diff options
Diffstat (limited to 'chrome/browser')
| -rw-r--r-- | chrome/browser/webdata/web_database.cc | 9 | ||||
| -rw-r--r-- | chrome/browser/webdata/web_database.h | 1 | ||||
| -rw-r--r-- | chrome/browser/webdata/web_database_unittest.cc | 47 |
3 files changed, 57 insertions, 0 deletions
diff --git a/chrome/browser/webdata/web_database.cc b/chrome/browser/webdata/web_database.cc index 67699f0..948dc8c 100644 --- a/chrome/browser/webdata/web_database.cc +++ b/chrome/browser/webdata/web_database.cc @@ -1075,12 +1075,21 @@ bool WebDatabase::AddFormFieldValues(const std::vector<FormField>& elements, bool WebDatabase::AddFormFieldValuesTime(const std::vector<FormField>& elements, std::vector<AutofillChange>* changes, base::Time time) { + // Only add one new entry for each unique element name. Use |seen_names| to + // track this. Add up to |kMaximumUniqueNames| unique entries per form. + const size_t kMaximumUniqueNames = 256; + std::set<string16> seen_names; bool result = true; for (std::vector<FormField>::const_iterator itr = elements.begin(); itr != elements.end(); itr++) { + if (seen_names.size() >= kMaximumUniqueNames) + break; + if (seen_names.find(itr->name()) != seen_names.end()) + continue; result = result && AddFormFieldValueTime(*itr, changes, time); + seen_names.insert(itr->name()); } return result; } diff --git a/chrome/browser/webdata/web_database.h b/chrome/browser/webdata/web_database.h index 116816e..ca24cf9 100644 --- a/chrome/browser/webdata/web_database.h +++ b/chrome/browser/webdata/web_database.h @@ -284,6 +284,7 @@ class WebDatabase { FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_GetAllAutofillEntries_TwoSame); FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_UpdateDontReplace); + FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_AddFormFieldValues); // Methods for adding autofill entries at a specified time. For // testing only. bool AddFormFieldValuesTime( diff --git a/chrome/browser/webdata/web_database_unittest.cc b/chrome/browser/webdata/web_database_unittest.cc index 1daa2ed..566d042 100644 --- a/chrome/browser/webdata/web_database_unittest.cc +++ b/chrome/browser/webdata/web_database_unittest.cc @@ -906,6 +906,53 @@ TEST_F(WebDatabaseTest, Autofill_UpdateDontReplace) { EXPECT_EQ(1U, expected_entries.count(entry)); } +TEST_F(WebDatabaseTest, Autofill_AddFormFieldValues) { + WebDatabase db; + ASSERT_EQ(sql::INIT_OK, db.Init(file_)); + + Time t = Time::Now(); + + // Add multiple values for "firstname" and "lastname" names. Test that only + // first value of each gets added. Related to security issue: + // http://crbug.com/51727. + std::vector<FormField> elements; + elements.push_back(FormField(string16(), + ASCIIToUTF16("firstname"), + ASCIIToUTF16("Joe"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("firstname"), + ASCIIToUTF16("Jane"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("lastname"), + ASCIIToUTF16("Smith"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("lastname"), + ASCIIToUTF16("Jones"), + string16(), + 0)); + + std::vector<AutofillChange> changes; + db.AddFormFieldValuesTime(elements, &changes, t); + + ASSERT_EQ(2U, changes.size()); + EXPECT_EQ(changes[0], AutofillChange(AutofillChange::ADD, + AutofillKey(ASCIIToUTF16("firstname"), + ASCIIToUTF16("Joe")))); + EXPECT_EQ(changes[1], AutofillChange(AutofillChange::ADD, + AutofillKey(ASCIIToUTF16("lastname"), + ASCIIToUTF16("Smith")))); + + std::vector<AutofillEntry> all_entries; + ASSERT_TRUE(db.GetAllAutofillEntries(&all_entries)); + ASSERT_EQ(2U, all_entries.size()); +} + static bool AddTimestampedLogin(WebDatabase* db, std::string url, const std::string& unique_string, const Time& time) { |