Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/download/save_package.cc

Issue 2075273002: Resource requests from Save-Page-As should go through CanRequestURL checks. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Replace MarkAsUnauthorized with constructor argument. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/download/save_item.cc ('k') | content/browser/download/save_types.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/download/save_package.cc
diff --git a/content/browser/download/save_package.cc b/content/browser/download/save_package.cc
index da07f63483790f4ccef202e5de1f62d9cf48cb32..1a21d4125b1c6aeeb2628533a94b299553e2f6e6 100644
--- a/content/browser/download/save_package.cc
+++ b/content/browser/download/save_package.cc
@@ -301,13 +301,11 @@ void SavePackage::InitWithDownloadItem(
} else {
DCHECK_EQ(SAVE_PAGE_TYPE_AS_ONLY_HTML, save_type_);
wait_state_ = NET_FILES;
- SaveFileCreateInfo::SaveFileSource save_source = page_url_.SchemeIsFile() ?
- SaveFileCreateInfo::SAVE_FILE_FROM_FILE :
- SaveFileCreateInfo::SAVE_FILE_FROM_NET;
// Add this item to waiting list.
- waiting_item_queue_.push_back(
- new SaveItem(page_url_, Referrer(), this, save_source,
- FrameTreeNode::kFrameTreeNodeInvalidId));
+ waiting_item_queue_.push_back(new SaveItem(
+ page_url_, Referrer(), this, SaveFileCreateInfo::SAVE_FILE_FROM_NET,
+ FrameTreeNode::kFrameTreeNodeInvalidId,
+ web_contents()->GetMainFrame()->GetFrameTreeNodeId()));
all_save_items_count_ = 1;
download_->SetTotalBytes(1);
@@ -546,16 +544,6 @@ void SavePackage::StartSave(const SaveFileCreateInfo* info) {
save_item->SetTargetPath(saved_main_file_path_);
}
- // If the save source is from file system, inform SaveFileManager to copy
- // corresponding file to the file path which this SaveItem specifies.
- if (info->save_source == SaveFileCreateInfo::SAVE_FILE_FROM_FILE) {
- BrowserThread::PostTask(
- BrowserThread::FILE, FROM_HERE,
- base::Bind(&SaveFileManager::SaveLocalFile, file_manager_,
- save_item->url(), save_item->id(), id()));
- return;
- }
-
// Check whether we begin to require serialized HTML data.
if (save_type_ == SAVE_PAGE_TYPE_AS_COMPLETE_HTML &&
wait_state_ == HTML_DATA) {
@@ -798,11 +786,30 @@ void SavePackage::SaveNextFile(bool process_all_remaining_items) {
DCHECK(!ContainsKey(in_progress_items_, save_item->id()));
in_progress_items_[save_item->id()] = save_item;
save_item->Start();
+
+ // Find the frame responsible for making the network request below - it will
+ // be used in security checks made later by ResourceDispatcherHostImpl.
+ int requester_frame_tree_node_id =
+ save_item->save_source() == SaveFileCreateInfo::SAVE_FILE_FROM_NET
+ ? save_item->container_frame_tree_node_id()
+ : save_item->frame_tree_node_id();
+ DCHECK_NE(FrameTreeNode::kFrameTreeNodeInvalidId,
+ requester_frame_tree_node_id);
+ FrameTreeNode* requester_frame_tree_node =
+ FrameTreeNode::GloballyFindByID(requester_frame_tree_node_id);
+ if (!requester_frame_tree_node) {
+ save_item->Finish(0, /* is_success = */ false);
+ continue;
+ }
+ RenderFrameHostImpl* requester_frame =
+ requester_frame_tree_node->current_frame_host();
+
file_manager_->SaveURL(
save_item->id(), save_item->url(), save_item->referrer(),
- web_contents()->GetRenderProcessHost()->GetID(), routing_id(),
- web_contents()->GetMainFrame()->GetRoutingID(),
- save_item->save_source(), save_item->full_path(),
+ requester_frame->GetProcess()->GetID(),
+ requester_frame->render_view_host()->GetRoutingID(),
+ requester_frame->routing_id(), save_item->save_source(),
+ save_item->full_path(),
web_contents()->GetBrowserContext()->GetResourceContext(), this);
} while (process_all_remaining_items && !waiting_item_queue_.empty());
}
@@ -1126,8 +1133,9 @@ SaveItem* SavePackage::CreatePendingSaveItem(
SaveFileCreateInfo::SaveFileSource save_source) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
Referrer sanitized_referrer = Referrer::SanitizeForRequest(url, referrer);
- SaveItem* save_item = new SaveItem(url, sanitized_referrer, this, save_source,
- save_item_frame_tree_node_id);
+ SaveItem* save_item =
+ new SaveItem(url, sanitized_referrer, this, save_source,
+ save_item_frame_tree_node_id, container_frame_tree_node_id);
waiting_item_queue_.push_back(save_item);
frame_tree_node_id_to_contained_save_items_[container_frame_tree_node_id]
@@ -1170,12 +1178,9 @@ void SavePackage::EnqueueSavableResource(int container_frame_tree_node_id,
if (!url.is_valid())
return;
- SaveFileCreateInfo::SaveFileSource save_source =
- url.SchemeIsFile() ? SaveFileCreateInfo::SAVE_FILE_FROM_FILE
- : SaveFileCreateInfo::SAVE_FILE_FROM_NET;
CreatePendingSaveItemDeduplicatingByUrl(
container_frame_tree_node_id, FrameTreeNode::kFrameTreeNodeInvalidId, url,
- referrer, save_source);
+ referrer, SaveFileCreateInfo::SAVE_FILE_FROM_NET);
}
void SavePackage::EnqueueFrame(int container_frame_tree_node_id,
« no previous file with comments | « content/browser/download/save_item.cc ('k') | content/browser/download/save_types.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698