Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(365)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_file_dir_job.cc

Issue 2786583002: chromeos: Check both original and absolute paths for file: scheme (Closed)
Patch Set: add null checks for network_delegate() Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/url_request_file_dir_job.h ('k') | net/url_request/url_request_file_job.h » ('j') | net/url_request/url_request_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_file_dir_job.cc
diff --git a/net/url_request/url_request_file_dir_job.cc b/net/url_request/url_request_file_dir_job.cc
index 435ccb008655fc2c83d64c24eb783703f73f428b..a5dab1535f3d88ed51b314f441f8e5a256c13ea7 100644
--- a/net/url_request/url_request_file_dir_job.cc
+++ b/net/url_request/url_request_file_dir_job.cc
@@ -6,10 +6,12 @@
#include "base/bind.h"
#include "base/compiler_specific.h"
+#include "base/files/file_util.h"
#include "base/location.h"
#include "base/single_thread_task_runner.h"
#include "base/strings/sys_string_conversions.h"
#include "base/strings/utf_string_conversions.h"
+#include "base/task_scheduler/post_task.h"
#include "base/threading/thread_task_runner_handle.h"
#include "base/time/time.h"
#include "net/base/directory_listing.h"
@@ -37,8 +39,13 @@ URLRequestFileDirJob::URLRequestFileDirJob(URLRequest* request,
weak_factory_(this) {}
void URLRequestFileDirJob::StartAsync() {
- lister_.Start();
- NotifyHeadersComplete();
+ base::PostTaskWithTraitsAndReplyWithResult(
+ FROM_HERE,
+ base::TaskTraits().MayBlock().WithShutdownBehavior(
+ base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN),
+ base::Bind(&base::MakeAbsoluteFilePath, dir_path_),
+ base::Bind(&URLRequestFileDirJob::DidMakeAbsolutePath,
+ weak_factory_.GetWeakPtr()));
}
void URLRequestFileDirJob::Start() {
@@ -107,6 +114,12 @@ void URLRequestFileDirJob::OnListFile(
wrote_header_ = true;
}
+ // Do not include inaccessible files from the directory listing.
+ if (network_delegate() && !network_delegate()->CanAccessFile(
+ *request(), data.path, data.absolute_path)) {
+ return;
+ }
mmenke 2017/05/10 18:03:31 I'm fine with this change, but I don't think this
satorux1 2017/05/12 13:24:11 good point. removed!
+
#if defined(OS_WIN)
std::string raw_bytes; // Empty on Windows means UTF-8 encoded name.
#elif defined(OS_POSIX)
@@ -136,6 +149,18 @@ void URLRequestFileDirJob::OnListDone(int error) {
URLRequestFileDirJob::~URLRequestFileDirJob() {}
+void URLRequestFileDirJob::DidMakeAbsolutePath(
+ const base::FilePath& absolute_path) {
+ if (network_delegate() && !network_delegate()->CanAccessFile(
+ *request(), dir_path_, absolute_path)) {
+ NotifyStartError(URLRequestStatus::FromError(ERR_ACCESS_DENIED));
+ return;
+ }
+
+ lister_.Start();
+ NotifyHeadersComplete();
+}
+
void URLRequestFileDirJob::CompleteRead(Error error) {
DCHECK_LE(error, OK);
DCHECK_NE(error, ERR_IO_PENDING);
« no previous file with comments | « net/url_request/url_request_file_dir_job.h ('k') | net/url_request/url_request_file_job.h » ('j') | net/url_request/url_request_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698