Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(281)

Side by Side Diff: webkit/database/database_util.cc

Issue 12212091: WebDatabase: check path traversal in origin_identifier (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: more testcases Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « webkit/database/database_util.h ('k') | webkit/database/database_util_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "webkit/database/database_util.h" 5 #include "webkit/database/database_util.h"
6 6
7 #include "base/basictypes.h"
7 #include "base/utf_string_conversions.h" 8 #include "base/utf_string_conversions.h"
8 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h" 9 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h"
9 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" 10 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"
10 #include "webkit/database/database_tracker.h" 11 #include "webkit/database/database_tracker.h"
11 #include "webkit/database/vfs_backend.h" 12 #include "webkit/database/vfs_backend.h"
12 13
13 namespace webkit_database { 14 namespace webkit_database {
14 15
15 const char DatabaseUtil::kJournalFileSuffix[] = "-journal"; 16 const char DatabaseUtil::kJournalFileSuffix[] = "-journal";
16 17
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
83 // createFromDatabaseIdentifier returns null origin_url for them. 84 // createFromDatabaseIdentifier returns null origin_url for them.
84 if (web_security_origin.isUnique()) { 85 if (web_security_origin.isUnique()) {
85 if (origin_identifier.find(UTF8ToUTF16("file__")) == 0) 86 if (origin_identifier.find(UTF8ToUTF16("file__")) == 0)
86 return GURL("file:///"); 87 return GURL("file:///");
87 return GURL(); 88 return GURL();
88 } 89 }
89 90
90 return GURL(web_security_origin.toString()); 91 return GURL(web_security_origin.toString());
91 } 92 }
92 93
94 bool DatabaseUtil::IsValidOriginIdentifier(const string16& origin_identifier) {
95 string16 dotdot = ASCIIToUTF16("..");
96 char16 forbidden[] = {'\\', '/', '\0'};
97
98 string16::size_type pos = origin_identifier.find(dotdot);
99 if (pos == string16::npos)
100 pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden));
101
102 return pos == string16::npos;
103 }
104
93 } // namespace webkit_database 105 } // namespace webkit_database
OLDNEW
« no previous file with comments | « webkit/database/database_util.h ('k') | webkit/database/database_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698