diff options
| author | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-03 01:10:07 +0000 |
|---|---|---|
| committer | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-03 01:10:07 +0000 |
| commit | 933a46df63d4c544e3d589f553b698f031f52249 (patch) | |
| tree | 90b5fbfbe15befd50856259606c6260265534e95 /chrome | |
| parent | 9bc8cff2f20eb98d86cfa77f5e75b5b3efc80ced (diff) | |
| download | chromium_src-933a46df63d4c544e3d589f553b698f031f52249.zip chromium_src-933a46df63d4c544e3d589f553b698f031f52249.tar.gz chromium_src-933a46df63d4c544e3d589f553b698f031f52249.tar.bz2 | |
Patch local file traversal bug by removing query, ref in path consideration in URLToFilePath()
BUG=40136
TEST=None
Review URL: http://codereview.chromium.org/1611004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43560 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/dom_ui/chrome_url_data_manager.cc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/chrome/browser/dom_ui/chrome_url_data_manager.cc b/chrome/browser/dom_ui/chrome_url_data_manager.cc index 73594d4..9049f9f 100644 --- a/chrome/browser/dom_ui/chrome_url_data_manager.cc +++ b/chrome/browser/dom_ui/chrome_url_data_manager.cc @@ -156,7 +156,15 @@ bool ChromeURLDataManager::URLToFilePath(const GURL& url, // Parse the URL into a request for a source and path. std::string source_name; std::string relative_path; - URLToRequest(url, &source_name, &relative_path); + + // Remove Query and Ref from URL. + GURL stripped_url; + GURL::Replacements replacements; + replacements.ClearQuery(); + replacements.ClearRef(); + stripped_url = url.ReplaceComponents(replacements); + + URLToRequest(stripped_url, &source_name, &relative_path); FileSourceMap::const_iterator i( Singleton<ChromeURLDataManager>()->file_sources_.find(source_name)); |