diff options
Diffstat (limited to 'webkit/fileapi/file_system_path_manager.cc')
-rw-r--r-- | webkit/fileapi/file_system_path_manager.cc | 100 |
1 files changed, 23 insertions, 77 deletions
diff --git a/webkit/fileapi/file_system_path_manager.cc b/webkit/fileapi/file_system_path_manager.cc index 558dc31..16fc60b 100644 --- a/webkit/fileapi/file_system_path_manager.cc +++ b/webkit/fileapi/file_system_path_manager.cc @@ -100,83 +100,6 @@ FilePath FileSystemPathManager::GetFileSystemRootPathOnFileThread( } } -bool FileSystemPathManager::CrackFileSystemPath( - const FilePath& path, GURL* origin_url, FileSystemType* type, - FilePath* virtual_path) const { - // TODO(ericu): - // Paths come in here [for now] as a URL, followed by a virtual path in - // platform format. For example, on Windows, this will look like - // filesystem:http://www.example.com/temporary/\path\to\file.txt. - // A potentially dangerous malicious path on Windows might look like: - // filesystem:http://www.example.com/temporary/foo/../../\path\to\file.txt. - // This code is ugly, but will get cleaned up as we fix the calling side. - // Eventually there won't be a distinction between a filesystem path and a - // filesystem URL--they'll all be URLs. - // We should be passing these to WebKit as string, not FilePath, for ease of - // manipulation, or possibly as GURL/KURL. - - std::string path_as_string; -#ifdef OS_WIN - path_as_string = WideToUTF8(path.value()); -#else - path_as_string = path.value(); -#endif - GURL path_as_url(path_as_string); - - FilePath local_path; - GURL local_url; - FileSystemType local_type; - if (!CrackFileSystemURL(path_as_url, &local_url, &local_type, &local_path)) - return false; - -#if defined(FILE_PATH_USES_WIN_SEPARATORS) - // TODO(ericu): This puts the separators back to windows-standard; they come - // out of the above code as '/' no matter the platform. Long-term, we'll - // want to let the underlying FileSystemFileUtil implementation do this part, - // since they won't all need it. - local_path = local_path.NormalizeWindowsPathSeparators(); -#endif - - // Check if file access to this type of file system is allowed - // for this origin. - switch (local_type) { - case kFileSystemTypeTemporary: - case kFileSystemTypePersistent: - if (!sandbox_provider_->IsAccessAllowed(local_url)) - return false; - break; - case kFileSystemTypeLocal: - if (!local_provider_.get() || - !local_provider_->IsAccessAllowed(local_url)) { - return false; - } - break; - case kFileSystemTypeUnknown: - default: - NOTREACHED(); - return false; - } - // Any paths that include parent references are considered invalid. - // These should have been taken care of in CrackFileSystemURL. - DCHECK(!local_path.ReferencesParent()); - - // The given |local_path| seems valid. Populates the |origin_url|, |type| - // and |virtual_path| if they are given. - - if (origin_url) { - *origin_url = local_url; - } - - if (type) - *type = local_type; - - if (virtual_path) { - *virtual_path = local_path; - } - - return true; -} - bool FileSystemPathManager::IsAllowedScheme(const GURL& url) const { // Basically we only accept http or https. We allow file:// URLs // only if --allow-file-access-from-files flag is given. @@ -212,6 +135,29 @@ bool FileSystemPathManager::IsRestrictedFileName( } } +// Checks if an origin has access to a particular filesystem type. +bool FileSystemPathManager::IsAllowedFileSystemType( + GURL origin, FileSystemType type) { + switch (type) { + case kFileSystemTypeTemporary: + case kFileSystemTypePersistent: + if (!sandbox_provider_->IsAccessAllowed(origin)) + return false; + break; + case kFileSystemTypeLocal: + if (!local_provider_.get() || + !local_provider_->IsAccessAllowed(origin)) { + return false; + } + break; + case kFileSystemTypeUnknown: + default: + NOTREACHED(); + return false; + } + return true; +} + } // namespace fileapi COMPILE_ASSERT(int(WebFileSystem::TypeTemporary) == \ |