Changeset 79159 in webkit
- Timestamp:
- Feb 20, 2011, 5:07:34 PM (14 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
xml/XSLTProcessorLibxslt.cpp (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r79158 r79159 1 2011-02-20 Alexey Proskuryakov <ap@apple.com> 2 3 Reviewed by Eric Seidel. 4 5 Tighten up access permissions by using libxslt API 6 https://bugs.webkit.org/show_bug.cgi?id=52688 7 <rdar://problem/8909191> 8 9 * xml/XSLTProcessorLibxslt.cpp: (WebCore::XSLTProcessor::transformToString): We are only 10 interested in a string result, so let libxslt know about that. 11 1 12 2011-02-20 Sheriff Bot <webkit.review.bot@gmail.com> 2 13 -
trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp
r74049 r79159 42 42 #include "markup.h" 43 43 #include <libxslt/imports.h> 44 #include <libxslt/security.h> 44 45 #include <libxslt/variables.h> 45 46 #include <libxslt/xsltutils.h> … … 62 63 SOFT_LINK(libxslt, xsltSaveResultTo, int, (xmlOutputBufferPtr buf, xmlDocPtr result, xsltStylesheetPtr style), (buf, result, style)) 63 64 SOFT_LINK(libxslt, xsltNextImport, xsltStylesheetPtr, (xsltStylesheetPtr style), (style)) 65 SOFT_LINK(libxslt, xsltNewSecurityPrefs, xsltSecurityPrefsPtr, (), ()) 66 SOFT_LINK(libxslt, xsltFreeSecurityPrefs, void, (xsltSecurityPrefsPtr sec), (sec)) 67 SOFT_LINK(libxslt, xsltSetSecurityPrefs, int, (xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func), (sec, option, func)) 68 SOFT_LINK(libxslt, xsltSetCtxtSecurityPrefs, int, (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt), (sec, ctxt)) 69 SOFT_LINK(libxslt, xsltSecurityForbid, int, (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char* value), (sec, ctxt, value)) 70 64 71 #endif 65 72 … … 316 323 registerXSLTExtensions(transformContext); 317 324 325 xsltSecurityPrefsPtr securityPrefs = xsltNewSecurityPrefs(); 326 // Read permissions are checked by docLoaderFunc. 327 if (0 != xsltSetSecurityPrefs(securityPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) 328 CRASH(); 329 if (0 != xsltSetSecurityPrefs(securityPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) 330 CRASH(); 331 if (0 != xsltSetSecurityPrefs(securityPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) 332 CRASH(); 333 if (0 != xsltSetCtxtSecurityPrefs(securityPrefs, transformContext)) 334 CRASH(); 335 318 336 // <http://bugs.webkit.org/show_bug.cgi?id=16077>: XSLT processor <xsl:sort> algorithm only compares by code point. 319 337 xsltSetCtxtSortFunc(transformContext, xsltUnicodeSortFunction); … … 329 347 330 348 xsltFreeTransformContext(transformContext); 349 xsltFreeSecurityPrefs(securityPrefs); 331 350 freeXsltParamArray(params); 332 351
Note:
See TracChangeset
for help on using the changeset viewer.