diff options
author | ericu@google.com <ericu@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-09 02:12:35 +0000 |
---|---|---|
committer | ericu@google.com <ericu@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-09 02:12:35 +0000 |
commit | d232fcfd4193f66833fb60ade258c2dde7995329 (patch) | |
tree | 765ae2295d1c0bf06136bf39f64b9b216b81ff27 /webkit/fileapi/file_system_path_manager.cc | |
parent | e0cf664f805d83c64e648e011786de1dc29c9f21 (diff) | |
download | chromium_src-d232fcfd4193f66833fb60ade258c2dde7995329.zip chromium_src-d232fcfd4193f66833fb60ade258c2dde7995329.tar.gz chromium_src-d232fcfd4193f66833fb60ade258c2dde7995329.tar.bz2 |
More filesystem cleanup: convert URL-encoded-as-FilePath to actual URL, where
possible without WebKit API changes. The WebKit changes will happen in another
CL.
This is a resubmit of http://codereview.chromium.org/6767010/, which bounced due
to a recent checkin that required a merge. There are a few changes here that
weren't there [in file_system_operation_write_unittest.cc and
file_system_operation.cc], but they're pretty trivial build/test fixes.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6813066
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81028 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/fileapi/file_system_path_manager.cc')
-rw-r--r-- | webkit/fileapi/file_system_path_manager.cc | 100 |
1 files changed, 23 insertions, 77 deletions
diff --git a/webkit/fileapi/file_system_path_manager.cc b/webkit/fileapi/file_system_path_manager.cc index 558dc31..16fc60b 100644 --- a/webkit/fileapi/file_system_path_manager.cc +++ b/webkit/fileapi/file_system_path_manager.cc @@ -100,83 +100,6 @@ FilePath FileSystemPathManager::GetFileSystemRootPathOnFileThread( } } -bool FileSystemPathManager::CrackFileSystemPath( - const FilePath& path, GURL* origin_url, FileSystemType* type, - FilePath* virtual_path) const { - // TODO(ericu): - // Paths come in here [for now] as a URL, followed by a virtual path in - // platform format. For example, on Windows, this will look like - // filesystem:http://www.example.com/temporary/\path\to\file.txt. - // A potentially dangerous malicious path on Windows might look like: - // filesystem:http://www.example.com/temporary/foo/../../\path\to\file.txt. - // This code is ugly, but will get cleaned up as we fix the calling side. - // Eventually there won't be a distinction between a filesystem path and a - // filesystem URL--they'll all be URLs. - // We should be passing these to WebKit as string, not FilePath, for ease of - // manipulation, or possibly as GURL/KURL. - - std::string path_as_string; -#ifdef OS_WIN - path_as_string = WideToUTF8(path.value()); -#else - path_as_string = path.value(); -#endif - GURL path_as_url(path_as_string); - - FilePath local_path; - GURL local_url; - FileSystemType local_type; - if (!CrackFileSystemURL(path_as_url, &local_url, &local_type, &local_path)) - return false; - -#if defined(FILE_PATH_USES_WIN_SEPARATORS) - // TODO(ericu): This puts the separators back to windows-standard; they come - // out of the above code as '/' no matter the platform. Long-term, we'll - // want to let the underlying FileSystemFileUtil implementation do this part, - // since they won't all need it. - local_path = local_path.NormalizeWindowsPathSeparators(); -#endif - - // Check if file access to this type of file system is allowed - // for this origin. - switch (local_type) { - case kFileSystemTypeTemporary: - case kFileSystemTypePersistent: - if (!sandbox_provider_->IsAccessAllowed(local_url)) - return false; - break; - case kFileSystemTypeLocal: - if (!local_provider_.get() || - !local_provider_->IsAccessAllowed(local_url)) { - return false; - } - break; - case kFileSystemTypeUnknown: - default: - NOTREACHED(); - return false; - } - // Any paths that include parent references are considered invalid. - // These should have been taken care of in CrackFileSystemURL. - DCHECK(!local_path.ReferencesParent()); - - // The given |local_path| seems valid. Populates the |origin_url|, |type| - // and |virtual_path| if they are given. - - if (origin_url) { - *origin_url = local_url; - } - - if (type) - *type = local_type; - - if (virtual_path) { - *virtual_path = local_path; - } - - return true; -} - bool FileSystemPathManager::IsAllowedScheme(const GURL& url) const { // Basically we only accept http or https. We allow file:// URLs // only if --allow-file-access-from-files flag is given. @@ -212,6 +135,29 @@ bool FileSystemPathManager::IsRestrictedFileName( } } +// Checks if an origin has access to a particular filesystem type. +bool FileSystemPathManager::IsAllowedFileSystemType( + GURL origin, FileSystemType type) { + switch (type) { + case kFileSystemTypeTemporary: + case kFileSystemTypePersistent: + if (!sandbox_provider_->IsAccessAllowed(origin)) + return false; + break; + case kFileSystemTypeLocal: + if (!local_provider_.get() || + !local_provider_->IsAccessAllowed(origin)) { + return false; + } + break; + case kFileSystemTypeUnknown: + default: + NOTREACHED(); + return false; + } + return true; +} + } // namespace fileapi COMPILE_ASSERT(int(WebFileSystem::TypeTemporary) == \ |