Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/download/save_package.cc

Issue 2060923002: Neutralize dangerous subresource files during Save Page. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@save-package-cleanup-1
Patch Set: Catch up with ToT Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/download/save_package.h ('k') | content/browser/download/save_package_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/download/save_package.h" 5 #include "content/browser/download/save_package.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after
394 // TODO(jungshik): Figure out the referrer charset when having one 394 // TODO(jungshik): Figure out the referrer charset when having one
395 // makes sense and pass it to GenerateFileName. 395 // makes sense and pass it to GenerateFileName.
396 base::FilePath file_path = net::GenerateFileName(url, 396 base::FilePath file_path = net::GenerateFileName(url,
397 disposition, 397 disposition,
398 std::string(), 398 std::string(),
399 std::string(), 399 std::string(),
400 std::string(), 400 std::string(),
401 kDefaultSaveName); 401 kDefaultSaveName);
402 402
403 DCHECK(!file_path.empty()); 403 DCHECK(!file_path.empty());
404 if (need_html_ext)
405 file_path = file_path.ReplaceExtension(kDefaultHtmlExtension);
406
407 DownloadManagerDelegate* delegate = download_manager_->GetDelegate();
408 if (delegate)
409 delegate->SanitizeSavePackageResourceName(&file_path);
410
411 DCHECK_EQ(file_path.value(), file_path.BaseName().value())
412 << "SanitizeSavePackageResourceName should only return a basename.";
413
404 base::FilePath::StringType base_name = 414 base::FilePath::StringType base_name =
405 file_path.RemoveExtension().BaseName().value(); 415 file_path.RemoveExtension().BaseName().value();
406 base::FilePath::StringType file_name_ext = file_path.Extension(); 416 base::FilePath::StringType file_name_ext = file_path.Extension();
407 417
408 // If it is HTML resource, use ".html" as its extension.
409 if (need_html_ext) {
410 file_name_ext = FILE_PATH_LITERAL(".");
411 file_name_ext.append(kDefaultHtmlExtension);
412 }
413
414 // Need to make sure the suggested file name is not too long. 418 // Need to make sure the suggested file name is not too long.
415 uint32_t max_path = GetMaxPathLengthForDirectory(saved_main_directory_path_); 419 uint32_t max_path = GetMaxPathLengthForDirectory(saved_main_directory_path_);
416 420
417 // Get safe pure file name. 421 // Get safe pure file name.
418 if (!TruncateBaseNameToFitPathConstraints( 422 if (!TruncateBaseNameToFitPathConstraints(
419 saved_main_directory_path_, file_name_ext, max_path, &base_name)) 423 saved_main_directory_path_, file_name_ext, max_path, &base_name))
420 return false; 424 return false;
421 425
422 base::FilePath::StringType file_name = base_name + file_name_ext; 426 base::FilePath::StringType file_name = base_name + file_name_ext;
423 427
(...skipping 1036 matching lines...) Expand 10 before | Expand all | Expand 10 after
1460 } 1464 }
1461 1465
1462 void SavePackage::FinalizeDownloadEntry() { 1466 void SavePackage::FinalizeDownloadEntry() {
1463 DCHECK(download_); 1467 DCHECK(download_);
1464 1468
1465 download_manager_->OnSavePackageSuccessfullyFinished(download_); 1469 download_manager_->OnSavePackageSuccessfullyFinished(download_);
1466 RemoveObservers(); 1470 RemoveObservers();
1467 } 1471 }
1468 1472
1469 } // namespace content 1473 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/download/save_package.h ('k') | content/browser/download/save_package_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698