Chromium Code Reviews Chromium Code Reviews
Issue 12212091:
WebDatabase: check path traversal in origin_identifier (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: webkit/database/database_util.cc |
| diff --git a/webkit/database/database_util.cc b/webkit/database/database_util.cc |
| index 6d5ff95bd81132dd608f4949b5621158b6dd504d..7efd17f2f94dcc708b8e45741a406896c52217ae 100644 |
| --- a/webkit/database/database_util.cc |
| +++ b/webkit/database/database_util.cc |
| @@ -4,6 +4,7 @@ |
| #include "webkit/database/database_util.h" |
| +#include "base/string_piece.h" |
| #include "base/utf_string_conversions.h" |
| #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h" |
| #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" |
| @@ -90,4 +91,15 @@ GURL DatabaseUtil::GetOriginFromIdentifier(const string16& origin_identifier) { |
| return GURL(web_security_origin.toString()); |
| } |
| +bool DatabaseUtil::IsValidOriginIdentifier(const string16& origin_identifier) { |
| + string16 dotdot = ASCIIToUTF16(".."); |
| + string16 forbidden = ASCIIToUTF16(base::StringPiece("\\/\0", 3)); |
|
jsbell
2013/02/12 18:20:32
Given the way it was used (as a list of forbidden
aedla
2013/02/12 19:27:43
Agreed, done.
|
| + |
| + string16::size_type pos = origin_identifier.find(dotdot); |
| + if (pos == string16::npos) |
| + pos = origin_identifier.find_first_of(forbidden); |
| + |
| + return pos == string16::npos; |
| +} |
| + |
| } // namespace webkit_database |
