diff options
author | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2010-09-29 05:15:51 +0000 |
---|---|---|
committer | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2010-09-29 05:15:51 +0000 |
commit | 33e60e8e78543462d31e8c6a7c3577ffe18b6647 (patch) | |
tree | f655bb5f0a2e19a2396aeea199df3d9caf60c119 /khtml/css/cssparser.cpp | |
parent | c9b50480aa0c5ccbf1a4a4005fd735be3a3e0841 (diff) | |
download | tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.tar.gz tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.zip |
Critical security patches for the following vulnerabilities:
CVE-2009-0689
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-2702
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'khtml/css/cssparser.cpp')
-rw-r--r-- | khtml/css/cssparser.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/khtml/css/cssparser.cpp b/khtml/css/cssparser.cpp index 23eeb69a9..d167af025 100644 --- a/khtml/css/cssparser.cpp +++ b/khtml/css/cssparser.cpp @@ -1351,6 +1351,14 @@ bool CSSParser::parseContent( int propId, bool important ) if ( args->size() != 1) return false; Value *a = args->current(); + if (a->unit != CSSPrimitiveValue::CSS_IDENT) { + isValid=false; + break; + } + if (qString(a->string)[0] == '-') { + isValid=false; + break; + } parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); } else @@ -1403,7 +1411,8 @@ CSSValueImpl* CSSParser::parseCounterContent(ValueList *args, bool counters) CounterImpl *counter = new CounterImpl; Value *i = args->current(); -// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; + if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; + if (qString(i->string)[0] == '-') goto invalid; counter->m_identifier = domString(i->string); if (counters) { i = args->next(); |