diff options
Diffstat (limited to 'chromium/webkit/common/database/database_identifier.cc')
-rw-r--r-- | chromium/webkit/common/database/database_identifier.cc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/chromium/webkit/common/database/database_identifier.cc b/chromium/webkit/common/database/database_identifier.cc index 332dfb8b0cc..7bd53f77034 100644 --- a/chromium/webkit/common/database/database_identifier.cc +++ b/chromium/webkit/common/database/database_identifier.cc @@ -39,12 +39,12 @@ DatabaseIdentifier DatabaseIdentifier::CreateFromOrigin(const GURL& origin) { return UniqueFileIdentifier(); int port = origin.IntPort(); - if (port == url_parse::PORT_INVALID) + if (port == url::PORT_INVALID) return DatabaseIdentifier(); // We encode the default port for the specified scheme as 0. GURL // canonicalizes this as an unspecified port. - if (port == url_parse::PORT_UNSPECIFIED) + if (port == url::PORT_UNSPECIFIED) port = 0; return DatabaseIdentifier(origin.scheme(), @@ -56,8 +56,15 @@ DatabaseIdentifier DatabaseIdentifier::CreateFromOrigin(const GURL& origin) { // static DatabaseIdentifier DatabaseIdentifier::Parse(const std::string& identifier) { - if (!IsStringASCII(identifier)) + if (!base::IsStringASCII(identifier)) return DatabaseIdentifier(); + if (identifier.find("..") != std::string::npos) + return DatabaseIdentifier(); + char forbidden[] = {'\\', '/', ':' ,'\0'}; + if (identifier.find_first_of(forbidden, 0, arraysize(forbidden)) != + std::string::npos) { + return DatabaseIdentifier(); + } size_t first_underscore = identifier.find_first_of('_'); if (first_underscore == std::string::npos || first_underscore == 0) |