summaryrefslogtreecommitdiffstats
path: root/khtml/css/cssparser.cpp
diff options
context:
space:
mode:
authortpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2010-09-29 05:15:51 +0000
committertpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2010-09-29 05:15:51 +0000
commit33e60e8e78543462d31e8c6a7c3577ffe18b6647 (patch)
treef655bb5f0a2e19a2396aeea199df3d9caf60c119 /khtml/css/cssparser.cpp
parentc9b50480aa0c5ccbf1a4a4005fd735be3a3e0841 (diff)
downloadtdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.tar.gz
tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.zip
Critical security patches for the following vulnerabilities:
CVE-2009-0689 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-2702 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'khtml/css/cssparser.cpp')
-rw-r--r--khtml/css/cssparser.cpp11
1 files changed, 10 insertions, 1 deletions
diff --git a/khtml/css/cssparser.cpp b/khtml/css/cssparser.cpp
index 23eeb69a9..d167af025 100644
--- a/khtml/css/cssparser.cpp
+++ b/khtml/css/cssparser.cpp
@@ -1351,6 +1351,14 @@ bool CSSParser::parseContent( int propId, bool important )
if ( args->size() != 1)
return false;
Value *a = args->current();
+ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
+ isValid=false;
+ break;
+ }
+ if (qString(a->string)[0] == '-') {
+ isValid=false;
+ break;
+ }
parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
}
else
@@ -1403,7 +1411,8 @@ CSSValueImpl* CSSParser::parseCounterContent(ValueList *args, bool counters)
CounterImpl *counter = new CounterImpl;
Value *i = args->current();
-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+ if (qString(i->string)[0] == '-') goto invalid;
counter->m_identifier = domString(i->string);
if (counters) {
i = args->next();