Bug 30178

Summary: Make the setMetadataURL function foolproof by having it remove user info
Product: WebKit Reporter: Darin Adler <darin>
Component: WebKit Misc.Assignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: All   
Attachments:
Description Flags
patch sullivan: review+, darin: commit-queue-

Darin Adler
Reported 2009-10-07 11:50:22 PDT
Callers should not pass URLs with user info to setMetadataURL, but if they do, that function should remove it.
Attachments
patch (5.39 KB, patch)
2009-10-07 11:54 PDT, Darin Adler 		sullivan: review+
darin: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2009-10-07 11:54:49 PDT
Created attachment 40810 [details] patch
Darin Adler
Comment 2 2009-10-07 11:55:25 PDT
<rdar://problem/6544670>
John Sullivan
Comment 3 2009-10-07 12:00:51 PDT
Comment on attachment 40810 [details] patch > Index: WebKit/mac/Misc/WebNSURLExtras.mm > =================================================================== > --- WebKit/mac/Misc/WebNSURLExtras.mm (revision 49253) > +++ WebKit/mac/Misc/WebNSURLExtras.mm (working copy) > @@ -1,5 +1,5 @@ > /* > - * Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved. > + * Copyright (C) 2005, 2007, 2008, 2009 Apple Inc. All rights reserved. > * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com) > * > * Redistribution and use in source and binary forms, with or without > @@ -619,17 +619,6 @@ static CFStringRef createStringWithEscap > return result; > } > > -typedef struct { > - NSString *scheme; > - NSString *user; > - NSString *password; > - NSString *host; > - CFIndex port; // kCFNotFound means ignore/omit > - NSString *path; > - NSString *query; > - NSString *fragment; > -} WebKitURLComponents; > I presume this struct is no longer used -- you should mention that in the ChangeLog.
Darin Adler
Comment 4 2009-10-07 16:20:53 PDT
http://trac.webkit.org/changeset/49273
Note You need to log in before you can comment on or make changes to this bug.