To fix the cross-site post submission bug.

content/browser/web_contents/web_contents_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/web_contents/web_contents_impl.h"
 
+#include "content/public/common/frame_navigate_params.h"
+
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/stats_counters.h"
 #include "base/string16.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/sys_info.h"
 #include "base/time.h"
@@ skipping 147 matching lines @@
 using content::SessionStorageNamespace;
 using content::SiteInstance;
 using content::UserMetricsAction;
 using content::WebContents;
 using content::WebContentsDelegate;
 using content::WebContentsObserver;
 using content::WebUI;
 using content::WebUIController;
 using content::WebUIControllerFactory;
 using webkit_glue::WebPreferences;
+using content::WebHTTPPOSTBodyParams;
 
 namespace {
 
 // Amount of time we wait between when a key event is received and the renderer
 // is queried for its state and pushed to the NavigationEntry.
 const int kQueryStateDelay = 5000;
 
 const int kSyncWaitDelay = 40;
 
 const char kDotGoogleDotCom[] = ".google.com";
@@ skipping 171 matching lines @@
 #endif
       is_showing_before_unload_dialog_(false),
       opener_web_ui_type_(WebUI::kNoWebUI),
       closed_by_user_gesture_(false),
       minimum_zoom_percent_(
           static_cast<int>(content::kMinimumZoomFactor * 100)),
       maximum_zoom_percent_(
           static_cast<int>(content::kMaximumZoomFactor * 100)),
       temporary_zoom_settings_(false),
       content_restrictions_(0),
-      color_chooser_(NULL) {
+      color_chooser_(NULL) { 
 }
 
 WebContentsImpl::~WebContentsImpl() {
   is_being_destroyed_ = true;
 
   for (std::set<RenderWidgetHostImpl*>::iterator iter =
            created_widgets_.begin(); iter != created_widgets_.end(); ++iter) {
     (*iter)->DetachDelegate();
   }
   created_widgets_.clear();
@@ skipping 1259 matching lines @@
   std::string embedder_channel_name;
   int embedder_container_id;
   GetBrowserPluginEmbedderInfo(dest_render_view_host,
                                &embedder_channel_name,
                                &embedder_container_id);
   ViewMsg_Navigate_Params navigate_params;
   MakeNavigateParams(entry, controller_, delegate_, reload_type,
                      embedder_channel_name,
                      embedder_container_id,
                      &navigate_params);
+
+  navigate_params.post_data = entry.post_data;

[michaeln, 2012/10/23 23:22:18]

another copy

+
   dest_render_view_host->Navigate(navigate_params);
 
   if (entry.GetPageID() == -1) {
     // HACK!!  This code suppresses javascript: URLs from being added to
     // session history, which is what we want to do for javascript: URLs that
     // do not generate content.  What we really need is a message from the
     // renderer telling us that a new page was not created.  The same message
     // could be used for mailto: URLs and the like.
     if (entry.GetURL().SchemeIs(chrome::kJavaScriptScheme))
       return false;
@@ skipping 1289 matching lines @@
       !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
     return;
   }
 
   // Delegate to RequestTransferURL because this is just the generic
   // case where |old_request_id| is empty.
   RequestTransferURL(url, referrer, disposition, source_frame_id,
                      GlobalRequestID());
 }
 
+void WebContentsImpl::RequestOpenPostURL(RenderViewHost* rvh,
+                                     const GURL& url,
+                                     const content::Referrer& referrer,
+                                     WindowOpenDisposition disposition,
+                                     int64 source_frame_id,
+                                     bool is_post,
+                                     std::vector<content::WebHTTPPOSTBodyParams> data) {
+  // If this came from a swapped out RenderViewHost, we only allow the request
+  // if we are still in the same BrowsingInstance.
+  if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() &&
+      !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
+    return;
+  }
+
+  // Delegate to RequestTransferURL because this is just the generic
+  // case where |old_request_id| is empty.
+  RequestTransferPostURL(url, referrer, disposition, source_frame_id,
+                     GlobalRequestID(), is_post, data);
+}
+
 void WebContentsImpl::RequestTransferURL(
     const GURL& url,
     const content::Referrer& referrer,
     WindowOpenDisposition disposition,
     int64 source_frame_id,
     const GlobalRequestID& old_request_id) {
   WebContents* new_contents = NULL;
   content::PageTransition transition_type = content::PAGE_TRANSITION_LINK;
   if (render_manager_.web_ui()) {
     // When we're a Web UI, it will provide a page transition type for us (this
@@ skipping 21 matching lines @@
     FOR_EACH_OBSERVER(WebContentsObserver, observers_,
                       DidOpenRequestedURL(new_contents,
                                           url,
                                           referrer,
                                           disposition,
                                           transition_type,
                                           source_frame_id));
   }
 }
 
+void WebContentsImpl::RequestTransferPostURL(
+    const GURL& url,
+    const content::Referrer& referrer,
+    WindowOpenDisposition disposition,
+    int64 source_frame_id,
+    const GlobalRequestID& old_request_id,
+    bool is_post,
+    std::vector<content::WebHTTPPOSTBodyParams> post_data) {
+  WebContents* new_contents = NULL;
+  content::PageTransition transition_type = content::PAGE_TRANSITION_LINK;
+  if (render_manager_.web_ui()) {
+    // When we're a Web UI, it will provide a page transition type for us (this
+    // is so the new tab page can specify AUTO_BOOKMARK for automatically
+    // generated suggestions).
+    //
+    // Note also that we hide the referrer for Web UI pages. We don't really
+    // want web sites to see a referrer of "chrome://blah" (and some
+    // chrome: URLs might have search terms or other stuff we don't want to
+    // send to the site), so we send no referrer.
+    OpenURLParams params(url, content::Referrer(), source_frame_id, disposition,
+        render_manager_.web_ui()->GetLinkTransitionType(),
+        false /* is_renderer_initiated */);
+    params.transferred_global_request_id = old_request_id;
+    new_contents = OpenURL(params);
+    transition_type = render_manager_.web_ui()->GetLinkTransitionType();
+  } else {
+    OpenURLParams params(url, referrer, source_frame_id, disposition,
+        content::PAGE_TRANSITION_LINK, true /* is_renderer_initiated */);
+    if (is_post) {
+      // Todo: Don't know whether this will conflict with other unexpect situation or not.
+      params.transition = content::PAGE_TRANSITION_FORM_SUBMIT;
+      params.post_data = post_data/*.front()*/;
+    }
+    params.transferred_global_request_id = old_request_id;
+    new_contents = OpenURL(params);
+  }
+  if (new_contents) {
+    // Notify observers.
+    FOR_EACH_OBSERVER(WebContentsObserver, observers_,
+                      DidOpenRequestedURL(new_contents,
+                                          url,
+                                          referrer,
+                                          disposition,
+                                          transition_type,
+                                          source_frame_id));
+  }
+}
+
 void WebContentsImpl::RouteCloseEvent(RenderViewHost* rvh) {
   // Tell the active RenderViewHost to run unload handlers and close, as long
   // as the request came from a RenderViewHost in the same BrowsingInstance.
   // In most cases, we receive this from a swapped out RenderViewHost.
   // It is possible to receive it from one that has just been swapped in,
   // in which case we might as well deliver the message anyway.
   if (rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance()))
     GetRenderViewHost()->ClosePage();
 }
 
@@ skipping 423 matching lines @@
   }
 }
 
 content::BrowserPluginGuest* WebContentsImpl::GetBrowserPluginGuest() {
   return browser_plugin_guest_.get();
 }
 
 content::BrowserPluginEmbedder* WebContentsImpl::GetBrowserPluginEmbedder() {
   return browser_plugin_embedder_.get();
 }