Patch local file traversal bug by removing query, ref in path consideration in URLToFilePath()

Reviewed: http://codereview.chromium.org/1611004

BUG=40136
TEST=None

Review URL: http://codereview.chromium.org/1559015

git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@43561 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 1 deletions

diff --git a/chrome/browser/dom_ui/chrome_url_data_manager.cc b/chrome/browser/dom_ui/chrome_url_data_manager.cc
index 8e235e6..b8b43b6 100644
--- a/chrome/browser/dom_ui/chrome_url_data_manager.cc
+++ b/chrome/browser/dom_ui/chrome_url_data_manager.cc
@@ -166,7 +166,15 @@ bool ChromeURLDataManager::URLToFilePath(const GURL& url,
   // Parse the URL into a request for a source and path.
   std::string source_name;
   std::string relative_path;
-  URLToRequest(url, &source_name, &relative_path);
+
+  // Remove Query and Ref from URL.
+  GURL stripped_url;
+  GURL::Replacements replacements;
+  replacements.ClearQuery();
+  replacements.ClearRef();
+  stripped_url = url.ReplaceComponents(replacements);
+
+  URLToRequest(stripped_url, &source_name, &relative_path);
 
   FileSourceMap::const_iterator i(
       Singleton<ChromeURLDataManager>()->file_sources_.find(source_name));