Autocomplete entries submitted are limited in number.

Limits the number of Autocomplete entries added to the WebDB, per form submission, to a maximum of 256. If elements occur that have duplicate names, only the first occurrence is added. BUG=51727 TEST=WebDatabaseTest.Autofill_AddFormFieldValues Review URL: http://codereview.chromium.org/3143005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55781 0039d316-1c4b-4281-b951-d872f2087c98
author: dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-11 21:03:29 +0000
committer: dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-11 21:03:29 +0000
commit: faa43b74c1f27b8f81c0e5d672ae9b62088ce29a (patch)
tree: 4e855dbdf9571ff94a221e1e1d4c247570ad34e3 /chrome/browser
parent: 277d5942c22b06bbcc6288a8d60721d5841be014 (diff)
download: chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.zip
chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.tar.gz
chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.tar.bz2
3 files changed, 57 insertions, 0 deletions
diff --git a/chrome/browser/webdata/web_database.cc b/chrome/browser/webdata/web_database.cc
index 67699f0..948dc8c 100644
--- a/chrome/browser/webdata/web_database.cc
+++ b/chrome/browser/webdata/web_database.cc
@@ -1075,12 +1075,21 @@ bool WebDatabase::AddFormFieldValues(const std::vector<FormField>& elements,
 bool WebDatabase::AddFormFieldValuesTime(const std::vector<FormField>& elements,
                                          std::vector<AutofillChange>* changes,
                                          base::Time time) {
+  // Only add one new entry for each unique element name.  Use |seen_names| to
+  // track this.  Add up to |kMaximumUniqueNames| unique entries per form.
+  const size_t kMaximumUniqueNames = 256;
+  std::set<string16> seen_names;
   bool result = true;
   for (std::vector<FormField>::const_iterator
        itr = elements.begin();
        itr != elements.end();
        itr++) {
+    if (seen_names.size() >= kMaximumUniqueNames)
+      break;
+    if (seen_names.find(itr->name()) != seen_names.end())
+      continue;
     result = result && AddFormFieldValueTime(*itr, changes, time);
+    seen_names.insert(itr->name());
   }
   return result;
 }
diff --git a/chrome/browser/webdata/web_database.h b/chrome/browser/webdata/web_database.h
index 116816e..ca24cf9 100644
--- a/chrome/browser/webdata/web_database.h
+++ b/chrome/browser/webdata/web_database.h
@@ -284,6 +284,7 @@ class WebDatabase {
   FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest,
                            Autofill_GetAllAutofillEntries_TwoSame);
   FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_UpdateDontReplace);
+  FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_AddFormFieldValues);
   // Methods for adding autofill entries at a specified time.  For
   // testing only.
   bool AddFormFieldValuesTime(
diff --git a/chrome/browser/webdata/web_database_unittest.cc b/chrome/browser/webdata/web_database_unittest.cc
index 1daa2ed..566d042 100644
--- a/chrome/browser/webdata/web_database_unittest.cc
+++ b/chrome/browser/webdata/web_database_unittest.cc
@@ -906,6 +906,53 @@ TEST_F(WebDatabaseTest, Autofill_UpdateDontReplace) {
   EXPECT_EQ(1U, expected_entries.count(entry));
 }
 
+TEST_F(WebDatabaseTest, Autofill_AddFormFieldValues) {
+  WebDatabase db;
+  ASSERT_EQ(sql::INIT_OK, db.Init(file_));
+
+  Time t = Time::Now();
+
+  // Add multiple values for "firstname" and "lastname" names.  Test that only
+  // first value of each gets added. Related to security issue:
+  // http://crbug.com/51727.
+  std::vector<FormField> elements;
+  elements.push_back(FormField(string16(),
+                               ASCIIToUTF16("firstname"),
+                               ASCIIToUTF16("Joe"),
+                               string16(),
+                               0));
+  elements.push_back(FormField(string16(),
+                               ASCIIToUTF16("firstname"),
+                               ASCIIToUTF16("Jane"),
+                               string16(),
+                               0));
+  elements.push_back(FormField(string16(),
+                               ASCIIToUTF16("lastname"),
+                               ASCIIToUTF16("Smith"),
+                               string16(),
+                               0));
+  elements.push_back(FormField(string16(),
+                               ASCIIToUTF16("lastname"),
+                               ASCIIToUTF16("Jones"),
+                               string16(),
+                               0));
+
+  std::vector<AutofillChange> changes;
+  db.AddFormFieldValuesTime(elements, &changes, t);
+
+  ASSERT_EQ(2U, changes.size());
+  EXPECT_EQ(changes[0], AutofillChange(AutofillChange::ADD,
+                                       AutofillKey(ASCIIToUTF16("firstname"),
+                                       ASCIIToUTF16("Joe"))));
+  EXPECT_EQ(changes[1], AutofillChange(AutofillChange::ADD,
+                                       AutofillKey(ASCIIToUTF16("lastname"),
+                                       ASCIIToUTF16("Smith"))));
+
+  std::vector<AutofillEntry> all_entries;
+  ASSERT_TRUE(db.GetAllAutofillEntries(&all_entries));
+  ASSERT_EQ(2U, all_entries.size());
+}
+
 static bool AddTimestampedLogin(WebDatabase* db, std::string url,
                                 const std::string& unique_string,
                                 const Time& time) {
author	dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-11 21:03:29 +0000
committer	dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-11 21:03:29 +0000
commit	faa43b74c1f27b8f81c0e5d672ae9b62088ce29a (patch)
tree	4e855dbdf9571ff94a221e1e1d4c247570ad34e3 /chrome/browser
parent	277d5942c22b06bbcc6288a8d60721d5841be014 (diff)
download	chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.zip chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.tar.gz chromium_src-faa43b74c1f27b8f81c0e5d672ae9b62088ce29a.tar.bz2