Replace whitespace at beginning and end of file with hyphens, rather than silently discarding.

BUG=90217 TEST=all Review URL: http://codereview.chromium.org/7647014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98148 0039d316-1c4b-4281-b951-d872f2087c98
author: kenrb@chromium.org <kenrb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-24 23:58:19 +0000
committer: kenrb@chromium.org <kenrb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-24 23:58:19 +0000
commit: e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9 (patch)
tree: 9bdb61e628b957fd7dc66709e9b5a807d2a58e5f /net
parent: 3bc0b560d93f137fc0f4a0ca16ef722d9dc80652 (diff)
download: chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.zip
chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.tar.gz
chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.tar.bz2
2 files changed, 52 insertions, 6 deletions
diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index 0be8daa..a288a62 100644..100755
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -158,6 +158,18 @@ static const int kAllowedFtpPorts[] = {
   22,   // ssh
 };
 
+std::string::size_type CountTrailingChars(
+    const std::string input,
+    const std::string::value_type trailing_chars[]) {
+  const std::string::size_type last_good_char =
+      input.find_last_not_of(trailing_chars);
+
+  if (last_good_char == std::string::npos)
+    return input.length();
+  else
+    return input.length() - last_good_char - 1;
+}
+
 // Similar to Base64Decode. Decodes a Q-encoded string to a sequence
 // of bytes. If input is invalid, return false.
 bool QPDecode(const std::string& input, std::string* output) {
@@ -1458,15 +1470,32 @@ string16 GetSuggestedFilename(const GURL& url,
     filename = url.host();
   }
 
+#if defined(OS_WIN)
+  std::string::size_type trimmed_trailing_character_count =
+      CountTrailingChars(filename, " .");
+#endif
   SanitizeGeneratedFileName(filename);
   // Sanitization can cause the filename to disappear (e.g.: if the filename
   // consisted entirely of spaces and '.'s), in which case we use the default.
-  if (filename.empty() && default_name.empty())
-    filename = kFinalFallbackName;
+  if (filename.empty()) {
+#if defined(OS_WIN)
+    trimmed_trailing_character_count = 0;
+#endif
+    if (default_name.empty())
+      filename = kFinalFallbackName;
+  }
 
 #if defined(OS_WIN)
   string16 path = (filename.empty())? default_name : UTF8ToUTF16(filename);
+  // On Windows we want to preserve or replace all characters including
+  // whitespace to prevent file extension obfuscation on trusted websites
+  // e.g. Gmail might think evil.exe. is safe, so we don't want it to become
+  // evil.exe when we download it
+  std::wstring::size_type path_length_before_trim = path.length();
+  TrimWhitespace(path, TRIM_TRAILING, &path);
+  trimmed_trailing_character_count += path_length_before_trim - path.length();
   file_util::ReplaceIllegalCharactersInPath(&path, '-');
+  path.append(trimmed_trailing_character_count, '-');
   FilePath result(path);
   GenerateSafeFileName(mime_type, &result);
   return result.value();
diff --git a/net/base/net_util_unittest.cc b/net/base/net_util_unittest.cc
index d8879fe..6439558 100644..100755
--- a/net/base/net_util_unittest.cc
+++ b/net/base/net_util_unittest.cc
@@ -1858,7 +1858,7 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "binary/octet-stream",
       L"download",
-      L"evil.exe"
+      L"evil.exe-"
     },
     {
       "http://www.goodguy.com/evil.exe.",
@@ -1867,7 +1867,7 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "binary/octet-stream",
       L"download",
-      L"evil.exe"
+      L"evil.exe-"
     },
     {
       "http://www.goodguy.com/evil.exe.  .  .",
@@ -1876,7 +1876,7 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "binary/octet-stream",
       L"download",
-      L"evil.exe"
+      L"evil.exe-------"
     },
     {
       "http://www.goodguy.com/evil.",
@@ -1885,7 +1885,7 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "binary/octet-stream",
       L"download",
-      L"evil"
+      L"evil-"
     },
     {
       "http://www.goodguy.com/. . . . .",
@@ -1896,6 +1896,15 @@ TEST(NetUtilTest, GenerateFileName) {
       L"download",
       L"download"
     },
+    {
+      "http://www.badguy.com/attachment?name=meh.exe%C2%A0",
+      "attachment; filename=\"meh.exe\xC2\xA0\"",
+      "",
+      "",
+      "binary/octet-stream",
+      L"",
+      L"meh.exe-"
+    },
 #endif  // OS_WIN
     {
       "http://www.goodguy.com/utils.js",
@@ -1994,7 +2003,11 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "dance/party",
       L"download",
+#if defined(OS_WIN)
+      L"trailing-"
+#else
       L"trailing"
+#endif //OS_WIN
     },
     {
       "http://www.evil.com/trailing.",
@@ -2003,7 +2016,11 @@ TEST(NetUtilTest, GenerateFileName) {
       "",
       "text/plain",
       L"download",
+#if defined(OS_WIN)
+      L"trailing-" TXT_EXT
+#else
       L"trailing" TXT_EXT
+#endif //OS_WIN
     },
     {
       "http://www.evil.com/.",
author	kenrb@chromium.org <kenrb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-24 23:58:19 +0000
committer	kenrb@chromium.org <kenrb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-24 23:58:19 +0000
commit	e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9 (patch)
tree	9bdb61e628b957fd7dc66709e9b5a807d2a58e5f /net
parent	3bc0b560d93f137fc0f4a0ca16ef722d9dc80652 (diff)
download	chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.zip chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.tar.gz chromium_src-e83da753f6fcbccdea0a66d8ac04c6d2c4ecbeb9.tar.bz2