When trying to test the connection of a new XO calendar (in the configuration dialogue), the connection might fail, subsequently revealing the whole GET URL including the cleartext password on screen. This happens when one enters a server without https:// in front. Reproducible: Always Steps to Reproduce: 1. Open KOrganizer 2. Navigate to General Settings -> Calendar Tab and Add a calendar 3. Select Open-Xchange Groupware Server 4. Type in (wrong, without https://) server, user and password combination 5. Click test connection Actual Results: A pop-up error dialogue displaying the while GET URL, including the cleartext password. Expected Results: Notification of error without revealing password in cleartext. (Not sending password in cleartext in the first place.) Version 5.2.2 KDE Frameworks 5.23.0 Qt 5.7.0 (compiled against 5.6.0)
Created attachment 100003 [details] Screenshot
Git commit 15296cb80be303c2fdad39ed2e055521eba30c43 by Montel Laurent. Committed on 01/08/2016 at 11:58. Pushed by mlaurent into branch 'Applications/16.08'. Fix Bug 365350 - password visible on screen / in URL when testing connection to Xchange calendar Force to use a valid url FIXED-IN: 5.3.0 M +3 -0 resources/openxchange/oxa/connectiontestjob.cpp http://commits.kde.org/kdepim-runtime/15296cb80be303c2fdad39ed2e055521eba30c43