webkit/database/database_util.cc - Issue 12212091: WebDatabase: check path traversal in origin_identifier

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: webkit/database/database_util.cc

Issue 12212091: WebDatabase: check path traversal in origin_identifier (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: more testcases Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "webkit/database/database_util.h"	5 #include "webkit/database/database_util.h"

6	6

	7 #include "base/basictypes.h"

7 #include "base/utf_string_conversions.h"	8 #include "base/utf_string_conversions.h"

8 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h"	9 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h"

9 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"	10 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"

10 #include "webkit/database/database_tracker.h"	11 #include "webkit/database/database_tracker.h"

11 #include "webkit/database/vfs_backend.h"	12 #include "webkit/database/vfs_backend.h"

12	13

13 namespace webkit_database {	14 namespace webkit_database {

14	15

15 const char DatabaseUtil::kJournalFileSuffix[] = "-journal";	16 const char DatabaseUtil::kJournalFileSuffix[] = "-journal";

16	17

(...skipping 66 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
83 // createFromDatabaseIdentifier returns null origin_url for them.	84 // createFromDatabaseIdentifier returns null origin_url for them.

84 if (web_security_origin.isUnique()) {	85 if (web_security_origin.isUnique()) {

85 if (origin_identifier.find(UTF8ToUTF16("file__")) == 0)	86 if (origin_identifier.find(UTF8ToUTF16("file__")) == 0)

86 return GURL("file:///");	87 return GURL("file:///");

87 return GURL();	88 return GURL();

88 }	89 }

89	90

90 return GURL(web_security_origin.toString());	91 return GURL(web_security_origin.toString());

91 }	92 }

92	93

	94 bool DatabaseUtil::IsValidOriginIdentifier(const string16& origin_identifier) {

	95 string16 dotdot = ASCIIToUTF16("..");

	96 char16 forbidden[] = {'\\', '/', '\0'};

	97

	98 string16::size_type pos = origin_identifier.find(dotdot);

	99 if (pos == string16::npos)

	100 pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden));

	101

	102 return pos == string16::npos;

	103 }

	104

93 } // namespace webkit_database	105 } // namespace webkit_database

OLD	NEW

« no previous file with comments | « webkit/database/database_util.h ('k') | webkit/database/database_util_unittest.cc » ('j') | no next file with comments »