Commit 31d40d53 authored by darin's avatar darin

Reviewed by Trey, John, and Maciej, and given the seal of approval by Don.

	- fixed 3143317 -- plug-in supplied URLs cause correspondingly named files in /tmp to be deleted
	- fixed 3143330 -- plug-in supplied URLs can overwrite files used in other windows by same plug-in

        * Plugins.subproj/WebBaseNetscapePluginStream.h: Make path be a char * rather than an NSString.
        * Plugins.subproj/WebBaseNetscapePluginStream.m:
        (-[WebBaseNetscapePluginStream dealloc]): Use unlink() to delete the temporary file we made.
	Since we created the file, we know it doesn't have any fancy stuff like a resource fork.
        (-[WebBaseNetscapePluginStream finishedLoadingWithData:]): Create the file with mkstemp instead of
	trying to come up with our own filename. This eliminates the need to delete an old file (because we
	are guaranteed the file is new) and also mkstemp opens the file for us, so we just need to write
	the contents.

        * English.lproj/StringsNotToBeLocalized.txt: Updated for above changes.

        - unrelated change to help with other bug analysis

        * WebView.subproj/WebBaseResourceHandleDelegate.m: Added assertions.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3318 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent bd135e16
2003-01-13 Darin Adler <darin@apple.com>
Reviewed by Trey, John, and Maciej, and given the seal of approval by Don.
- fixed 3143317 -- plug-in supplied URLs cause correspondingly named files in /tmp to be deleted
- fixed 3143330 -- plug-in supplied URLs can overwrite files used in other windows by same plug-in
* Plugins.subproj/WebBaseNetscapePluginStream.h: Make path be a char * rather than an NSString.
* Plugins.subproj/WebBaseNetscapePluginStream.m:
(-[WebBaseNetscapePluginStream dealloc]): Use unlink() to delete the temporary file we made.
Since we created the file, we know it doesn't have any fancy stuff like a resource fork.
(-[WebBaseNetscapePluginStream finishedLoadingWithData:]): Create the file with mkstemp instead of
trying to come up with our own filename. This eliminates the need to delete an old file (because we
are guaranteed the file is new) and also mkstemp opens the file for us, so we just need to write
the contents.
* English.lproj/StringsNotToBeLocalized.txt: Updated for above changes.
- unrelated change to help with other bug analysis
* WebView.subproj/WebBaseResourceHandleDelegate.m: Added assertions.
2003-01-12 Chris Blumenberg <cblu@apple.com>
Fix for checking and creating proper download filenames.
......
......@@ -12,13 +12,11 @@
"(This file must be converted with BinHex 4.0)"
","
"-"
"."
".."
"/"
"/<!--frame%d-->-->"
"/Library/Internet Plug-Ins"
"/favicon.ico"
"/tmp/%@"
"/tmp/SafariPlugInStream.XXXXXX"
"0x0"
"1.00"
"1000"
......
......@@ -18,7 +18,7 @@
uint16 transferMode;
int32 offset;
NPStream stream;
NSString *path;
char *path;
void *notifyData;
WebNetscapePluginPackage *plugin;
......
......@@ -17,13 +17,16 @@ - (void)dealloc
{
ASSERT(stream.ndata == nil);
// FIXME: It's generally considered bad style to do work, like deleting a file,
// at dealloc time. We should change things around so that this is done at a
// more well-defined time rather than when the last release happens.
if (path) {
[[NSFileManager defaultManager] removeFileAtPath:path handler:nil];
unlink(path);
}
[URL release];
free((void *)stream.URL);
[path release];
free(path);
[plugin release];
[super dealloc];
......@@ -135,27 +138,30 @@ - (void)finishedLoadingWithData:(NSData *)data
return;
}
NSString *filename = [[URL path] lastPathComponent];
// It's very important to not do the below calls, like "removeFileAtPath:", on empty paths.
// That's the way you lose your "/tmp" directory.
if ([filename length] == 0
|| [filename isEqualToString:@"."]
|| [filename isEqualToString:@".."]
|| [filename isEqualToString:@"/"]) {
[self destroyStreamWithReason:NPRES_NETWORK_ERR];
return;
}
if (transferMode == NP_ASFILE || transferMode == NP_ASFILEONLY) {
// FIXME: Need to use something like mkstemp?
path = [[NSString stringWithFormat:@"/tmp/%@", filename] retain];
NSFileManager *fileManager = [NSFileManager defaultManager];
[fileManager removeFileAtPath:path handler:nil];
[fileManager createFileAtPath:path contents:data attributes:nil];
ASSERT(!path);
path = strdup("/tmp/SafariPlugInStream.XXXXXX");
int fd = mkstemp(path);
if (fd == -1) {
// This should almost never happen.
ERROR("can't make temporary file, almost certainly a problem with /tmp");
// This is not a network error, but the only error codes are "network error" and "user break".
[self destroyStreamWithReason:NPRES_NETWORK_ERR];
return;
}
int dataLength = [data length];
int byteCount = write(fd, [data bytes], dataLength);
int writeError = errno;
close(fd);
if (byteCount != dataLength) {
// This happens only rarely, when we are out of disk space or have a disk I/O error.
ERROR("error writing to temporary file, errno %d", writeError);
// This is not a network error, but the only error codes are "network error" and "user break".
[self destroyStreamWithReason:NPRES_NETWORK_ERR];
return;
}
// FIXME: Will cString use the correct character set?
NSString *carbonPath = [[NSFileManager defaultManager] _web_carbonPathForPath:path];
NSString *carbonPath = [[NSFileManager defaultManager] _web_carbonPathForPath:[NSString stringWithCString:path]];
NPP_StreamAsFile(instance, &stream, [carbonPath cString]);
LOG(Plugins, "NPP_StreamAsFile: %@", carbonPath);
}
......
......@@ -91,6 +91,9 @@ - (void)setDefersCallbacks:(BOOL)defers
- (void)setDataSource:(WebDataSource *)d
{
ASSERT(d);
ASSERT([d controller]);
[d retain];
[dataSource release];
dataSource = d;
......
......@@ -91,6 +91,9 @@ - (void)setDefersCallbacks:(BOOL)defers
- (void)setDataSource:(WebDataSource *)d
{
ASSERT(d);
ASSERT([d controller]);
[d retain];
[dataSource release];
dataSource = d;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment