More correctly handle username and password in FtpNetworkTransaction.

- prevent newline injection attacks
- correctly unescape credentials provided in the URL

TEST=Covered by net_unittests.
http://crbug.com/20336

Review URL: http://codereview.chromium.org/183046

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26305 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index 5f6b548..b8c8add 100644
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -1169,6 +1169,14 @@ std::string GetHostName() {
   return std::string(buffer);
 }
 
+void GetIdentityFromURL(const GURL& url,
+                        std::wstring* username,
+                        std::wstring* password) {
+  UnescapeRule::Type flags = UnescapeRule::SPACES;
+  *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags);
+  *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags);
+}
+
 void AppendFormattedHost(const GURL& url,
                          const std::wstring& languages,
                          std::wstring* output,