[Kde-pim] Fwd: Re: again freebusy
Bernhard Herzog
bh at intevation.de
Tue Sep 28 12:16:54 CEST 2004
Bo Thorsen <bo at sonofthor.dk> writes:
> --- freebusymanager.cpp 13 Sep 2004 16:01:39 -0000 1.27
> +++ freebusymanager.cpp 28 Sep 2004 09:44:59 -0000
> @@ -391,14 +391,20 @@ KURL FreeBusyManager::freeBusyUrl( const
> return KURL();
>
> // Cut off everything left of the @ sign to get the user name.
> - QString emailName = email.left( emailpos );
> + const QString emailName = email.left( emailpos );
> + const QString emailHost = email.mid( emailpos + 1 );
>
> // Build the URL
> KURL sourceURL;
> sourceURL = KOPrefs::instance()->mFreeBusyRetrieveUrl;
>
> // Don't try to fetch free/busy data for users not on the specified servers
> - if ( sourceURL.host() != email.mid( emailpos + 1 ) ) return KURL();
> + // This tests if the hostnames match, or one is a subset of the other
> + const QString hostDomain = sourceURL.host();
> + if ( hostDomain != emailHost && !hostDomain.endsWith( emailHost )
> + && !emailHost.endsWith( hostDomain ) )
> + // Host names do not match
> + return KURL();
Hmm, it seems to me that this would allow fetching the free/busy list of
e.g. user at foobar.com from bar.com because "foobar.com" ends with "bar.com".
Bernhard
--
Intevation GmbH http://intevation.de/
Skencil http://sketch.sourceforge.net/
Thuban http://thuban.intevation.org/
More information about the users
mailing list