diff options
| -rw-r--r-- | chrome/browser/download/download_util_unittest.cc | 24 | ||||
| -rw-r--r-- | net/base/net_util.cc | 9 | ||||
| -rw-r--r-- | net/base/net_util_unittest.cc | 7 |
3 files changed, 28 insertions, 12 deletions
diff --git a/chrome/browser/download/download_util_unittest.cc b/chrome/browser/download/download_util_unittest.cc index f778ea8..9368938 100644 --- a/chrome/browser/download/download_util_unittest.cc +++ b/chrome/browser/download/download_util_unittest.cc @@ -42,17 +42,29 @@ const struct { "text/plain", L"my_download.txt"}, - // Disposition has relative paths, remove them + // Disposition has relative paths, remove directory separators {"filename=../../../../././../a_file_name.txt", "http://www.evil.com/my_download.txt", "text/plain", - L"a_file_name.txt"}, + L"_.._.._.._._._.._a_file_name.txt"}, - // Disposition has parent directories, remove them + // Disposition has parent directories, remove directory separators {"filename=dir1/dir2/a_file_name.txt", "http://www.evil.com/my_download.txt", "text/plain", - L"a_file_name.txt"}, + L"dir1_dir2_a_file_name.txt"}, + + // Disposition has relative paths, remove directory separators + {"filename=..\\..\\..\\..\\.\\.\\..\\a_file_name.txt", + "http://www.evil.com/my_download.txt", + "text/plain", + L"_.._.._.._._._.._a_file_name.txt"}, + + // Disposition has parent directories, remove directory separators + {"filename=dir1\\dir2\\a_file_name.txt", + "http://www.evil.com/my_download.txt", + "text/plain", + L"dir1_dir2_a_file_name.txt"}, // No useful information in disposition or URL, use default {"", "http://www.truncated.com/path/", "text/plain", @@ -183,12 +195,12 @@ const struct { {"filename=../foo.txt", "http://www.evil.com/../foo.txt", "text/plain", - L"foo.txt"}, + L"_foo.txt"}, {"filename=..\\foo.txt", "http://www.evil.com/..\\foo.txt", "text/plain", - L"foo.txt" + L"_foo.txt" }, {"filename=.hidden", diff --git a/net/base/net_util.cc b/net/base/net_util.cc index b4082ec..0528d50 100644 --- a/net/base/net_util.cc +++ b/net/base/net_util.cc @@ -1398,11 +1398,10 @@ string16 GetSuggestedFilename(const GURL& url, referrer_charset); if (!filename.empty()) { - // Remove any path information the server may have sent, take the name - // only. - std::string::size_type slashpos = filename.find_last_of("/\\"); - if (slashpos != std::string::npos) - filename = filename.substr(slashpos + 1); + // Replace any path information the server may have sent, by changing + // path separators with underscores. + ReplaceSubstringsAfterOffset(&filename, 0, "/", "_"); + ReplaceSubstringsAfterOffset(&filename, 0, "\\", "_"); // Next, remove "." from the beginning and end of the file name to avoid // tricks with hidden files, "..", and "." diff --git a/net/base/net_util_unittest.cc b/net/base/net_util_unittest.cc index bf51f1c..ebb3574 100644 --- a/net/base/net_util_unittest.cc +++ b/net/base/net_util_unittest.cc @@ -1098,7 +1098,12 @@ TEST(NetUtilTest, GetSuggestedFilename) { "Content-disposition: attachment; filename=\"../test.html\"", "", L"", - L"test.html"}, + L"_test.html"}, + {"http://www.google.com/", + "Content-disposition: attachment; filename=\"..\\test.html\"", + "", + L"", + L"_test.html"}, {"http://www.google.com/", "Content-disposition: attachment; filename=\"..\"", "", |