To fix the cross-site post submission bug.

content/renderer/render_view_impl.cc

Index: content/renderer/render_view_impl.cc
diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
index d0f7bf59ab6fb1958e4ea0b4bc004c7aa7ce30fd..215053573fbc1706a108c2d96c1c44bb0a4ca244 100644
--- a/content/renderer/render_view_impl.cc
+++ b/content/renderer/render_view_impl.cc
@@ -185,6 +185,7 @@
 #include "webkit/glue/alt_error_page_resource_fetcher.h"
 #include "webkit/glue/dom_operations.h"
 #include "webkit/glue/glue_serialize.h"
+#include "webkit/glue/resource_request_body.h"
 #include "webkit/glue/web_intent_service_data.h"
 #include "webkit/glue/webdropdata.h"
 #include "webkit/glue/webkit_constants.h"
@@ -320,6 +321,7 @@ using base::TimeDelta;
 
 using webkit_glue::AltErrorPageResourceFetcher;
 using webkit_glue::ResourceFetcher;
+using webkit_glue::ResourceRequestBody;
 using webkit_glue::WebPreferences;
 using webkit_glue::WebURLResponseExtraDataImpl;
 
@@ -1133,22 +1135,47 @@ void RenderViewImpl::OnNavigate(const ViewMsg_Navigate_Params& params) {
       }
     }
 
-    if (params.is_post) {
-      request.setHTTPMethod(WebString::fromUTF8("POST"));
-
-      // Set post data.
+    if(params.is_post) {
       WebHTTPBody http_body;
       http_body.initialize();
-      http_body.appendData(WebData(
-          reinterpret_cast<const char*>(
-              &params.browser_initiated_post_data.front()),
-          params.browser_initiated_post_data.size()));
+      const std::vector<ResourceRequestBody::Element>* uploads =
+          params.browser_initiated_post_data->elements();
+      std::vector<ResourceRequestBody::Element>::const_iterator iter;
+      for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
+        switch (iter->type()) {
+          case ResourceRequestBody::Element::TYPE_BYTES: {
+            http_body.appendData(WebData(iter->bytes(),
+                                         static_cast<int>(iter->length())));
+            break;
+          }
+          case ResourceRequestBody::Element::TYPE_FILE: {
+            http_body.appendFileRange(
+                WebString::fromUTF8(iter->path().value()),
+                static_cast<long long>(iter->offset()),
+                static_cast<long long>(iter->length()),
+                iter->expected_modification_time().ToDoubleT());
+            break;
+          }
+          case ResourceRequestBody::Element::TYPE_FILE_FILESYSTEM: {
+            CHECK(false);
+            break;
+          }
+          case ResourceRequestBody::Element:: TYPE_BLOB: {
+            CHECK(false);
+            break;
+          }
+          default:
+            NOTREACHED();
+        }
+      }
       request.setHTTPBody(http_body);
+      request.setHTTPMethod(WebString::fromUTF8("POST"));
+      request.setHTTPHeaderField(
+          WebString::fromUTF8("Content-Type"),
+          WebString::fromUTF8(params.extra_headers));
     }
-
     main_frame->loadRequest(request);
   }
-
   // In case LoadRequest failed before DidCreateDataSource was called.
   pending_navigation_params_.reset();
 }
@@ -1656,13 +1683,18 @@ void RenderViewImpl::SendUpdateState(const WebHistoryItem& item) {
 void RenderViewImpl::OpenURL(WebFrame* frame,
                              const GURL& url,
                              const Referrer& referrer,
-                             WebNavigationPolicy policy) {
-  Send(new ViewHostMsg_OpenURL(
-      routing_id_,
-      url,
-      referrer,
-      NavigationPolicyToDisposition(policy),
-      frame->identifier()));
+                             WebNavigationPolicy policy,
+                             std::string extra_header,
+                             scoped_refptr<ResourceRequestBody>
+                                 request_body) {
+  ViewHostMsg_OpenURL_Params params;
+  params.url = url;
+  params.referrer = referrer;
+  params.disposition = NavigationPolicyToDisposition(policy);
+  params.frame_id = frame->identifier();
+  params.extra_header = extra_header;
+  params.request_body = request_body;
+  Send(new ViewHostMsg_OpenURL(routing_id_, params));
 }
 
 // WebViewDelegate ------------------------------------------------------------
@@ -2668,7 +2700,7 @@ void RenderViewImpl::loadURLExternally(
     Send(new ViewHostMsg_DownloadUrl(routing_id_, request.url(), referrer,
                                      suggested_name));
   } else {
-    OpenURL(frame, request.url(), referrer, policy);
+    OpenURL(frame, request.url(), referrer, policy, std::string(""), NULL);
   }
 }
 
@@ -2689,10 +2721,10 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
       // TODO(creis): Ensure this supports targeted form submissions when
       // fixing http://crbug.com/101395.
       if (frame->parent() == NULL) {
-        OpenURL(frame, request.url(), referrer, default_policy);
+        OpenURL(frame, request.url(), referrer,
+                default_policy, std::string(""), NULL);
         return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
       }
-
       // We should otherwise ignore in-process iframe navigations, if they
       // arrive just after we are swapped out.
       return WebKit::WebNavigationPolicyIgnore;
@@ -2728,7 +2760,59 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
     if (!net::RegistryControlledDomainService::SameDomainOrHost(frame_url,
                                                                 url) ||
         frame_url.scheme() != url.scheme()) {
-      OpenURL(frame, url, referrer, default_policy);
+      WebString method = request.httpMethod();
+      if(method != WebString("POST")) {
+        OpenURL(frame, url, referrer, default_policy, std::string(""), NULL);
+      } else {
+        scoped_refptr<ResourceRequestBody> request_body =
+            new ResourceRequestBody();
+        WebHTTPBody body = request.httpBody();
+        if (!body.isNull()) {
+          WebKit::WebHTTPBody::Element element;
+          for (int i=0; body.elementAt(i, element); i++) {
+            switch (element.type) {
+              case WebHTTPBody::Element::TypeData:
+                if (!element.data.isEmpty())
+                  request_body->AppendBytes(
+                      element.data.data(),
+                      static_cast<int>(element.data.size()));
+                break;
+              case WebHTTPBody::Element::TypeFile: {
+                if (element.fileLength == -1) {
+                  request_body->AppendFileRange(
+                      FilePath(element.filePath.utf8()),
+                      0, kuint64max, base::Time());
+                } else {
+                  request_body->AppendFileRange(
+                      FilePath(element.filePath.utf8()),

[irobert, 2012/11/09 19:07:57]

This statement cannot be built on windows but is ok on linux. Do we need to have
something like:
 #if defined(OS_POSIX)
 #elif defined(OS_WIN)
 #endif

+                      static_cast<uint64>(element.fileStart),
+                      static_cast<uint64>(element.fileLength),
+                      base::Time::FromDoubleT(element.modificationTime));
+                }
+                break;
+              }
+              case WebHTTPBody::Element::TypeURL: {
+                CHECK(false);
+                break;
+              }
+              case WebHTTPBody::Element::TypeBlob: {
+                CHECK(false);
+                break;
+              }
+              default:
+                NOTREACHED();
+            }
+          }
+        }
+
+        // Extract Header Info.
+        WebString ContentType =
+            request.httpHeaderField(WebString::fromUTF8("Content-Type"));
+        std::string header(ContentType.utf8().data(),
+                           ContentType.utf8().length());
+
+        OpenURL(frame, url, referrer, default_policy, header, request_body);
+      }
       return WebKit::WebNavigationPolicyIgnore;
     }
   }
@@ -2749,7 +2833,7 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
       // navigation.
       page_id_ = -1;
       last_page_id_sent_to_browser_ = -1;
-      OpenURL(frame, url, referrer, default_policy);
+      OpenURL(frame, url, referrer, default_policy, std::string(""), NULL);
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
@@ -2809,15 +2893,66 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
       // http://crbug.com/101395 is more likely to cause compatibility issues
       // with hosted apps and extensions than WebUI pages.  We will remove this
       // check when cross-process POST submissions are supported.
-      if (request.httpMethod() == "GET") {
         should_fork = GetContentClient()->renderer()->ShouldFork(
             frame, url, is_initial_navigation, &send_referrer);
-      }
     }
 
     if (should_fork) {
-      OpenURL(
-          frame, url, send_referrer ? referrer : Referrer(), default_policy);
+      if (request.httpMethod() == "GET") {
+        OpenURL(frame, url,
+                send_referrer ? referrer : Referrer(),
+                default_policy, std::string(""), NULL);
+      }
+      else if (request.httpMethod() == "POST") {
+        // Identical with the case when strict site-isolation is enabled.
+        // We should find a way to use one copy.
+        scoped_refptr<ResourceRequestBody> request_body =
+            new ResourceRequestBody();
+        WebHTTPBody body = request.httpBody();
+        if (!body.isNull()) {
+          WebKit::WebHTTPBody::Element element;
+          for (int i=0; body.elementAt(i, element); i++) {
+            switch (element.type) {
+              case WebHTTPBody::Element::TypeData:
+                if (!element.data.isEmpty())
+                  request_body->AppendBytes(
+                      element.data.data(),
+                      static_cast<int>(element.data.size()));
+                break;
+              case WebHTTPBody::Element::TypeFile: {
+                if (element.fileLength == -1) {
+                  request_body->AppendFileRange(
+                      FilePath(element.filePath.utf8()),
+                      0, kuint64max, base::Time());
+                } else {
+                  request_body->AppendFileRange(
+                      FilePath(element.filePath.utf8()),
+                      static_cast<uint64>(element.fileStart),
+                      static_cast<uint64>(element.fileLength),
+                      base::Time::FromDoubleT(element.modificationTime));
+                }
+                break;
+              }
+              case WebHTTPBody::Element::TypeURL: {
+                CHECK(false);
+                break;
+              }
+              case WebHTTPBody::Element::TypeBlob: {
+                CHECK(false);
+                break;
+              }
+              default:
+                NOTREACHED();
+            }
+          }
+        }
+        // Extract Header Info.
+        WebString ContentType =
+            request.httpHeaderField(WebString::fromUTF8("Content-Type"));
+        std::string header(ContentType.utf8().data(),
+                           ContentType.utf8().length());
+        OpenURL(frame, url, referrer, default_policy, header, request_body);
+      }
       return WebKit::WebNavigationPolicyIgnore;  // Suppress the load here.
     }
   }
@@ -2856,10 +2991,9 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
 
   if (is_fork) {
     // Open the URL via the browser, not via WebKit.
-    OpenURL(frame, url, Referrer(), default_policy);
+    OpenURL(frame, url, Referrer(), default_policy, std::string(""), NULL);
     return WebKit::WebNavigationPolicyIgnore;
   }
-
   return default_policy;
 }