[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
kocienda
kocienda at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:23:31 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 484ea76391b103327b0def44c0b1e954d6d181ea
Author: kocienda <kocienda at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Feb 4 17:15:29 2003 +0000
WebFoundation:
Reviewed by Darin
Fix for this bug:
Radar 3142922 (file URLs should never be sent as referrers)
Note that this code is added to this framework to close this security
hole for WebFoundation-only clients. Safari does not depend on this change
to fix the bug.
* ProtocolHandlers.subproj/WebHTTPResourceRequest.m:
(-[WebResourceRequest setReferrer:]): Return if argument passed in returns
YES when sent _web_isFileURL message.
WebCore:
Reviewed by Darin
Radar 3142922 (file URLs should never be sent as referrers)
* kwq/WebCoreBridge.mm:
(-[WebCoreBridge referrer]): Check that the referrer does not start with
the prefix "file:". If it does, return nil.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3561 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 77644bc..5bf37a8 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,13 @@
+2003-02-04 Ken Kocienda <kocienda at apple.com>
+
+ Reviewed by Darin
+
+ Radar 3142922 (file URLs should never be sent as referrers)
+
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge referrer]): Check that the referrer does not start with
+ the prefix "file:". If it does, return nil.
+
2003-02-03 David Hyatt <hyatt at apple.com>
Fix for 3163603, livepage.apple.com repaints entire page.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 77644bc..5bf37a8 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,13 @@
+2003-02-04 Ken Kocienda <kocienda at apple.com>
+
+ Reviewed by Darin
+
+ Radar 3142922 (file URLs should never be sent as referrers)
+
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge referrer]): Check that the referrer does not start with
+ the prefix "file:". If it does, return nil.
+
2003-02-03 David Hyatt <hyatt at apple.com>
Fix for 3163603, livepage.apple.com repaints entire page.
diff --git a/WebCore/kwq/WebCoreBridge.mm b/WebCore/kwq/WebCoreBridge.mm
index 347d357..d76eb5b 100644
--- a/WebCore/kwq/WebCoreBridge.mm
+++ b/WebCore/kwq/WebCoreBridge.mm
@@ -667,7 +667,10 @@ static bool initializedObjectCacheSize = FALSE;
- (NSString *)referrer
{
- return _part->referrer().getNSString();
+ // Do not allow file URLs to be used as referrers as that is potentially a security issue
+ NSString *referrer = _part->referrer().getNSString();
+ BOOL isFileURL = [referrer rangeOfString:@"file:" options:(NSCaseInsensitiveSearch | NSAnchoredSearch)].location != NSNotFound;
+ return isFileURL ? nil : referrer;
}
- (int)frameBorderStyle
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list