Attachment #1293 for bug #1525

By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release. View | Details | Raw Unified | Return to bug 1525
Collapse All | Expand All

Lines 62-67 Link Here

(-)./khtml/ecma/kjs_html.cpp.ORI (-2 / +11 lines)
62		62
63	#include <kdebug.h>	63	#include <kdebug.h>
64		64
		65	// CVE-2009-2537 (vendors agreed on max 10000 elements)
		66	#define MAX_SELECT_LENGTH 10000
		67
65	namespace KJS {	68	namespace KJS {
66		69
67	KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE(HTMLDocumentProto, DOMDocumentProto)	70	KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE(HTMLDocumentProto, DOMDocumentProto)
Lines 2550-2557 Link Here
2550	case SelectValue: { select.setValue(str); return; }	2553	case SelectValue: { select.setValue(str); return; }
2551	case SelectLength: { // read-only according to the NS spec, but webpages need it writeable	2554	case SelectLength: { // read-only according to the NS spec, but webpages need it writeable
2552	Object coll = Object::dynamicCast( getSelectHTMLCollection(exec, select.options(), select) );	2555	Object coll = Object::dynamicCast( getSelectHTMLCollection(exec, select.options(), select) );
2553	if ( coll.isValid() )	2556	if ( coll.isValid() ) {
2554	coll.put(exec,"length",value);	2557	if (value.toInteger(exec) >= MAX_SELECT_LENGTH) {
		2558	Object err = Error::create(exec, RangeError);
		2559	exec->setException(err);
		2560	} else {
		2561	coll.put(exec, "length", value);
		2562	}
		2563	}
2555	return;	2564	return;
2556	}	2565	}
2557	// read-only: form	2566	// read-only: form

Return to bug 1525