Changeset 50072 in webkit
- Timestamp:
- Oct 26, 2009 10:26:26 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r50071 r50072 1 2009-10-23 Alexey Proskuryakov <ap@apple.com> 2 3 Reviewed by Adam Barth and Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=30723 6 <rdar://problem/6189415> Input names added to multipart/form-data headers need to be escaped. 7 8 * http/tests/security/escape-form-data-field-names-expected.txt: Added. 9 * http/tests/security/escape-form-data-field-names.html: Added. 10 * http/tests/security/resources/escape-form-data-field-names.cgi: Added. 11 1 12 2009-10-26 Andras Becsi <becsi.andras@stud.u-szeged.hu> 2 13 -
trunk/WebCore/ChangeLog
r50068 r50072 1 2009-10-23 Alexey Proskuryakov <ap@apple.com> 2 3 Reviewed by Adam Barth and Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=30723 6 <rdar://problem/6189415> Input names added to multipart/form-data headers need to be escaped. 7 8 Test: http/tests/security/escape-form-data-field-names.html 9 10 * platform/network/FormDataBuilder.cpp: 11 (WebCore::appendQuotedString): 12 (WebCore::FormDataBuilder::beginMultiPartHeader): 13 (WebCore::FormDataBuilder::addFilenameToMultiPartHeader): 14 Percent-escape line breaks and quotation marks. 15 1 16 2009-10-26 Kelly Norton <knorton@google.com> 2 17 -
trunk/WebCore/platform/network/FormDataBuilder.cpp
r39432 r50072 107 107 { 108 108 buffer.append(string.data(), string.length()); 109 } 110 111 static void appendQuotedString(Vector<char>& buffer, const CString& string) 112 { 113 // Append a string as a quoted value, escaping quotes and line breaks. 114 // FIXME: Is it correct to use percent escaping here? Other browsers do not encode these characters yet, 115 // so we should test popular servers to find out if there is an encoding form they can handle. 116 unsigned length = string.length(); 117 for (unsigned i = 0; i < length; ++i) { 118 unsigned char c = string.data()[i]; 119 120 switch (c) { 121 case 0x0a: 122 append(buffer, "%0A"); 123 break; 124 case 0x0d: 125 append(buffer, "%0D"); 126 break; 127 case '"': 128 append(buffer, "%22"); 129 break; 130 case '%': 131 append(buffer, "%25"); 132 break; 133 default: 134 append(buffer, c); 135 } 136 } 109 137 } 110 138 … … 162 190 addBoundaryToMultiPartHeader(buffer, boundary); 163 191 192 // FIXME: This loses data irreversibly if the input name includes characters you can't encode 193 // in the website's character set. 164 194 append(buffer, "Content-Disposition: form-data; name=\""); 165 append (buffer, name);195 appendQuotedString(buffer, name); 166 196 append(buffer, '"'); 167 197 } … … 180 210 void FormDataBuilder::addFilenameToMultiPartHeader(Vector<char>& buffer, const TextEncoding& encoding, const String& filename) 181 211 { 182 // FIXME: This won't work if the filename includes a " mark, 183 // or control characters like CR or LF. This also does strange 184 // things if the filename includes characters you can't encode 212 // FIXME: This loses data irreversibly if the filename includes characters you can't encode 185 213 // in the website's character set. 186 214 append(buffer, "; filename=\""); 187 append (buffer, encoding.encode(filename.characters(), filename.length(), QuestionMarksForUnencodables));215 appendQuotedString(buffer, encoding.encode(filename.characters(), filename.length(), QuestionMarksForUnencodables)); 188 216 append(buffer, '"'); 189 217 }
Note: See TracChangeset
for help on using the changeset viewer.