Chromium Code Reviews Chromium Code Reviews
Issue 199153003:
Look closer at the components of vfsfilenames that are used filenames. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "webkit/common/database/database_identifier.h" | 5 #include "webkit/common/database/database_identifier.h" |
| 6 | 6 |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "url/url_canon.h" | 9 #include "url/url_canon.h" |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 51 origin.host(), | 51 origin.host(), |
| 52 port, | 52 port, |
| 53 false /* unique */, | 53 false /* unique */, |
| 54 false /* file */); | 54 false /* file */); |
| 55 } | 55 } |
| 56 | 56 |
| 57 // static | 57 // static |
| 58 DatabaseIdentifier DatabaseIdentifier::Parse(const std::string& identifier) { | 58 DatabaseIdentifier DatabaseIdentifier::Parse(const std::string& identifier) { |
| 59 if (!IsStringASCII(identifier)) | 59 if (!IsStringASCII(identifier)) |
| 60 return DatabaseIdentifier(); | 60 return DatabaseIdentifier(); |
| 61 if (identifier.find("..") != std::string::npos) | |
|
michaeln
2014/04/21 19:48:07
does this exclude some valid hostnames like www..d
| |
| 62 return DatabaseIdentifier(); | |
| 63 char forbidden[] = {'\\', '/', ':' ,'\0'}; | |
|
jschuh
2014/03/24 22:46:23
Can't we have a whitelist here instead of a blackl
michaeln
2014/04/21 19:48:07
In talking to you i the hallway, you mentioned vet
| |
| 64 if (identifier.find_first_of(forbidden, 0, arraysize(forbidden)) != | |
| 65 std::string::npos) { | |
| 66 return DatabaseIdentifier(); | |
| 67 } | |
| 61 | 68 |
| 62 size_t first_underscore = identifier.find_first_of('_'); | 69 size_t first_underscore = identifier.find_first_of('_'); |
| 63 if (first_underscore == std::string::npos || first_underscore == 0) | 70 if (first_underscore == std::string::npos || first_underscore == 0) |
| 64 return DatabaseIdentifier(); | 71 return DatabaseIdentifier(); |
| 65 | 72 |
| 66 size_t last_underscore = identifier.find_last_of('_'); | 73 size_t last_underscore = identifier.find_last_of('_'); |
| 67 if (last_underscore == std::string::npos || | 74 if (last_underscore == std::string::npos || |
| 68 last_underscore == first_underscore || | 75 last_underscore == first_underscore || |
| 69 last_underscore == identifier.length() - 1) | 76 last_underscore == identifier.length() - 1) |
| 70 return DatabaseIdentifier(); | 77 return DatabaseIdentifier(); |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 129 if (is_file_) | 136 if (is_file_) |
| 130 return GURL("file:///"); | 137 return GURL("file:///"); |
| 131 if (is_unique_) | 138 if (is_unique_) |
| 132 return GURL(); | 139 return GURL(); |
| 133 if (port_ == 0) | 140 if (port_ == 0) |
| 134 return GURL(scheme_ + "://" + hostname_); | 141 return GURL(scheme_ + "://" + hostname_); |
| 135 return GURL(scheme_ + "://" + hostname_ + ":" + base::IntToString(port_)); | 142 return GURL(scheme_ + "://" + hostname_ + ":" + base::IntToString(port_)); |
| 136 } | 143 } |
| 137 | 144 |
| 138 } // namespace webkit_database | 145 } // namespace webkit_database |
| OLD | NEW |
