Title: [291057] trunk/Source/WebKit
- Revision
- 291057
- Author
- sihui_...@apple.com
- Date
- 2022-03-09 11:43:46 -0800 (Wed, 09 Mar 2022)
Log Message
File System Access: disallows names that are not permitted by underlying file system
https://bugs.webkit.org/show_bug.cgi?id=237635
rdar://89291566
We use FileSystem::fileSystemRepresentation to convert input name to a name that is permitted in current file
system. This patch makes File System Access API to throw error if the input name does not match the converted
name.
Reviewed by Youenn Fablet.
* NetworkProcess/storage/FileSystemStorageHandle.cpp:
(WebKit::isValidFileName):
(WebKit::FileSystemStorageHandle::requestCreateHandle):
(WebKit::FileSystemStorageHandle::removeEntry):
(WebKit::FileSystemStorageHandle::move):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (291056 => 291057)
--- trunk/Source/WebKit/ChangeLog 2022-03-09 19:03:13 UTC (rev 291056)
+++ trunk/Source/WebKit/ChangeLog 2022-03-09 19:43:46 UTC (rev 291057)
@@ -1,3 +1,21 @@
+2022-03-09 Sihui Liu <sihui_...@apple.com>
+
+ File System Access: disallows names that are not permitted by underlying file system
+ https://bugs.webkit.org/show_bug.cgi?id=237635
+ rdar://89291566
+
+ We use FileSystem::fileSystemRepresentation to convert input name to a name that is permitted in current file
+ system. This patch makes File System Access API to throw error if the input name does not match the converted
+ name.
+
+ Reviewed by Youenn Fablet.
+
+ * NetworkProcess/storage/FileSystemStorageHandle.cpp:
+ (WebKit::isValidFileName):
+ (WebKit::FileSystemStorageHandle::requestCreateHandle):
+ (WebKit::FileSystemStorageHandle::removeEntry):
+ (WebKit::FileSystemStorageHandle::move):
+
2022-03-09 Jon Lee <jon...@apple.com>
Update feature flags for WebGL
Modified: trunk/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp (291056 => 291057)
--- trunk/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp 2022-03-09 19:03:13 UTC (rev 291056)
+++ trunk/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp 2022-03-09 19:43:46 UTC (rev 291057)
@@ -91,9 +91,13 @@
return m_path == path;
}
-static bool isValidFileName(const String& name)
+static bool isValidFileName(const String& directory, const String& name)
{
- return !name.isEmpty() && name != "." && name != ".." && !name.contains(pathSeparator);
+ // https://wicg.github.io/file-system-access/#valid-file-name
+ if (name.isEmpty() || (name == ".") || (name == "..") || name.contains(pathSeparator))
+ return false;
+
+ return FileSystem::pathFileName(FileSystem::pathByAppendingComponent(directory, name)) == name;
}
Expected<WebCore::FileSystemHandleIdentifier, FileSystemStorageError> FileSystemStorageHandle::requestCreateHandle(IPC::Connection::UniqueID connection, Type type, String&& name, bool createIfNecessary)
@@ -104,8 +108,7 @@
if (!m_manager)
return makeUnexpected(FileSystemStorageError::Unknown);
- // https://wicg.github.io/file-system-access/#valid-file-name
- if (!isValidFileName(name))
+ if (!isValidFileName(m_path, name))
return makeUnexpected(FileSystemStorageError::InvalidName);
auto path = FileSystem::pathByAppendingComponent(m_path, name);
@@ -127,7 +130,7 @@
if (m_type != Type::Directory)
return FileSystemStorageError::TypeMismatch;
- if (!isValidFileName(name))
+ if (!isValidFileName(m_path, name))
return FileSystemStorageError::InvalidName;
auto path = FileSystem::pathByAppendingComponent(m_path, name);
@@ -248,7 +251,7 @@
if (path.isEmpty())
return FileSystemStorageError::Unknown;
- if (!isValidFileName(newName))
+ if (!isValidFileName(path, newName))
return FileSystemStorageError::InvalidName;
auto destinationPath = FileSystem::pathByAppendingComponent(path, newName);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes