summaryrefslogtreecommitdiffstats
path: root/chromium/webkit/common/database/database_identifier.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/webkit/common/database/database_identifier.cc')
-rw-r--r--chromium/webkit/common/database/database_identifier.cc13
1 files changed, 10 insertions, 3 deletions
diff --git a/chromium/webkit/common/database/database_identifier.cc b/chromium/webkit/common/database/database_identifier.cc
index 332dfb8b0cc..7bd53f77034 100644
--- a/chromium/webkit/common/database/database_identifier.cc
+++ b/chromium/webkit/common/database/database_identifier.cc
@@ -39,12 +39,12 @@ DatabaseIdentifier DatabaseIdentifier::CreateFromOrigin(const GURL& origin) {
return UniqueFileIdentifier();
int port = origin.IntPort();
- if (port == url_parse::PORT_INVALID)
+ if (port == url::PORT_INVALID)
return DatabaseIdentifier();
// We encode the default port for the specified scheme as 0. GURL
// canonicalizes this as an unspecified port.
- if (port == url_parse::PORT_UNSPECIFIED)
+ if (port == url::PORT_UNSPECIFIED)
port = 0;
return DatabaseIdentifier(origin.scheme(),
@@ -56,8 +56,15 @@ DatabaseIdentifier DatabaseIdentifier::CreateFromOrigin(const GURL& origin) {
// static
DatabaseIdentifier DatabaseIdentifier::Parse(const std::string& identifier) {
- if (!IsStringASCII(identifier))
+ if (!base::IsStringASCII(identifier))
return DatabaseIdentifier();
+ if (identifier.find("..") != std::string::npos)
+ return DatabaseIdentifier();
+ char forbidden[] = {'\\', '/', ':' ,'\0'};
+ if (identifier.find_first_of(forbidden, 0, arraysize(forbidden)) !=
+ std::string::npos) {
+ return DatabaseIdentifier();
+ }
size_t first_underscore = identifier.find_first_of('_');
if (first_underscore == std::string::npos || first_underscore == 0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 20:05:07 +0000