30178 2009-10-07 11:50:22 -0700 Make the setMetadataURL function foolproof by having it remove user info 2009-10-07 16:20:53 -0700 1 1 1 Unclassified WebKit WebKit Misc. 528+ (Nightly build) Mac All RESOLVED FIXED InRadar P2 Normal --- 1 darin darin oldest_to_newest 153138 0 darin 2009-10-07 11:50:22 -0700 Callers should not pass URLs with user info to setMetadataURL, but if they do, that function should remove it. 153141 1 40810 darin 2009-10-07 11:54:49 -0700 Created attachment 40810 patch 153142 2 darin 2009-10-07 11:55:25 -0700 <rdar://problem/6544670> 153144 3 40810 sullivan 2009-10-07 12:00:51 -0700 Comment on attachment 40810 patch > Index: WebKit/mac/Misc/WebNSURLExtras.mm > =================================================================== > --- WebKit/mac/Misc/WebNSURLExtras.mm (revision 49253) > +++ WebKit/mac/Misc/WebNSURLExtras.mm (working copy) > @@ -1,5 +1,5 @@ > /* > - * Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved. > + * Copyright (C) 2005, 2007, 2008, 2009 Apple Inc. All rights reserved. > * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com) > * > * Redistribution and use in source and binary forms, with or without > @@ -619,17 +619,6 @@ static CFStringRef createStringWithEscap > return result; > } > > -typedef struct { > - NSString *scheme; > - NSString *user; > - NSString *password; > - NSString *host; > - CFIndex port; // kCFNotFound means ignore/omit > - NSString *path; > - NSString *query; > - NSString *fragment; > -} WebKitURLComponents; > I presume this struct is no longer used -- you should mention that in the ChangeLog. 153210 4 darin 2009-10-07 16:20:53 -0700 http://trac.webkit.org/changeset/49273 40810 2009-10-07 11:54:49 -0700 2009-10-07 12:00:51 -0700 patch RemoveUserInfoPatch.txt text/plain 5519 darin SW5kZXg6IFdlYktpdC9tYWMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYktpdC9tYWMvQ2hh bmdlTG9nCShyZXZpc2lvbiA0OTI1NikKKysrIFdlYktpdC9tYWMvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMjAgQEAKKzIwMDktMTAtMDcgIERhcmluIEFkbGVyICA8ZGFyaW5A YXBwbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIE1ha2UgdGhlIHNldE1ldGFkYXRhVVJMIGZ1bmN0aW9uIGZvb2xwcm9vZiBieSBoYXZpbmcg aXQgcmVtb3ZlIHVzZXIgaW5mbworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MzAxNzgKKyAgICAgICAgcmRhcjovL3Byb2JsZW0vNjU0NDY3MAorCisgICAg ICAgICogTWlzYy9XZWJOU0ZpbGVNYW5hZ2VyRXh0cmFzLm06CisgICAgICAgICgtW05TRmlsZU1h bmFnZXIgX3dlYmtpdF9zZXRNZXRhZGF0YVVSTDpyZWZlcnJlcjphdFBhdGg6XSk6CisgICAgICAg IENhbGwgX3dlYl9VUkxCeVJlbW92aW5nVXNlckluZm8gb24gdGhlIHBhc3NlZCBpbiBVUkwgc3Ry aW5nIGFmdGVyIGNvbnZlcnRpbmcKKyAgICAgICAgaXQgdG8gYSBVUkwsIGFuZCB0aGVuIGNvbnZl cnQgaXQgYmFjayB0byBhIHN0cmluZy4KKworICAgICAgICAqIE1pc2MvV2ViTlNVUkxFeHRyYXMu aDogQWRkZWQgX3dlYl9VUkxCeVJlbW92aW5nVXNlckluZm8uCisgICAgICAgICogTWlzYy9XZWJO U1VSTEV4dHJhcy5tbToKKyAgICAgICAgKC1bTlNVUkwgX3dlYl9VUkxCeVJlbW92aW5nVXNlcklu Zm9dKTogQWRkZWQuCisKIDIwMDktMTAtMDYgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBjaHJv bWl1bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgVGltb3RoeSBIYXRjaGVyLgpJbmRleDog V2ViS2l0L21hYy9NaXNjL1dlYk5TRmlsZU1hbmFnZXJFeHRyYXMubQo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBX ZWJLaXQvbWFjL01pc2MvV2ViTlNGaWxlTWFuYWdlckV4dHJhcy5tCShyZXZpc2lvbiA0OTI1MykK KysrIFdlYktpdC9tYWMvTWlzYy9XZWJOU0ZpbGVNYW5hZ2VyRXh0cmFzLm0JKHdvcmtpbmcgY29w eSkKQEAgLTEsNSArMSw1IEBACiAvKgotICogQ29weXJpZ2h0IChDKSAyMDA1IEFwcGxlIENvbXB1 dGVyLCBJbmMuICBBbGwgcmlnaHRzIHJlc2VydmVkLgorICogQ29weXJpZ2h0IChDKSAyMDA1LCAy MDA2LCAyMDA3LCAyMDA4LCAyMDA5IEFwcGxlIEluYy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KICAq CiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3 aXRoIG9yIHdpdGhvdXQKICAqIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0 aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucwpAQCAtMjgsMTMgKzI4LDEzIEBACiAKICNpbXBv cnQgPFdlYktpdC9XZWJOU0ZpbGVNYW5hZ2VyRXh0cmFzLmg+CiAKKyNpbXBvcnQgIldlYktpdE5T U3RyaW5nRXh0cmFzLmgiCisjaW1wb3J0ICJXZWJOU1VSTEV4dHJhcy5oIgogI2ltcG9ydCA8V2Vi Q29yZS9Gb3VuZGF0aW9uRXh0cmFzLmg+Ci0jaW1wb3J0IDxXZWJLaXQvV2ViS2l0TlNTdHJpbmdF eHRyYXMuaD4KICNpbXBvcnQgPFdlYktpdFN5c3RlbUludGVyZmFjZS5oPgotI2ltcG9ydCA8d3Rm L0Fzc2VydGlvbnMuaD4KLQogI2ltcG9ydCA8cHRocmVhZC5oPgogI2ltcG9ydCA8c3lzL21vdW50 Lmg+CisjaW1wb3J0IDxKYXZhU2NyaXB0Q29yZS9Bc3NlcnRpb25zLmg+CiAKIEBpbXBsZW1lbnRh dGlvbiBOU0ZpbGVNYW5hZ2VyIChXZWJOU0ZpbGVNYW5hZ2VyRXh0cmFzKQogCkBAIC0xNzAsNiAr MTcwLDEwIEBAIHN0YXRpYyB2b2lkICpzZXRNZXRhRGF0YSh2b2lkKiBjb250ZXh0KQogewogICAg IEFTU0VSVChVUkxTdHJpbmcpOwogICAgIEFTU0VSVChwYXRoKTsKKworICAgIE5TVVJMICpVUkwg PSBbTlNVUkwgX3dlYl9VUkxXaXRoVXNlclR5cGVkU3RyaW5nOlVSTFN0cmluZ107CisgICAgaWYg KFVSTCkKKyAgICAgICAgVVJMU3RyaW5nID0gW1tVUkwgX3dlYl9VUkxCeVJlbW92aW5nVXNlcklu Zm9dIF93ZWJfdXNlclZpc2libGVTdHJpbmddOwogIAogICAgIC8vIFNwYXduIGEgYmFja2dyb3Vu ZCB0aHJlYWQgZm9yIFdLU2V0TWV0YWRhdGFVUkwgYmVjYXVzZSB0aGlzIGZ1bmN0aW9uIHdpbGwg bm90IHJldHVybiB1bnRpbCBtZHMgaGFzCiAgICAgLy8gam91cm5hbGVkIHRoZSBkYXRhIHdlJ3Jl J3JlIHRyeWluZyB0byBzZXQuIERlcGVuZGluZyBvbiB3aGF0IG90aGVyIEkvTyBpcyBnb2luZyBv biwgaXQgY2FuIHRha2Ugc29tZQpJbmRleDogV2ViS2l0L21hYy9NaXNjL1dlYk5TVVJMRXh0cmFz LmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gV2ViS2l0L21hYy9NaXNjL1dlYk5TVVJMRXh0cmFzLmgJKHJldmlz aW9uIDQ5MjUzKQorKysgV2ViS2l0L21hYy9NaXNjL1dlYk5TVVJMRXh0cmFzLmgJKHdvcmtpbmcg Y29weSkKQEAgLTEsNSArMSw1IEBACiAvKgotICogQ29weXJpZ2h0IChDKSAyMDA1IEFwcGxlIENv bXB1dGVyLCBJbmMuICBBbGwgcmlnaHRzIHJlc2VydmVkLgorICogQ29weXJpZ2h0IChDKSAyMDA1 LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEFwcGxlIEluYy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4K ICAqCiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1z LCB3aXRoIG9yIHdpdGhvdXQKICAqIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRl ZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucwpAQCAtMjgsNiArMjgsOSBAQAogCiAjaW1w b3J0IDxGb3VuZGF0aW9uL0ZvdW5kYXRpb24uaD4KIAorLy8gRklYTUU6IENoYW5nZSBtZXRob2Qg bmFtZXMgYmFjayB0byBfd2ViXyBmcm9tIF93ZWJraXRfIHdoZW4gaWRlbnRpY2FsbHktbmFtZWQK Ky8vIG1ldGhvZHMgYXJlIG5vIGxvbmdlciBwcmVzZW50IGluIEZvdW5kYXRpb24uCisKIEBpbnRl cmZhY2UgTlNVUkwgKFdlYk5TVVJMRXh0cmFzKQogCiArIChOU1VSTCAqKV93ZWJfVVJMV2l0aFVz ZXJUeXBlZFN0cmluZzooTlNTdHJpbmcgKilzdHJpbmc7CkBAIC01MiwxMiArNTUsMTAgQEAKIAog LSAoQk9PTClfd2ViX2lzRW1wdHk7CiAKLS8vIEZJWE1FOiBjaGFuZ2UgdGhlc2UgbmFtZXMgYmFj ayB0byBfd2ViXyB3aGVuIGlkZW50aWNhbGx5LW5hbWVkCi0vLyBtZXRob2RzIGFyZSByZW1vdmVk IGZyb20gRm91bmRhdGlvbgotCiAtIChOU1VSTCAqKV93ZWJraXRfY2Fub25pY2FsaXplOwogLSAo TlNVUkwgKilfd2Via2l0X1VSTEJ5UmVtb3ZpbmdGcmFnbWVudDsKIC0gKE5TVVJMICopX3dlYmtp dF9VUkxCeVJlbW92aW5nUmVzb3VyY2VTcGVjaWZpZXI7CistIChOU1VSTCAqKV93ZWJfVVJMQnlS ZW1vdmluZ1VzZXJJbmZvOwogCiAtIChCT09MKV93ZWJraXRfaXNKYXZhU2NyaXB0VVJMOwogLSAo Qk9PTClfd2Via2l0X2lzRmlsZVVSTDsKQEAgLTgzLDggKzg0LDYgQEAKIC0gKE5TU3RyaW5nICop X3dlYl9kZWNvZGVIb3N0TmFtZTsgLy8gdHVybnMgZnVubnktbG9va2luZyBBU0NJSSBmb3JtIGlu dG8gVW5pY29kZSwgcmV0dXJucyBzZWxmIGlmIG5vIGRlY29kaW5nIG5lZWRlZCwgY29udmVuaWVu dCBjb3ZlcgogLSAoTlNTdHJpbmcgKilfd2ViX2VuY29kZUhvc3ROYW1lOyAvLyB0dXJucyBVbmlj b2RlIGludG8gZnVubnktbG9va2luZyBBU0NJSSBmb3JtLCByZXR1cm5zIHNlbGYgaWYgbm8gZGVj b2RpbmcgbmVlZGVkLCBjb252ZW5pZW50IGNvdmVyCiAKLS8vIEZJWE1FOiBjaGFuZ2UgdGhlc2Ug bmFtZXMgYmFjayB0byBfd2ViXyB3aGVuIGlkZW50aWNhbGx5LW5hbWVkCi0vLyBtZXRob2RzIGFy ZSByZW1vdmVkIGZyb20gb3IgcmVuYW1lZCBpbiBGb3VuZGF0aW9uCiAtIChCT09MKV93ZWJraXRf aXNKYXZhU2NyaXB0VVJMOwogLSAoQk9PTClfd2Via2l0X2lzRlRQRGlyZWN0b3J5VVJMOwogLSAo Qk9PTClfd2Via2l0X2lzRmlsZVVSTDsKSW5kZXg6IFdlYktpdC9tYWMvTWlzYy9XZWJOU1VSTEV4 dHJhcy5tbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJLaXQvbWFjL01pc2MvV2ViTlNVUkxFeHRyYXMubW0J KHJldmlzaW9uIDQ5MjUzKQorKysgV2ViS2l0L21hYy9NaXNjL1dlYk5TVVJMRXh0cmFzLm1tCSh3 b3JraW5nIGNvcHkpCkBAIC0xLDUgKzEsNSBAQAogLyoKLSAqIENvcHlyaWdodCAoQykgMjAwNSwg MjAwNywgMjAwOCBBcHBsZSBJbmMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuCisgKiBDb3B5cmlnaHQg KEMpIDIwMDUsIDIwMDcsIDIwMDgsIDIwMDkgQXBwbGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVk LgogICogQ29weXJpZ2h0IChDKSAyMDA2IEFsZXhleSBQcm9za3VyeWFrb3YgKGFwQG55cG9wLmNv bSkKICAqCiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZv cm1zLCB3aXRoIG9yIHdpdGhvdXQKQEAgLTYxOSwxNyArNjE5LDYgQEAgc3RhdGljIENGU3RyaW5n UmVmIGNyZWF0ZVN0cmluZ1dpdGhFc2NhcAogICAgIHJldHVybiByZXN1bHQ7CiB9CiAKLXR5cGVk ZWYgc3RydWN0IHsKLSAgICBOU1N0cmluZyAqc2NoZW1lOwotICAgIE5TU3RyaW5nICp1c2VyOwot ICAgIE5TU3RyaW5nICpwYXNzd29yZDsKLSAgICBOU1N0cmluZyAqaG9zdDsKLSAgICBDRkluZGV4 IHBvcnQ7IC8vIGtDRk5vdEZvdW5kIG1lYW5zIGlnbm9yZS9vbWl0Ci0gICAgTlNTdHJpbmcgKnBh dGg7Ci0gICAgTlNTdHJpbmcgKnF1ZXJ5OwotICAgIE5TU3RyaW5nICpmcmFnbWVudDsKLX0gV2Vi S2l0VVJMQ29tcG9uZW50czsKLQogLSAoTlNVUkwgKilfd2Via2l0X1VSTEJ5UmVtb3ZpbmdDb21w b25lbnQ6KENGVVJMQ29tcG9uZW50VHlwZSljb21wb25lbnQKIHsKICAgICBDRlJhbmdlIGZyYWdS ZyA9IENGVVJMR2V0Qnl0ZVJhbmdlRm9yQ29tcG9uZW50KChDRlVSTFJlZilzZWxmLCBjb21wb25l bnQsIE5VTEwpOwpAQCAtNjU5LDYgKzY0OCwxMSBAQCB0eXBlZGVmIHN0cnVjdCB7CiAgICAgcmV0 dXJuIFtzZWxmIF93ZWJraXRfVVJMQnlSZW1vdmluZ0NvbXBvbmVudDprQ0ZVUkxDb21wb25lbnRG cmFnbWVudF07CiB9CiAKKy0gKE5TVVJMICopX3dlYl9VUkxCeVJlbW92aW5nVXNlckluZm8KK3sK KyAgICByZXR1cm4gW3NlbGYgX3dlYmtpdF9VUkxCeVJlbW92aW5nQ29tcG9uZW50OmtDRlVSTENv bXBvbmVudFVzZXJJbmZvXTsKK30KKwogLSAoTlNVUkwgKilfd2Via2l0X1VSTEJ5UmVtb3ZpbmdS ZXNvdXJjZVNwZWNpZmllcgogewogICAgIHJldHVybiBbc2VsZiBfd2Via2l0X1VSTEJ5UmVtb3Zp bmdDb21wb25lbnQ6a0NGVVJMQ29tcG9uZW50UmVzb3VyY2VTcGVjaWZpZXJdOwo=