()
QFile httpfile(responsefilepath); QFile httpfile(responsefilepath);
if (httpfile.open(QFile::ReadOnly)) { if (httpfile.open(QFile::ReadOnly)) {
kDebug(s_khttpdebugarea) << "sending file to client" << responsefilepath << khttpheaders; kDebug(s_khttpdebugarea) << "sending file to client" << responsefilepath << khttpheaders;
const QByteArray httpdata = responseData(responsestatus, khttpheaders, httpfile.size()); const QByteArray httpdata = HTTPData(responsestatus, khttpheaders, httpfile.size());
client->write(httpdata); client->write(httpdata);
client->flush(); client->flush();
@ -437,9 +439,9 @@ void KHTTPPrivate::slotNewConnection()
} }
} else { } else {
kWarning(s_khttpdebugarea) << "could not open" << responsefilepath; kWarning(s_khttpdebugarea) << "could not open" << responsefilepath;
khttpheaders = responseHeaders(false); khttpheaders = HTTPHeaders(false);
const QByteArray data500 = HTTPStatusToContent(500); const QByteArray data500 = HTTPStatusToContent(500);
const QByteArray httpdata = responseData(500, khttpheaders, data500.size()); const QByteArray httpdata = HTTPData(500, khttpheaders, data500.size());
client->write(httpdata); client->write(httpdata);
client->flush(); client->flush();
client->write(data500); client->write(data500);
@ -455,7 +457,7 @@ void KHTTPPrivate::slotNewConnection()
if (responsedata.isEmpty()) { if (responsedata.isEmpty()) {
responsedata = HTTPStatusToContent(responsestatus); responsedata = HTTPStatusToContent(responsestatus);
} }
const QByteArray httpdata = responseData(responsestatus, khttpheaders, responsedata.size()); const QByteArray httpdata = HTTPData(responsestatus, khttpheaders, responsedata.size());
client->write(httpdata); client->write(httpdata);
client->flush(); client->flush();
client->write(responsedata); client->write(responsedata);
@ -489,6 +491,9 @@ bool KHTTP::setAuthenticate(const QByteArray &username, const QByteArray &passwo
d->authusername = username; d->authusername = username;
d->authpassword = password; d->authpassword = password;
d->authmessage = message.toAscii(); d->authmessage = message.toAscii();
if (d->authmessage.isEmpty()) {
d->authmessage = HTTPStatusToContent(401);
}
return true; return true;
} }