diff options
| author | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 22:05:15 +0000 |
|---|---|---|
| committer | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 22:05:15 +0000 |
| commit | 3ab2df689c216f35ef744a64d6cff3f87127d61d (patch) | |
| tree | 65343405efc9a23650990c00e1ce45c0e9f2f0b5 /chrome/browser | |
| parent | 96014816e11833ec2d8551dabb5ff1d2bf57f710 (diff) | |
| download | chromium_src-3ab2df689c216f35ef744a64d6cff3f87127d61d.zip chromium_src-3ab2df689c216f35ef744a64d6cff3f87127d61d.tar.gz chromium_src-3ab2df689c216f35ef744a64d6cff3f87127d61d.tar.bz2 | |
This patch strips out the http auth credentials before storing it in History DB.
BUG=20318
TEST=Visit a url having auth credentials. Check history db to see url stored without credentials.
Review URL: http://codereview.chromium.org/1012001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41773 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
| -rw-r--r-- | chrome/browser/autocomplete/history_url_provider_unittest.cc | 5 | ||||
| -rw-r--r-- | chrome/browser/history/history_backend.h | 1 | ||||
| -rw-r--r-- | chrome/browser/history/history_backend_unittest.cc | 22 | ||||
| -rw-r--r-- | chrome/browser/history/url_database.cc | 10 |
4 files changed, 32 insertions, 6 deletions
diff --git a/chrome/browser/autocomplete/history_url_provider_unittest.cc b/chrome/browser/autocomplete/history_url_provider_unittest.cc index 45e1426..9e2f159 100644 --- a/chrome/browser/autocomplete/history_url_provider_unittest.cc +++ b/chrome/browser/autocomplete/history_url_provider_unittest.cc @@ -83,11 +83,10 @@ static TestURLInfo test_db[] = { {"http://go/", L"Intranet URL", 1, 1}, {"http://gooey/", L"Intranet URL 2", 5, 5}, - // URLs for testing offset adjustment + // URLs for testing offset adjustment. {"http://www.\xEA\xB5\x90\xEC\x9C\xA1.kr/", L"Korean", 2, 2}, {"http://spaces.com/path%20with%20spaces/foo.html", L"Spaces", 2, 2}, {"http://ms/c++%20style%20guide", L"Style guide", 2, 2}, - {"http://foo:bar@baz.com/", L"HTTP auth", 2, 2}, }; class HistoryURLProviderTest : public testing::Test, @@ -405,8 +404,6 @@ TEST_F(HistoryURLProviderTest, AdjustOffset) { RunAdjustOffsetTest(L"http://www.\uAD50\uC721", 13); RunAdjustOffsetTest(L"http://spaces.com/path%20with%20spa", 31); RunAdjustOffsetTest(L"http://ms/c++ s", 15); - RunAdjustOffsetTest(L"http://foo:ba", std::wstring::npos); - RunAdjustOffsetTest(L"http://foo:bar@ba", 9); } TEST_F(HistoryURLProviderTestNoDB, NavigateWithoutDB) { diff --git a/chrome/browser/history/history_backend.h b/chrome/browser/history/history_backend.h index 54d8d63..34817a7 100644 --- a/chrome/browser/history/history_backend.h +++ b/chrome/browser/history/history_backend.h @@ -279,6 +279,7 @@ class HistoryBackend : public base::RefCountedThreadSafe<HistoryBackend>, FRIEND_TEST(HistoryBackendTest, DeleteAll); FRIEND_TEST(HistoryBackendTest, ImportedFaviconsTest); FRIEND_TEST(HistoryBackendTest, URLsNoLongerBookmarked); + FRIEND_TEST(HistoryBackendTest, StripUsernamePasswordTest); friend class ::TestingProfile; ~HistoryBackend(); diff --git a/chrome/browser/history/history_backend_unittest.cc b/chrome/browser/history/history_backend_unittest.cc index d3d28a4..e1c8d47 100644 --- a/chrome/browser/history/history_backend_unittest.cc +++ b/chrome/browser/history/history_backend_unittest.cc @@ -564,4 +564,26 @@ TEST_F(HistoryBackendTest, ImportedFaviconsTest) { EXPECT_TRUE(url_row3.visit_count() == 0); } +TEST_F(HistoryBackendTest, StripUsernamePasswordTest) { + ASSERT_TRUE(backend_.get()); + + GURL url("http://anyuser:anypass@www.google.com"); + GURL stripped_url("http://www.google.com"); + + // Clear all history. + backend_->DeleteAllHistory(); + + // Visit the url with username, password. + backend_->AddPageVisit(url, base::Time::Now(), 0, + PageTransition::GetQualifier(PageTransition::TYPED)); + + // Fetch the row information about stripped url from history db. + VisitVector visits; + URLID row_id = backend_->db_->GetRowForURL(stripped_url, NULL); + backend_->db_->GetVisitsForURL(row_id, &visits); + + // Check if stripped url is stored in database. + ASSERT_EQ(1U, visits.size()); +} + } // namespace history diff --git a/chrome/browser/history/url_database.cc b/chrome/browser/history/url_database.cc index 27eabd3..c5c6199 100644 --- a/chrome/browser/history/url_database.cc +++ b/chrome/browser/history/url_database.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -38,7 +38,13 @@ URLDatabase::~URLDatabase() { // static std::string URLDatabase::GURLToDatabaseURL(const GURL& gurl) { // TODO(brettw): do something fancy here with encoding, etc. - return gurl.spec(); + + // Strip username and password from URL before sending to DB. + GURL::Replacements replacements; + replacements.ClearUsername(); + replacements.ClearPassword(); + + return (gurl.ReplaceComponents(replacements)).spec(); } // Convenience to fill a history::URLRow. Must be in sync with the fields in |