Diff
Modified: branches/safari-608-branch/Source/WebKit/ChangeLog (250271 => 250272)
--- branches/safari-608-branch/Source/WebKit/ChangeLog 2019-09-24 00:13:27 UTC (rev 250271)
+++ branches/safari-608-branch/Source/WebKit/ChangeLog 2019-09-24 00:13:30 UTC (rev 250272)
@@ -1,5 +1,52 @@
2019-09-23 Alan Coon <alanc...@apple.com>
+ Cherry-pick r250157. rdar://problem/55607994
+
+ Sanitize suggested filenames used for saving PDFs
+ https://bugs.webkit.org/show_bug.cgi?id=202034
+ <rdar://problem/53183075>
+
+ Reviewed by Chris Dumez.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::didFinishLoadingDataForCustomContentProvider):
+ (WebKit::WebPageProxy::saveDataToFileInDownloadsFolder):
+ (WebKit::WebPageProxy::savePDFToFileInDownloadsFolder):
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/ios/WebPageProxyIOS.mm:
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw): Deleted.
+ * UIProcess/mac/WebPageProxyMac.mm:
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplication):
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw): Deleted.
+ Sanitize suggested filenames to ensure that they comprise only one path component
+ when concatenated with their destination directory.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250157 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-09-20 Tim Horton <timothy_hor...@apple.com>
+
+ Sanitize suggested filenames used for saving PDFs
+ https://bugs.webkit.org/show_bug.cgi?id=202034
+ <rdar://problem/53183075>
+
+ Reviewed by Chris Dumez.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::didFinishLoadingDataForCustomContentProvider):
+ (WebKit::WebPageProxy::saveDataToFileInDownloadsFolder):
+ (WebKit::WebPageProxy::savePDFToFileInDownloadsFolder):
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/ios/WebPageProxyIOS.mm:
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw): Deleted.
+ * UIProcess/mac/WebPageProxyMac.mm:
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplication):
+ (WebKit::WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw): Deleted.
+ Sanitize suggested filenames to ensure that they comprise only one path component
+ when concatenated with their destination directory.
+
+2019-09-23 Alan Coon <alanc...@apple.com>
+
Cherry-pick r250108. rdar://problem/55608024
macCatalyst apps crash under TextCheckingControllerProxy::replaceRelativeToSelection when spell checking
Modified: branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.cpp (250271 => 250272)
--- branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-24 00:13:27 UTC (rev 250271)
+++ branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-24 00:13:30 UTC (rev 250272)
@@ -7669,7 +7669,7 @@
void WebPageProxy::didFinishLoadingDataForCustomContentProvider(const String& suggestedFilename, const IPC::DataReference& dataReference)
{
- pageClient().didFinishLoadingDataForCustomContentProvider(suggestedFilename, dataReference);
+ pageClient().didFinishLoadingDataForCustomContentProvider(ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename), dataReference);
}
void WebPageProxy::backForwardRemovedItem(const BackForwardItemIdentifier& itemID)
@@ -7784,15 +7784,16 @@
void WebPageProxy::saveDataToFileInDownloadsFolder(String&& suggestedFilename, String&& mimeType, URL&& originatingURLString, API::Data& data)
{
- m_uiClient->saveDataToFileInDownloadsFolder(this, suggestedFilename, mimeType, originatingURLString, data);
+ m_uiClient->saveDataToFileInDownloadsFolder(this, ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename), mimeType, originatingURLString, data);
}
void WebPageProxy::savePDFToFileInDownloadsFolder(String&& suggestedFilename, URL&& originatingURL, const IPC::DataReference& dataReference)
{
- if (!suggestedFilename.endsWithIgnoringASCIICase(".pdf"))
+ String sanitizedFilename = ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename);
+ if (!sanitizedFilename.endsWithIgnoringASCIICase(".pdf"))
return;
- saveDataToFileInDownloadsFolder(WTFMove(suggestedFilename), "application/pdf"_s, WTFMove(originatingURL),
+ saveDataToFileInDownloadsFolder(WTFMove(sanitizedFilename), "application/pdf"_s, WTFMove(originatingURL),
API::Data::create(dataReference.data(), dataReference.size()).get());
}
Modified: branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.h (250271 => 250272)
--- branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.h 2019-09-24 00:13:27 UTC (rev 250271)
+++ branches/safari-608-branch/Source/WebKit/UIProcess/WebPageProxy.h 2019-09-24 00:13:30 UTC (rev 250272)
@@ -1178,7 +1178,6 @@
void saveDataToFileInDownloadsFolder(String&& suggestedFilename, String&& mimeType, URL&& originatingURL, API::Data&);
void savePDFToFileInDownloadsFolder(String&& suggestedFilename, URL&& originatingURL, const IPC::DataReference&);
#if PLATFORM(COCOA)
- void savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw(const String& suggestedFilename, const String& originatingURLString, const uint8_t* data, unsigned long size, const String& pdfUUID);
void savePDFToTemporaryFolderAndOpenWithNativeApplication(const String& suggestedFilename, const String& originatingURLString, const IPC::DataReference&, const String& pdfUUID);
void openPDFFromTemporaryFolderWithNativeApplication(const String& pdfUUID);
#endif
Modified: branches/safari-608-branch/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm (250271 => 250272)
--- branches/safari-608-branch/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm 2019-09-24 00:13:27 UTC (rev 250271)
+++ branches/safari-608-branch/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm 2019-09-24 00:13:30 UTC (rev 250272)
@@ -1039,11 +1039,6 @@
notImplemented();
}
-void WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw(const String&, const String&, const uint8_t*, unsigned long, const String&)
-{
- notImplemented();
-}
-
void WebPageProxy::openPDFFromTemporaryFolderWithNativeApplication(const String&)
{
notImplemented();
Modified: branches/safari-608-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm (250271 => 250272)
--- branches/safari-608-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2019-09-24 00:13:27 UTC (rev 250271)
+++ branches/safari-608-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2019-09-24 00:13:30 UTC (rev 250272)
@@ -493,22 +493,23 @@
return path;
}
-void WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw(const String& suggestedFilename, const String& originatingURLString, const uint8_t* data, unsigned long size, const String& pdfUUID)
+void WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplication(const String& suggestedFilename, const String& originatingURLString, const IPC::DataReference& data, const String& pdfUUID)
{
// FIXME: Write originatingURLString to the file's originating URL metadata (perhaps FileSystem::setMetadataURL()?).
UNUSED_PARAM(originatingURLString);
- if (!suggestedFilename.endsWithIgnoringASCIICase(".pdf")) {
- WTFLogAlways("Cannot save file without .pdf extension to the temporary directory.");
+ if (data.isEmpty()) {
+ WTFLogAlways("Cannot save empty PDF file to the temporary directory.");
return;
}
- if (!size) {
- WTFLogAlways("Cannot save empty PDF file to the temporary directory.");
+ auto sanitizedFilename = ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename);
+ if (!sanitizedFilename.endsWithIgnoringASCIICase(".pdf")) {
+ WTFLogAlways("Cannot save file without .pdf extension to the temporary directory.");
return;
}
- NSString *nsPath = pathToPDFOnDisk(suggestedFilename);
+ NSString *nsPath = pathToPDFOnDisk(sanitizedFilename);
if (!nsPath)
return;
@@ -515,10 +516,10 @@
RetainPtr<NSNumber> permissions = adoptNS([[NSNumber alloc] initWithInt:S_IRUSR]);
RetainPtr<NSDictionary> fileAttributes = adoptNS([[NSDictionary alloc] initWithObjectsAndKeys:permissions.get(), NSFilePosixPermissions, nil]);
- RetainPtr<NSData> nsData = adoptNS([[NSData alloc] initWithBytesNoCopy:(void*)data length:size freeWhenDone:NO]);
+ RetainPtr<NSData> nsData = adoptNS([[NSData alloc] initWithBytesNoCopy:(void*)data.data() length:data.size() freeWhenDone:NO]);
if (![[NSFileManager defaultManager] createFileAtPath:nsPath contents:nsData.get() attributes:fileAttributes.get()]) {
- WTFLogAlways("Cannot create PDF file in the temporary directory (%s).", suggestedFilename.utf8().data());
+ WTFLogAlways("Cannot create PDF file in the temporary directory (%s).", sanitizedFilename.utf8().data());
return;
}
@@ -527,16 +528,6 @@
[[NSWorkspace sharedWorkspace] openFile:nsPath];
}
-void WebPageProxy::savePDFToTemporaryFolderAndOpenWithNativeApplication(const String& suggestedFilename, const String& originatingURLString, const IPC::DataReference& data, const String& pdfUUID)
-{
- if (data.isEmpty()) {
- WTFLogAlways("Cannot save empty PDF file to the temporary directory.");
- return;
- }
-
- savePDFToTemporaryFolderAndOpenWithNativeApplicationRaw(suggestedFilename, originatingURLString, data.data(), data.size(), pdfUUID);
-}
-
void WebPageProxy::openPDFFromTemporaryFolderWithNativeApplication(const String& pdfUUID)
{
String pdfFilename = m_temporaryPDFFiles.get(pdfUUID);
