content/browser/web_contents/render_view_host_manager.cc - Issue 11193051: To fix the cross-site post submission bug.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/web_contents/render_view_host_manager.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Reuse ResourceRequestBody Struct Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« content/browser/web_contents/navigation_entry_impl.h ('K') | « content/browser/web_contents/navigation_entry_impl.h ('k') | content/browser/web_contents/web_contents_impl.h » ('j') | content/common/view_messages.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/web_contents/render_view_host_manager.cc

diff --git a/content/browser/web_contents/render_view_host_manager.cc b/content/browser/web_contents/render_view_host_manager.cc

index 8a481d2fc92391d7c682e608cb842bb71f18b957..2b79ef0eb59c0c6d3815e9c59e77c451da00aff8 100644

--- a/content/browser/web_contents/render_view_host_manager.cc

+++ b/content/browser/web_contents/render_view_host_manager.cc

@@ -8,6 +8,7 @@

#include "base/command_line.h"

#include "base/logging.h"

+#include "content/browser/child_process_security_policy_impl.h"

#include "content/browser/debugger/devtools_manager_impl.h"

#include "content/browser/renderer_host/render_process_host_impl.h"

#include "content/browser/renderer_host/render_view_host_factory.h"

@@ -26,6 +27,9 @@

#include "content/public/browser/web_ui_controller_factory.h"

#include "content/public/common/content_switches.h"

#include "content/public/common/url_constants.h"

+#include "webkit/glue/resource_request_body.h"

+using webkit_glue::ResourceRequestBody;

namespace content {

@@ -835,6 +839,28 @@ RenderViewHostImpl* RenderViewHostManager::UpdateRendererStateForNavigate(

}

// Otherwise, it's safe to treat this as a pending cross-site transition.

+ // For the cross-process Post Submission request, we need to migrate the

+ // permission to read the upload file from the old process to the

+ // new process. TODO: I am not sure whether we need to revoke

+ // this permission after the POST.

+ if (entry.GetHasPostData()) {

+ ChildProcessSecurityPolicyImpl* policy =

+ ChildProcessSecurityPolicyImpl::GetInstance();

+ int oldID = render_view_host_->GetSiteInstance()->GetProcess()->GetID();

+ int newID =

+ pending_render_view_host_->GetSiteInstance()->GetProcess()->GetID();

+ const std::vector<ResourceRequestBody::Element>* uploads =

+ entry.request.request_body->elements();

+ std::vector<ResourceRequestBody::Element>::const_iterator iter;

+ for (iter = uploads->begin(); iter != uploads->end(); ++iter) {

+ if (iter->type() == ResourceRequestBody::Element::TYPE_FILE) {

+ if (policy->CanReadFile(oldID, iter->path())) {

+ policy->GrantReadFile(newID, iter->path());

+ }

// Make sure the old render view stops, in case a load is in progress.

render_view_host_->Send(