content/browser/web_contents/render_view_host_manager.cc - Issue 11193051: To fix the cross-site post submission bug.

Unified Diff: content/browser/web_contents/render_view_host_manager.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix Comments Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« content/browser/web_contents/navigation_entry_impl.h ('K') | « content/browser/web_contents/navigation_entry_impl_unittest.cc ('k') | content/browser/web_contents/web_contents_impl.h » ('j') | content/browser/web_contents/web_contents_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/web_contents/render_view_host_manager.cc

diff --git a/content/browser/web_contents/render_view_host_manager.cc b/content/browser/web_contents/render_view_host_manager.cc

index 8a481d2fc92391d7c682e608cb842bb71f18b957..3c3117b96b339fdd0e420336776e4bbc4753d1dc 100644

--- a/content/browser/web_contents/render_view_host_manager.cc

+++ b/content/browser/web_contents/render_view_host_manager.cc

@@ -8,6 +8,7 @@

#include "base/command_line.h"

#include "base/logging.h"

+#include "content/browser/child_process_security_policy_impl.h"

#include "content/browser/debugger/devtools_manager_impl.h"

#include "content/browser/renderer_host/render_process_host_impl.h"

#include "content/browser/renderer_host/render_view_host_factory.h"

@@ -835,6 +836,36 @@ RenderViewHostImpl* RenderViewHostManager::UpdateRendererStateForNavigate(

}

// Otherwise, it's safe to treat this as a pending cross-site transition.

+ // For the cross-process Post Submission request, we need to migrate the

+ // permission to read the upload file from the old process to the

+ // new process. TODO(irobert): Not sure whether we need to revoke

+ // this permission after the POST.

Charlie Reis 2012/11/20 05:46:03 I don't think we want to do this here. I need mor

+ if (entry.GetHasPostData() &&

+ // This check is not redundant.

+ // For example, user did a cross-process submission from A to B,

+ // and then GoBack to A, and GoForward to B.

+ // In this case, the navigation entry maintained by the browser has

+ // the has_post_data_ set to true but the browser_initiated_post_data

+ // is pointed to an invalid address.

Charlie Reis 2012/11/20 05:46:03 Valuable comment, but it should go before the if (

irobert 2012/11/22 01:37:00 Done.

+ entry.GetBrowserInitiatedPostData() != NULL) {

+ ChildProcessSecurityPolicyImpl* policy =

+ ChildProcessSecurityPolicyImpl::GetInstance();

+ int oldID = render_view_host_->GetSiteInstance()->GetProcess()->GetID();

+ int newID =

+ pending_render_view_host_->GetSiteInstance()->GetProcess()->GetID();

+ const std::vector<webkit_glue::ResourceRequestBody::Element>* uploads =

+ entry.GetBrowserInitiatedPostData()->elements();

+ std::vector<webkit_glue::ResourceRequestBody::Element>::const_iterator

+ iter;

+ for (iter = uploads->begin(); iter != uploads->end(); ++iter) {

+ if (iter->type() ==

+ webkit_glue::ResourceRequestBody::Element::TYPE_FILE) {

+ if (policy->CanReadFile(oldID, iter->path())) {

+ policy->GrantReadFile(newID, iter->path());

+ }

// Make sure the old render view stops, in case a load is in progress.

render_view_host_->Send(