Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(140)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/web_contents/render_view_host_manager.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Android API, Helper Function and Include_rules Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/web_contents/navigation_entry_impl_unittest.cc ('k') | content/browser/web_contents/web_contents_impl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/render_view_host_manager.cc
diff --git a/content/browser/web_contents/render_view_host_manager.cc b/content/browser/web_contents/render_view_host_manager.cc
index 8a481d2fc92391d7c682e608cb842bb71f18b957..1e5fc86d491708e8f8db49cf3a23c8feecdc1f1b 100644
--- a/content/browser/web_contents/render_view_host_manager.cc
+++ b/content/browser/web_contents/render_view_host_manager.cc
@@ -8,6 +8,7 @@
#include "base/command_line.h"
#include "base/logging.h"
+#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/debugger/devtools_manager_impl.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
#include "content/browser/renderer_host/render_view_host_factory.h"
@@ -835,6 +836,37 @@ RenderViewHostImpl* RenderViewHostManager::UpdateRendererStateForNavigate(
}
}
// Otherwise, it's safe to treat this as a pending cross-site transition.
+ // For the cross-process Post Submission request, we need to migrate the
+ // permission to read the upload file from the old process to the
+ // new process. TODO(irobert): Not sure whether we need to revoke
+ // this permission after the POST.
+ //
+ // The second check is not redundant.
+ // For example, user did a cross-process submission from A to B,
+ // and then GoBack to A, and GoForward to B.
+ // In this case, the navigation entry maintained by the browser has
+ // the has_post_data_ set to true but the browser_initiated_post_data
+ // is pointed to an invalid address.
+ if (entry.GetHasPostData() &&
+ entry.GetBrowserInitiatedPostData()) {
+ ChildProcessSecurityPolicyImpl* policy =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+ int oldID = render_view_host_->GetSiteInstance()->GetProcess()->GetID();
+ int newID =
+ pending_render_view_host_->GetSiteInstance()->GetProcess()->GetID();
+ const std::vector<webkit_glue::ResourceRequestBody::Element>* uploads =
+ entry.GetBrowserInitiatedPostData()->elements();
+ std::vector<webkit_glue::ResourceRequestBody::Element>::const_iterator
+ iter;
+ for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
+ if (iter->type() ==
+ webkit_glue::ResourceRequestBody::Element::TYPE_FILE) {
+ if (policy->CanReadFile(oldID, iter->path())) {
+ policy->GrantReadFile(newID, iter->path());
+ }
+ }
+ }
+ }
// Make sure the old render view stops, in case a load is in progress.
render_view_host_->Send(
« no previous file with comments | « content/browser/web_contents/navigation_entry_impl_unittest.cc ('k') | content/browser/web_contents/web_contents_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698