Commit 8c29e20a authored by darin@apple.com's avatar darin@apple.com

Make the setMetadataURL function foolproof by having it remove user info

https://bugs.webkit.org/show_bug.cgi?id=30178
rdar://problem/6544670

Patch by Darin Adler <darin@apple.com> on 2009-10-07
Reviewed by John Sullivan.

* Misc/WebNSFileManagerExtras.m:
(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):
Call _web_URLByRemovingUserInfo on the passed in URL string after converting
it to a URL, and then convert it back to a string.

* Misc/WebNSURLExtras.h: Added _web_URLByRemovingUserInfo.
* Misc/WebNSURLExtras.mm: Removed unused WebKitURLComponents struct.
(-[NSURL _web_URLByTruncatingOneCharacterBeforeComponent:]): Renamed to be
clearer on what this does.
(-[NSURL _webkit_URLByRemovingFragment]): Changed to call new name.
(-[NSURL _webkit_URLByRemovingResourceSpecifier]): Ditto.
(-[NSURL _web_URLByRemovingComponentAndSubsequentCharacter:]): Added.
(-[NSURL _web_URLByRemovingUserInfo]): Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49273 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 06f4370a
2009-10-07 Darin Adler <darin@apple.com>
Reviewed by John Sullivan.
Make the setMetadataURL function foolproof by having it remove user info
https://bugs.webkit.org/show_bug.cgi?id=30178
rdar://problem/6544670
* Misc/WebNSFileManagerExtras.m:
(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):
Call _web_URLByRemovingUserInfo on the passed in URL string after converting
it to a URL, and then convert it back to a string.
* Misc/WebNSURLExtras.h: Added _web_URLByRemovingUserInfo.
* Misc/WebNSURLExtras.mm: Removed unused WebKitURLComponents struct.
(-[NSURL _web_URLByTruncatingOneCharacterBeforeComponent:]): Renamed to be
clearer on what this does.
(-[NSURL _webkit_URLByRemovingFragment]): Changed to call new name.
(-[NSURL _webkit_URLByRemovingResourceSpecifier]): Ditto.
(-[NSURL _web_URLByRemovingComponentAndSubsequentCharacter:]): Added.
(-[NSURL _web_URLByRemovingUserInfo]): Added.
2009-10-07 Simon Fraser <simon.fraser@apple.com>
Make Dan Bernstein happy.
......
/*
* Copyright (C) 2005 Apple Computer, Inc. All rights reserved.
* Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -28,13 +28,13 @@
#import <WebKit/WebNSFileManagerExtras.h>
#import "WebKitNSStringExtras.h"
#import "WebNSURLExtras.h"
#import <WebCore/FoundationExtras.h>
#import <WebKit/WebKitNSStringExtras.h>
#import <WebKitSystemInterface.h>
#import <wtf/Assertions.h>
#import <pthread.h>
#import <sys/mount.h>
#import <JavaScriptCore/Assertions.h>
@implementation NSFileManager (WebNSFileManagerExtras)
......@@ -170,6 +170,10 @@ - (void)_webkit_setMetadataURL:(NSString *)URLString referrer:(NSString *)referr
{
ASSERT(URLString);
ASSERT(path);
NSURL *URL = [NSURL _web_URLWithUserTypedString:URLString];
if (URL)
URLString = [[URL _web_URLByRemovingUserInfo] _web_userVisibleString];
// Spawn a background thread for WKSetMetadataURL because this function will not return until mds has
// journaled the data we're're trying to set. Depending on what other I/O is going on, it can take some
......
/*
* Copyright (C) 2005 Apple Computer, Inc. All rights reserved.
* Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -28,6 +28,9 @@
#import <Foundation/Foundation.h>
// FIXME: Change method names back to _web_ from _webkit_ when identically-named
// methods are no longer present in Foundation.
@interface NSURL (WebNSURLExtras)
+ (NSURL *)_web_URLWithUserTypedString:(NSString *)string;
......@@ -52,12 +55,10 @@
- (BOOL)_web_isEmpty;
// FIXME: change these names back to _web_ when identically-named
// methods are removed from Foundation
- (NSURL *)_webkit_canonicalize;
- (NSURL *)_webkit_URLByRemovingFragment;
- (NSURL *)_webkit_URLByRemovingResourceSpecifier;
- (NSURL *)_web_URLByRemovingUserInfo;
- (BOOL)_webkit_isJavaScriptURL;
- (BOOL)_webkit_isFileURL;
......@@ -83,8 +84,6 @@
- (NSString *)_web_decodeHostName; // turns funny-looking ASCII form into Unicode, returns self if no decoding needed, convenient cover
- (NSString *)_web_encodeHostName; // turns Unicode into funny-looking ASCII form, returns self if no decoding needed, convenient cover
// FIXME: change these names back to _web_ when identically-named
// methods are removed from or renamed in Foundation
- (BOOL)_webkit_isJavaScriptURL;
- (BOOL)_webkit_isFTPDirectoryURL;
- (BOOL)_webkit_isFileURL;
......
/*
* Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved.
* Copyright (C) 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
* Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
*
* Redistribution and use in source and binary forms, with or without
......@@ -619,21 +619,9 @@ static CFStringRef createStringWithEscapedUnsafeCharacters(CFStringRef string)
return result;
}
typedef struct {
NSString *scheme;
NSString *user;
NSString *password;
NSString *host;
CFIndex port; // kCFNotFound means ignore/omit
NSString *path;
NSString *query;
NSString *fragment;
} WebKitURLComponents;
- (NSURL *)_webkit_URLByRemovingComponent:(CFURLComponentType)component
- (NSURL *)_web_URLByTruncatingOneCharacterBeforeComponent:(CFURLComponentType)component
{
CFRange fragRg = CFURLGetByteRangeForComponent((CFURLRef)self, component, NULL);
// Check to see if a fragment exists before decomposing the URL.
if (fragRg.location == kCFNotFound)
return self;
......@@ -656,12 +644,53 @@ typedef struct {
- (NSURL *)_webkit_URLByRemovingFragment
{
return [self _webkit_URLByRemovingComponent:kCFURLComponentFragment];
return [self _web_URLByTruncatingOneCharacterBeforeComponent:kCFURLComponentFragment];
}
- (NSURL *)_webkit_URLByRemovingResourceSpecifier
{
return [self _webkit_URLByRemovingComponent:kCFURLComponentResourceSpecifier];
return [self _web_URLByTruncatingOneCharacterBeforeComponent:kCFURLComponentResourceSpecifier];
}
- (NSURL *)_web_URLByRemovingComponentAndSubsequentCharacter:(CFURLComponentType)component
{
CFRange range = CFURLGetByteRangeForComponent((CFURLRef)self, component, 0);
if (range.location == kCFNotFound)
return self;
// Remove one subsequent character.
++range.length;
UInt8* urlBytes;
UInt8 buffer[2048];
CFIndex numBytes = CFURLGetBytes((CFURLRef)self, buffer, 2048);
if (numBytes == -1) {
numBytes = CFURLGetBytes((CFURLRef)self, NULL, 0);
urlBytes = static_cast<UInt8*>(malloc(numBytes));
CFURLGetBytes((CFURLRef)self, urlBytes, numBytes);
} else
urlBytes = buffer;
if (numBytes < range.location)
return self;
if (numBytes < range.location + range.length)
range.length = numBytes - range.location;
memmove(urlBytes + range.location, urlBytes + range.location + range.length, numBytes - range.location + range.length);
NSURL *result = (NSURL *)CFMakeCollectable(CFURLCreateWithBytes(NULL, urlBytes, numBytes - range.length, kCFStringEncodingUTF8, NULL));
if (!result)
result = (NSURL *)CFMakeCollectable(CFURLCreateWithBytes(NULL, urlBytes, numBytes - range.length, kCFStringEncodingISOLatin1, NULL));
if (urlBytes != buffer)
free(urlBytes);
return result ? [result autorelease] : self;
}
- (NSURL *)_web_URLByRemovingUserInfo
{
return [self _web_URLByRemovingComponentAndSubsequentCharacter:kCFURLComponentUserInfo];
}
- (BOOL)_webkit_isJavaScriptURL
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment