OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 10 matching lines...) Expand all Loading... |
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 */ | 27 */ |
28 | 28 |
29 #include "modules/webdatabase/DatabaseAuthorizer.h" | 29 #include "modules/webdatabase/DatabaseAuthorizer.h" |
30 | 30 |
| 31 #include "core/frame/UseCounter.h" |
| 32 #include "modules/webdatabase/DatabaseContext.h" |
31 #include "platform/wtf/HashSet.h" | 33 #include "platform/wtf/HashSet.h" |
32 #include "platform/wtf/StdLibExtras.h" | 34 #include "platform/wtf/StdLibExtras.h" |
33 #include "platform/wtf/Threading.h" | 35 #include "platform/wtf/Threading.h" |
34 #include "platform/wtf/text/StringHash.h" | 36 #include "platform/wtf/text/StringHash.h" |
35 | 37 |
36 namespace blink { | 38 namespace blink { |
37 | 39 |
38 DatabaseAuthorizer* DatabaseAuthorizer::Create( | 40 DatabaseAuthorizer* DatabaseAuthorizer::Create( |
| 41 DatabaseContext* database_context, |
39 const String& database_info_table_name) { | 42 const String& database_info_table_name) { |
40 return new DatabaseAuthorizer(database_info_table_name); | 43 return new DatabaseAuthorizer(database_context, database_info_table_name); |
41 } | 44 } |
42 | 45 |
43 DatabaseAuthorizer::DatabaseAuthorizer(const String& database_info_table_name) | 46 DatabaseAuthorizer::DatabaseAuthorizer(DatabaseContext* database_context, |
| 47 const String& database_info_table_name) |
44 : security_enabled_(false), | 48 : security_enabled_(false), |
45 database_info_table_name_(database_info_table_name) { | 49 database_info_table_name_(database_info_table_name), |
| 50 database_context_(database_context) { |
46 DCHECK(IsMainThread()); | 51 DCHECK(IsMainThread()); |
47 | 52 |
48 Reset(); | 53 Reset(); |
49 } | 54 } |
50 | 55 |
51 void DatabaseAuthorizer::Reset() { | 56 void DatabaseAuthorizer::Reset() { |
52 last_action_was_insert_ = false; | 57 last_action_was_insert_ = false; |
53 last_action_changed_database_ = false; | 58 last_action_changed_database_ = false; |
54 permissions_ = kReadWriteMask; | 59 permissions_ = kReadWriteMask; |
55 } | 60 } |
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 | 245 |
241 int DatabaseAuthorizer::CreateVTable(const String& table_name, | 246 int DatabaseAuthorizer::CreateVTable(const String& table_name, |
242 const String& module_name) { | 247 const String& module_name) { |
243 if (!AllowWrite()) | 248 if (!AllowWrite()) |
244 return kSQLAuthDeny; | 249 return kSQLAuthDeny; |
245 | 250 |
246 // Allow only the FTS3 extension | 251 // Allow only the FTS3 extension |
247 if (!DeprecatedEqualIgnoringCase(module_name, "fts3")) | 252 if (!DeprecatedEqualIgnoringCase(module_name, "fts3")) |
248 return kSQLAuthDeny; | 253 return kSQLAuthDeny; |
249 | 254 |
| 255 UseCounter::Count(database_context_->GetExecutionContext(), |
| 256 UseCounter::kWebDatabaseCreateDropFTS3Table); |
250 last_action_changed_database_ = true; | 257 last_action_changed_database_ = true; |
251 return DenyBasedOnTableName(table_name); | 258 return DenyBasedOnTableName(table_name); |
252 } | 259 } |
253 | 260 |
254 int DatabaseAuthorizer::DropVTable(const String& table_name, | 261 int DatabaseAuthorizer::DropVTable(const String& table_name, |
255 const String& module_name) { | 262 const String& module_name) { |
256 if (!AllowWrite()) | 263 if (!AllowWrite()) |
257 return kSQLAuthDeny; | 264 return kSQLAuthDeny; |
258 | 265 |
259 // Allow only the FTS3 extension | 266 // Allow only the FTS3 extension |
260 if (!DeprecatedEqualIgnoringCase(module_name, "fts3")) | 267 if (!DeprecatedEqualIgnoringCase(module_name, "fts3")) |
261 return kSQLAuthDeny; | 268 return kSQLAuthDeny; |
262 | 269 |
| 270 UseCounter::Count(database_context_->GetExecutionContext(), |
| 271 UseCounter::kWebDatabaseCreateDropFTS3Table); |
263 return UpdateDeletesBasedOnTableName(table_name); | 272 return UpdateDeletesBasedOnTableName(table_name); |
264 } | 273 } |
265 | 274 |
266 int DatabaseAuthorizer::AllowDelete(const String& table_name) { | 275 int DatabaseAuthorizer::AllowDelete(const String& table_name) { |
267 if (!AllowWrite()) | 276 if (!AllowWrite()) |
268 return kSQLAuthDeny; | 277 return kSQLAuthDeny; |
269 | 278 |
270 return UpdateDeletesBasedOnTableName(table_name); | 279 return UpdateDeletesBasedOnTableName(table_name); |
271 } | 280 } |
272 | 281 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
362 } | 371 } |
363 | 372 |
364 int DatabaseAuthorizer::UpdateDeletesBasedOnTableName( | 373 int DatabaseAuthorizer::UpdateDeletesBasedOnTableName( |
365 const String& table_name) { | 374 const String& table_name) { |
366 int allow = DenyBasedOnTableName(table_name); | 375 int allow = DenyBasedOnTableName(table_name); |
367 if (allow) | 376 if (allow) |
368 had_deletes_ = true; | 377 had_deletes_ = true; |
369 return allow; | 378 return allow; |
370 } | 379 } |
371 | 380 |
| 381 DEFINE_TRACE(DatabaseAuthorizer) { |
| 382 visitor->Trace(database_context_); |
| 383 } |
| 384 |
372 } // namespace blink | 385 } // namespace blink |
OLD | NEW |