diff options
| author | dmaclach@chromium.org <dmaclach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-19 00:22:40 +0000 |
|---|---|---|
| committer | dmaclach@chromium.org <dmaclach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-19 00:22:40 +0000 |
| commit | 4860fb2f8603c38218240669f674f3807135147b (patch) | |
| tree | 110d5ea9babdb5487eda23f026a347fa9da587a6 /chrome | |
| parent | 8db79ed15cbc14788956c4456b22a289c4888762 (diff) | |
| download | chromium_src-4860fb2f8603c38218240669f674f3807135147b.zip chromium_src-4860fb2f8603c38218240669f674f3807135147b.tar.gz chromium_src-4860fb2f8603c38218240669f674f3807135147b.tar.bz2 | |
Fix up ExtensionResource::CombinePathsSafely so that it can handle paths with .. in them safely.
BUG=25131
TEST=Build unit_tests on Mac with default build location that contains a .. in the path.
Review URL: http://codereview.chromium.org/295001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29383 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/common/extensions/extension_resource.cc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/chrome/common/extensions/extension_resource.cc b/chrome/common/extensions/extension_resource.cc index f64354f..4ae2b0e 100644 --- a/chrome/common/extensions/extension_resource.cc +++ b/chrome/common/extensions/extension_resource.cc @@ -69,9 +69,15 @@ FilePath ExtensionResource::CombinePathsSafely( if (!net::FileURLToFilePath(file_url, &ret_val)) return FilePath(); + // Converting the extension_url back to a path removes all .. and . references + // that may have been in extension_path that would cause isParent to break. + FilePath sanitized_extension_path; + if (!net::FileURLToFilePath(extension_url, &sanitized_extension_path)) + return FilePath(); + // Double-check that the path we ended up with is actually inside the // extension root. - if (!extension_path.IsParent(ret_val)) + if (!sanitized_extension_path.IsParent(ret_val)) return FilePath(); return ret_val; |