| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "webkit/browser/database/database_util.h" | 5 #include "webkit/browser/database/database_util.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "webkit/browser/database/database_tracker.h" | 9 #include "webkit/browser/database/database_tracker.h" |
| 10 #include "webkit/browser/database/vfs_backend.h" | 10 #include "webkit/browser/database/vfs_backend.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 // '/' and '#' must be present in the string. Also, the string cannot start | 25 // '/' and '#' must be present in the string. Also, the string cannot start |
| 26 // with a '/' (origin_identifier cannot be empty) and '/' must come before '#' | 26 // with a '/' (origin_identifier cannot be empty) and '/' must come before '#' |
| 27 if ((first_slash_index == base::string16::npos) || | 27 if ((first_slash_index == base::string16::npos) || |
| 28 (last_pound_index == base::string16::npos) || | 28 (last_pound_index == base::string16::npos) || |
| 29 (first_slash_index == 0) || | 29 (first_slash_index == 0) || |
| 30 (first_slash_index > last_pound_index)) { | 30 (first_slash_index > last_pound_index)) { |
| 31 return false; | 31 return false; |
| 32 } | 32 } |
| 33 | 33 |
| 34 if (origin_identifier) { | 34 if (origin_identifier) { |
| 35 *origin_identifier = UTF16ToASCII( | 35 *origin_identifier = base::UTF16ToASCII( |
| 36 vfs_file_name.substr(0, first_slash_index)); | 36 vfs_file_name.substr(0, first_slash_index)); |
| 37 } | 37 } |
| 38 if (database_name) { | 38 if (database_name) { |
| 39 *database_name = vfs_file_name.substr( | 39 *database_name = vfs_file_name.substr( |
| 40 first_slash_index + 1, last_pound_index - first_slash_index - 1); | 40 first_slash_index + 1, last_pound_index - first_slash_index - 1); |
| 41 } | 41 } |
| 42 if (sqlite_suffix) { | 42 if (sqlite_suffix) { |
| 43 *sqlite_suffix = vfs_file_name.substr( | 43 *sqlite_suffix = vfs_file_name.substr( |
| 44 last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1); | 44 last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1); |
| 45 } | 45 } |
| 46 return true; | 46 return true; |
| 47 } | 47 } |
| 48 | 48 |
| 49 base::FilePath DatabaseUtil::GetFullFilePathForVfsFile( | 49 base::FilePath DatabaseUtil::GetFullFilePathForVfsFile( |
| 50 DatabaseTracker* db_tracker, const base::string16& vfs_file_name) { | 50 DatabaseTracker* db_tracker, const base::string16& vfs_file_name) { |
| 51 std::string origin_identifier; | 51 std::string origin_identifier; |
| 52 base::string16 database_name; | 52 base::string16 database_name; |
| 53 base::string16 sqlite_suffix; | 53 base::string16 sqlite_suffix; |
| 54 if (!CrackVfsFileName(vfs_file_name, &origin_identifier, | 54 if (!CrackVfsFileName(vfs_file_name, &origin_identifier, |
| 55 &database_name, &sqlite_suffix)) { | 55 &database_name, &sqlite_suffix)) { |
| 56 return base::FilePath(); // invalid vfs_file_name | 56 return base::FilePath(); // invalid vfs_file_name |
| 57 } | 57 } |
| 58 | 58 |
| 59 base::FilePath full_path = db_tracker->GetFullDBFilePath( | 59 base::FilePath full_path = db_tracker->GetFullDBFilePath( |
| 60 origin_identifier, database_name); | 60 origin_identifier, database_name); |
| 61 if (!full_path.empty() && !sqlite_suffix.empty()) { | 61 if (!full_path.empty() && !sqlite_suffix.empty()) { |
| 62 DCHECK(full_path.Extension().empty()); | 62 DCHECK(full_path.Extension().empty()); |
| 63 full_path = full_path.InsertBeforeExtensionASCII( | 63 full_path = full_path.InsertBeforeExtensionASCII( |
| 64 UTF16ToASCII(sqlite_suffix)); | 64 base::UTF16ToASCII(sqlite_suffix)); |
| 65 } | 65 } |
| 66 // Watch out for directory traversal attempts from a compromised renderer. | 66 // Watch out for directory traversal attempts from a compromised renderer. |
| 67 if (full_path.value().find(FILE_PATH_LITERAL("..")) != | 67 if (full_path.value().find(FILE_PATH_LITERAL("..")) != |
| 68 base::FilePath::StringType::npos) | 68 base::FilePath::StringType::npos) |
| 69 return base::FilePath(); | 69 return base::FilePath(); |
| 70 return full_path; | 70 return full_path; |
| 71 } | 71 } |
| 72 | 72 |
| 73 bool DatabaseUtil::IsValidOriginIdentifier( | 73 bool DatabaseUtil::IsValidOriginIdentifier( |
| 74 const std::string& origin_identifier) { | 74 const std::string& origin_identifier) { |
| 75 std::string dotdot = ".."; | 75 std::string dotdot = ".."; |
| 76 char forbidden[] = {'\\', '/', '\0'}; | 76 char forbidden[] = {'\\', '/', '\0'}; |
| 77 | 77 |
| 78 std::string::size_type pos = origin_identifier.find(dotdot); | 78 std::string::size_type pos = origin_identifier.find(dotdot); |
| 79 if (pos == std::string::npos) | 79 if (pos == std::string::npos) |
| 80 pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden)); | 80 pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden)); |
| 81 | 81 |
| 82 return pos == std::string::npos; | 82 return pos == std::string::npos; |
| 83 } | 83 } |
| 84 | 84 |
| 85 } // namespace webkit_database | 85 } // namespace webkit_database |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 176843022:
Move UTF16ToASCII, remove WideToASCII. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src