Replace whitespace at beginning and end of file with hyphens, rather than silently discarding.

net/base/net_util.cc

Index: net/base/net_util.cc
diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index ef8eb534d12792c4ae76978f1425470acce9cd00..71fddf571c70b7d412086c179a1366dbbcbe6cd6 100644
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -158,6 +158,19 @@ static const int kAllowedFtpPorts[] = {
   22,   // ssh
 };
 
+template<typename STR>
+typename STR::size_type CountTrailingChars(const STR& input,
+                                  const typename STR::value_type

[jschuh, 2011/08/17 20:02:48]

Formatting is all messed up here. Make sure visual studio is configured
properly, use gcl lint, and check the style guide.

+                                                   trailing_chars[]) {
+  const typename STR::size_type last_good_char =
+                                  input.find_last_not_of(trailing_chars);
+
+  if (last_good_char == std::string::npos)
+    return input.length();
+  else
+    return input.length() - last_good_char - 1;
+}
+
 // Similar to Base64Decode. Decodes a Q-encoded string to a sequence
 // of bytes. If input is invalid, return false.
 bool QPDecode(const std::string& input, std::string* output) {
@@ -1388,6 +1401,7 @@ string16 GetSuggestedFilename(const GURL& url,
   static const char* kFinalFallbackName = "download";
 
   std::string filename;
+  std::string::size_type trimmed_trailing_character_count = 0;
 
   // Try to extract from content-disposition first.
   if (!content_disposition.empty())
@@ -1405,10 +1419,13 @@ string16 GetSuggestedFilename(const GURL& url,
 
     // Next, remove "." from the beginning and end of the file name to avoid
     // tricks with hidden files, "..", and "."
+    trimmed_trailing_character_count += CountTrailingChars(filename, ".");
     TrimString(filename, ".", &filename);
   }
 
   if (filename.empty()) {
+    trimmed_trailing_character_count = 0;
+

[jschuh, 2011/08/17 20:02:48]

Remove the blank line.

     // about: and data: URLs don't have file names, but esp. data: URLs may
     // contain parts that look like ones (i.e., contain a slash).
     // Therefore we don't attempt to divine a file name out of them.
@@ -1439,10 +1456,11 @@ string16 GetSuggestedFilename(const GURL& url,
 #if defined(OS_WIN)
   { // Handle CreateFile() stripping trailing dots and spaces on filenames
     // http://support.microsoft.com/kb/115827
+    trimmed_trailing_character_count += CountTrailingChars(filename, " .");

[jschuh, 2011/08/17 20:02:48]

You already have the count, so no reason to duplicate the search before
trimming.

[kenrb, 2011/08/17 20:25:51]

The filename may have changed since the last time we counted.

[jschuh, 2011/08/17 20:32:46]

To clarify, you just called your CountTrailingChars function, which means you
know how many trailing chars need to be trimmed. So, there's no reason to call
find_last_not_of again (which was necessary before your change).

     std::string::size_type pos = filename.find_last_not_of(" .");
-    if (pos == std::string::npos)
-      filename.resize(0);
-    else
+    if (pos == std::string::npos)
+      filename.resize(0);
+    else
       filename.resize(++pos);
   }
 #endif
@@ -1452,6 +1470,7 @@ string16 GetSuggestedFilename(const GURL& url,
   // If there's no filename or it gets trimed to be empty, use
   // the URL hostname or default_name
   if (filename.empty()) {
+    trimmed_trailing_character_count = 0;
     if (!default_name.empty()) {
       return default_name;
     } else if (url.is_valid()) {
@@ -1466,7 +1485,15 @@ string16 GetSuggestedFilename(const GURL& url,
 
 #if defined(OS_WIN)
   string16 path = UTF8ToUTF16(filename);
+  // On Windows we want to preserve or replace all characters including
+  // whitespace to prevent file extension obfuscation on trusted websites
+  // e.g. Gmail might think evil.exe. is safe, so we don't want it to become
+  // evil.exe when we download it
+  trimmed_trailing_character_count += path.length();
+  TrimWhitespace(path, TRIM_TRAILING, &path);

[jschuh, 2011/08/17 20:02:48]

Shouldn't this check include trailing . characters, in addition to the trailing
utf16 whitespace? My suggestion is just figure out the length and then truncate
the string as appropriate.

[kenrb, 2011/08/17 20:25:51]

Trailing dots should have been stripped at line 1459. This is to account for
behavior in file_util::ReplaceIllegalCharactersInPath, which unfortunately
strips whitespace before replacing illegal characters. We want trailing illegal
characters to be replaced, not stripped, so we do it here before
file_util::ReplaceIllegalCharactersInPath does.
On 2011/08/17 20:02:48, Justin Schuh wrote:

+  trimmed_trailing_character_count -= path.length();
   file_util::ReplaceIllegalCharactersInPath(&path, '-');
+  path.append(trimmed_trailing_character_count, '-');
   return path;
 #else
   std::string path = filename;