Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(188)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1717783002: Fix an issue that download filename from content disposition is not sanitized (Closed)

Created:
4 years, 10 months ago by qinmin
Modified:
4 years, 10 months ago
Reviewers:
asanka, Ted C
CC:
asanka, chromium-reviews, darin-cc_chromium.org, jam
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix an issue that download filename from content disposition is not sanitized The filename from content disposition may not be sanitized. This change uses net::GetSuggestedFileName() to sanitize the filename before passing it to java. Also, there is no need to call URLUtil.guessFileName() since GetSuggestedFileName() will always return a non-null value. BUG=570750 Committed: https://crrev.com/168f723d0f0ce60d92a6307c754181f6d8644583 Cr-Commit-Position: refs/heads/master@{#377447}

Patch Set 1 #

Total comments: 6

Patch Set 2 : remove unused variable #

Patch Set 3 : pass localized default download file name #

Total comments: 3
Unified diffs Side-by-side diffs Delta from patch set Stats (+28 lines, -105 lines) Patch
M chrome/android/java/src/org/chromium/chrome/browser/download/ChromeDownloadDelegate.java View 1 2 2 chunks +4 lines, -54 lines 0 comments Download
M chrome/android/javatests/src/org/chromium/chrome/browser/download/ChromeDownloadDelegateTest.java View 1 chunk +0 lines, -47 lines 0 comments Download
M chrome/browser/android/download/download_manager_service.cc View 1 2 2 chunks +4 lines, -0 lines 3 comments Download
M content/browser/android/download_controller_android_impl.h View 1 2 2 chunks +3 lines, -0 lines 0 comments Download
M content/browser/android/download_controller_android_impl.cc View 1 2 3 chunks +13 lines, -4 lines 0 comments Download
M content/public/browser/android/download_controller_android.h View 1 2 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 19 (5 generated)
qinmin
PTAL
4 years, 10 months ago (2016-02-19 20:27:58 UTC) #2
asanka
https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc File content/browser/android/download_controller_android_impl.cc (right): https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc#newcode394 content/browser/android/download_controller_android_impl.cc:394: net::HttpContentDisposition header(info.content_disposition, ""); header is unused. https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc#newcode403 content/browser/android/download_controller_android_impl.cc:403: std::string())); ...
4 years, 10 months ago (2016-02-22 22:56:08 UTC) #3
qinmin
https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc File content/browser/android/download_controller_android_impl.cc (right): https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc#newcode394 content/browser/android/download_controller_android_impl.cc:394: net::HttpContentDisposition header(info.content_disposition, ""); On 2016/02/22 22:56:08, asanka wrote: > ...
4 years, 10 months ago (2016-02-22 23:03:36 UTC) #4
asanka
https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc File content/browser/android/download_controller_android_impl.cc (right): https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc#newcode403 content/browser/android/download_controller_android_impl.cc:403: std::string())); // default name On 2016/02/22 at 23:03:36, qinmin ...
4 years, 10 months ago (2016-02-23 00:05:56 UTC) #5
qinmin
https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc File content/browser/android/download_controller_android_impl.cc (right): https://codereview.chromium.org/1717783002/diff/1/content/browser/android/download_controller_android_impl.cc#newcode403 content/browser/android/download_controller_android_impl.cc:403: std::string())); // default name On 2016/02/23 00:05:56, asanka wrote: ...
4 years, 10 months ago (2016-02-23 07:23:10 UTC) #6
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1717783002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1717783002/40001
4 years, 10 months ago (2016-02-23 07:24:02 UTC) #8
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
4 years, 10 months ago (2016-02-23 08:28:36 UTC) #10
asanka
https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc File chrome/browser/android/download/download_manager_service.cc (right): https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc#newcode51 chrome/browser/android/download/download_manager_service.cc:51: l10n_util::GetStringUTF8(IDS_DEFAULT_DOWNLOAD_FILENAME)); Why can't DownloadControllerAndroid do this on its own?
4 years, 10 months ago (2016-02-24 20:04:44 UTC) #11
qinmin
https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc File chrome/browser/android/download/download_manager_service.cc (right): https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc#newcode51 chrome/browser/android/download/download_manager_service.cc:51: l10n_util::GetStringUTF8(IDS_DEFAULT_DOWNLOAD_FILENAME)); On 2016/02/24 20:04:44, asanka wrote: > Why can't ...
4 years, 10 months ago (2016-02-24 21:56:06 UTC) #12
asanka
lgtm https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc File chrome/browser/android/download/download_manager_service.cc (right): https://codereview.chromium.org/1717783002/diff/40001/chrome/browser/android/download/download_manager_service.cc#newcode51 chrome/browser/android/download/download_manager_service.cc:51: l10n_util::GetStringUTF8(IDS_DEFAULT_DOWNLOAD_FILENAME)); On 2016/02/24 at 21:56:06, qinmin wrote: > ...
4 years, 10 months ago (2016-02-24 22:08:03 UTC) #13
Ted C
lgtm
4 years, 10 months ago (2016-02-24 23:27:49 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1717783002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1717783002/40001
4 years, 10 months ago (2016-02-24 23:45:18 UTC) #16
commit-bot: I haz the power
Committed patchset #3 (id:40001)
4 years, 10 months ago (2016-02-25 01:10:47 UTC) #17
commit-bot: I haz the power
4 years, 10 months ago (2016-02-25 01:12:42 UTC) #19
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/168f723d0f0ce60d92a6307c754181f6d8644583
Cr-Commit-Position: refs/heads/master@{#377447}

Powered by Google App Engine
This is Rietveld 408576698