Critical security patches for the following vulnerabilities:

CVE-2009-0689 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-2702 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
author: tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> 2010-09-29 05:15:51 +0000
committer: tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> 2010-09-29 05:15:51 +0000
commit: 33e60e8e78543462d31e8c6a7c3577ffe18b6647 (patch)
tree: f655bb5f0a2e19a2396aeea199df3d9caf60c119 /khtml/css
parent: c9b50480aa0c5ccbf1a4a4005fd735be3a3e0841 (diff)
download: tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.tar.gz
tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.zip
2 files changed, 13 insertions, 2 deletions
diff --git a/khtml/css/css_valueimpl.cpp b/khtml/css/css_valueimpl.cpp
index 73a53d5d2..52e962725 100644
--- a/khtml/css/css_valueimpl.cpp
+++ b/khtml/css/css_valueimpl.cpp
@@ -736,7 +736,9 @@ DOM::DOMString CSSPrimitiveValueImpl::cssText() const
 	    text = getValueName(m_value.ident);
 	    break;
 	case CSSPrimitiveValue::CSS_ATTR:
-	    // ###
+            text = "attr(";
+            text += DOMString( m_value.string );
+            text += ")";
 	    break;
 	case CSSPrimitiveValue::CSS_COUNTER:
             text = "counter(";
diff --git a/khtml/css/cssparser.cpp b/khtml/css/cssparser.cpp
index 23eeb69a9..d167af025 100644
--- a/khtml/css/cssparser.cpp
+++ b/khtml/css/cssparser.cpp
@@ -1351,6 +1351,14 @@ bool CSSParser::parseContent( int propId, bool important )
                 if ( args->size() != 1)
                     return false;
                 Value *a = args->current();
+                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
+                    isValid=false;
+                    break;
+                }
+                if (qString(a->string)[0] == '-') {
+                    isValid=false;
+                    break;
+                }
                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
             }
             else
@@ -1403,7 +1411,8 @@ CSSValueImpl* CSSParser::parseCounterContent(ValueList *args, bool counters)
 
     CounterImpl *counter = new CounterImpl;
     Value *i = args->current();
-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+    if (qString(i->string)[0] == '-') goto invalid;
     counter->m_identifier = domString(i->string);
     if (counters) {
         i = args->next();
author	tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>	2010-09-29 05:15:51 +0000
committer	tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>	2010-09-29 05:15:51 +0000
commit	33e60e8e78543462d31e8c6a7c3577ffe18b6647 (patch)
tree	f655bb5f0a2e19a2396aeea199df3d9caf60c119 /khtml/css
parent	c9b50480aa0c5ccbf1a4a4005fd735be3a3e0841 (diff)
download	tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.tar.gz tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.zip