mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-03 06:04:53 +00:00
Code Issues Releases Activity

Fix Konqueror address bar spoofing attack vulnerability.

Browse Source 
Security: CVE-2007-4224, CVE-2007-4224, CVE-2007-3820
Security: http://www.kde.org/info/security/advisory-20070816-1.txt
This commit is contained in:
Michael Nottebrock 2007-08-19 15:36:01 +00:00
parent 1492216b48
commit c6accc6986
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=197923
18 changed files with 474 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
x11/kde4-baseapps/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kde4-runtime/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kde4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kde4-workspace/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kde4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kdebase3/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kdebase3/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kdebase4-runtime/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kdebase4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kdebase4-workspace/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kdebase4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kdebase4/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

49
x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff Normal file
View File

@ -0,0 +1,49 @@
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ // important security consideration: always display the beginning
+ // of the url rather than its end to prevent spoofing attempts.
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
}
else // no known serviceType, use KonqRun
{
- if ( ( view && view == m_currentView ) ||
- ( !view && !req.newTab ) ) // startup with argument
+ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
{
// Show it for now in the location bar, but we'll need to store it in the view
// later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
setLocationBarURL( url );
}
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
if ( childView )
{
enableAllActions( true );
-
- m_pViewManager->setActivePart( childView->part() );
m_currentView = childView;
}
}
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
void KonqViewManager::emitActivePartChanged()
{
+ // prevent unnecessary multiple calls to slotPartActivated:
+ m_activePartChangedTimer->stop();
m_pMainWindow->slotPartActivated( activePart() );
}

2
x11/kdelibs3/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 0
PORTREVISION= 1
CATEGORIES= x11 kde ipv6
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

61
x11/kdelibs3/files/patch-post-3.5.7-kdelibs-kdecore.diff Normal file
View File

@ -0,0 +1,61 @@
------------------------------------------------------------------------
r700053 | mueller | 2007-08-14 18:37:30 +0200 (Tue, 14 Aug 2007) | 2 lines
be more robust against addressbar spoofing (CVE-2007-4225)
------------------------------------------------------------------------
--- kdecore/tests/kurltest.cpp
+++ kdecore/tests/kurltest.cpp
@@ -288,6 +288,16 @@ int main(int argc, char *argv[])
check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html");
check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html");
+ KURL whitespaceInUser("http://www.google.com%20%20%20%20%20@foobar.com/");
+ check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20@foobar.com/");
+
+ KURL whitespaceInPath("http://www.google.com/foo%20bar/");
+ check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/");
+
+ KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/");
+ check("KURL::prettyURL()", whitespaceInPath2.prettyURL(),
+ "http://www.google.com/foo%20%20%20%20%20%20 bar/");
+
KURL carsten;
carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
@@ -594,6 +604,15 @@ int main(int argc, char *argv[])
check("http: URL with empty path string path", waba1.path(),
"");
+ waba1 = "http://www.meinestadt.de&url_plain=http";
+ check("http: URL with empty path string", waba1.host(),
+ "www.meinestadt.de&url_plain=http");
+ check("http: URL with empty path string", waba1.htmlURL(),
+ "http://www.meinestadt.de&amp;url_plain=http");
+
+ check("http: URL with empty path string", waba1.path(),
+ "");
+
waba1 = "http://a:389#b=c";
check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" );
check( "http: URL with port, ref, and empty path; host", waba1.host(), "a" );
--- kdecore/kurl.cpp
+++ kdecore/kurl.cpp
@@ -183,7 +183,7 @@ static QString lazy_encode( const QStrin
(character == '?') || // Start of query delimiter
((character == '@') && encodeAt) || // Username delimiter
(character == '#') || // Start of reference delimiter
- ((character == 32) && (i+1 == old_length))) // A trailing space
+ ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space
{
new_segment[ new_length++ ] = '%';
@@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing )
u += "//";
if ( hasUser() )
{
- u += lazy_encode(m_strUser);
+ u += encode(m_strUser, 0, 0);
// Don't show password!
u += "@";
}

2
x11/kdelibs4/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 0
PORTREVISION= 1
CATEGORIES= x11 kde ipv6
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src

61
x11/kdelibs4/files/patch-post-3.5.7-kdelibs-kdecore.diff Normal file
View File

@ -0,0 +1,61 @@
------------------------------------------------------------------------
r700053 | mueller | 2007-08-14 18:37:30 +0200 (Tue, 14 Aug 2007) | 2 lines
be more robust against addressbar spoofing (CVE-2007-4225)
------------------------------------------------------------------------
--- kdecore/tests/kurltest.cpp
+++ kdecore/tests/kurltest.cpp
@@ -288,6 +288,16 @@ int main(int argc, char *argv[])
check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html");
check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html");
+ KURL whitespaceInUser("http://www.google.com%20%20%20%20%20@foobar.com/");
+ check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20@foobar.com/");
+
+ KURL whitespaceInPath("http://www.google.com/foo%20bar/");
+ check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/");
+
+ KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/");
+ check("KURL::prettyURL()", whitespaceInPath2.prettyURL(),
+ "http://www.google.com/foo%20%20%20%20%20%20 bar/");
+
KURL carsten;
carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
@@ -594,6 +604,15 @@ int main(int argc, char *argv[])
check("http: URL with empty path string path", waba1.path(),
"");
+ waba1 = "http://www.meinestadt.de&url_plain=http";
+ check("http: URL with empty path string", waba1.host(),
+ "www.meinestadt.de&url_plain=http");
+ check("http: URL with empty path string", waba1.htmlURL(),
+ "http://www.meinestadt.de&amp;url_plain=http");
+
+ check("http: URL with empty path string", waba1.path(),
+ "");
+
waba1 = "http://a:389#b=c";
check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" );
check( "http: URL with port, ref, and empty path; host", waba1.host(), "a" );
--- kdecore/kurl.cpp
+++ kdecore/kurl.cpp
@@ -183,7 +183,7 @@ static QString lazy_encode( const QStrin
(character == '?') || // Start of query delimiter
((character == '@') && encodeAt) || // Username delimiter
(character == '#') || // Start of reference delimiter
- ((character == 32) && (i+1 == old_length))) // A trailing space
+ ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space
{
new_segment[ new_length++ ] = '%';
@@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing )
u += "//";
if ( hasUser() )
{
- u += lazy_encode(m_strUser);
+ u += encode(m_strUser, 0, 0);
// Don't show password!
u += "@";
}