From 380368380e49e4d5c72fc39d35a6a18bd5357579 Mon Sep 17 00:00:00 2001
From: Christian Muehlhaeuser <muesli@gmail.com>
Date: Tue, 3 Sep 2013 23:41:47 +0200
Subject: [PATCH] * Don't blindly accept all HTTP result-hints in an XSPF.

---
 src/libtomahawk/utils/XspfLoader.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/libtomahawk/utils/XspfLoader.cpp b/src/libtomahawk/utils/XspfLoader.cpp
index 16e097b44..72c897686 100644
--- a/src/libtomahawk/utils/XspfLoader.cpp
+++ b/src/libtomahawk/utils/XspfLoader.cpp
@@ -276,11 +276,13 @@ XSPFLoader::gotBody()
             }
             else if ( n.namespaceURI() == m_NS && n.localName() == "url" )
             {
-                url = n.text();
+                if ( !n.text().startsWith( "http" ) || TomahawkUtils::whitelistedHttpResultHint( n.text() ) )
+                    url = n.text();
             }
             else if ( n.namespaceURI() == m_NS && n.localName() == "location" )
             {
-                url = n.text();
+                if ( !n.text().startsWith( "http" ) || TomahawkUtils::whitelistedHttpResultHint( n.text() ) )
+                    url = n.text();
             }
         }