Reviewed by Darin.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 Oct 2006 01:04:22 +0000 (01:04 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 Oct 2006 01:04:22 +0000 (01:04 +0000)
        - do all the stuff that setting the referrer should

        * Loader/WebFrameLoader.m:
        (setHTTPReferrer):
        (-[WebFrameLoader loadURL:referrer:loadType:target:triggeringEvent:form:formValues:]):
        (-[WebFrameLoader postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]):
        * WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@16951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit/ChangeLog
WebKit/Loader/WebFrameLoader.m
WebKit/WebKit.xcodeproj/project.pbxproj

index 84a3f149c39b62da798cc2d5d93581caecae8a66..40c4464b8e99ffbbb37d79fba050e18aadf588b0 100644 (file)
@@ -1,3 +1,15 @@
+2006-10-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - do all the stuff that setting the referrer should
+
+        * Loader/WebFrameLoader.m:
+        (setHTTPReferrer):
+        (-[WebFrameLoader loadURL:referrer:loadType:target:triggeringEvent:form:formValues:]):
+        (-[WebFrameLoader postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]):
+        * WebKit.xcodeproj/project.pbxproj:
+
 2006-10-09  Brady Eidson  <beidson@apple.com>
 
         Reviewed by Maciej
index dc6e5887ba290e258814c7e07efe4e96720e9f1e..bcf05121c0024135f7146477a749adf723556aca 100644 (file)
 #import <WebCore/WebCoreIconDatabaseBridge.h>
 #import <WebCore/WebCoreSystemInterface.h>
 
-#import "WebFrameInternal.h"
-#import "WebNSURLExtras.h"
-#import "WebResourcePrivate.h"
-#import "WebViewInternal.h"
-
 static BOOL isCaseInsensitiveEqual(NSString *a, NSString *b)
 {
     return [a caseInsensitiveCompare:b] == NSOrderedSame;
@@ -564,13 +559,27 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
              [[currentURL _webkit_URLByRemovingFragment] isEqual:[destinationURL _webkit_URLByRemovingFragment]]);
 }
 
+static void setHTTPReferrer(NSMutableURLRequest *request, NSString *referrer)
+{
+    // Do not set the referrer to a string that refers to a file URL.
+    // That is a potential security hole.
+    if ([referrer _webkit_isFileURL])
+        return;
+
+    // Don't allow empty Referer: headers; some servers refuse them
+    if ([referrer length] == 0)
+        return;
+
+    [request setValue:referrer forHTTPHeaderField:@"Referer"];
+}
+
 // main funnel for navigating via callback from WebCore (e.g., clicking a link, redirect)
 - (void)loadURL:(NSURL *)URL referrer:(NSString *)referrer loadType:(FrameLoadType)_loadType target:(NSString *)target triggeringEvent:(NSEvent *)event form:(DOMElement *)form formValues:(NSDictionary *)values
 {
     BOOL isFormSubmission = (values != nil);
     
     NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:URL];
-    [request setValue:referrer forHTTPHeaderField:@"Referer"];
+    setHTTPReferrer(request, referrer);
     [self addExtraFieldsToRequest:request mainResource:YES alwaysFromRequest:(event != nil || isFormSubmission)];
     if (_loadType == FrameLoadTypeReload)
         [request setCachePolicy:NSURLRequestReloadIgnoringCacheData];
@@ -1792,7 +1801,8 @@ exit:
 
     NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:URL];
     [self addExtraFieldsToRequest:request mainResource:YES alwaysFromRequest:YES];
-    [request setValue:referrer forHTTPHeaderField:@"Referer"];
+
+    setHTTPReferrer(request, referrer);
     [request setHTTPMethod:@"POST"];
     webSetHTTPBody(request, postData);
     [request setValue:contentType forHTTPHeaderField:@"Content-Type"];
index a60512b2cfe1a5a7c3aebf332084c08af659212f..52597e05ef4827bc8c7a1a1c2098c272e5be161d 100644 (file)
                0867D690FE84028FC02AAC07 /* Project object */ = {
                        isa = PBXProject;
                        buildConfigurationList = 149C283208902B0F008A9EFC /* Build configuration list for PBXProject "WebKit" */;
-                       compatibilityVersion = "Xcode 2.4";
                        hasScannedForEncodings = 1;
                        knownRegions = (
                                English,
                        mainGroup = 0867D691FE84028FC02AAC07 /* WebKit */;
                        productRefGroup = 034768DFFF38A50411DB9C8B /* Products */;
                        projectDirPath = "";
-                       projectRoot = "";
-                       shouldCheckCompatibility = 1;
                        targets = (
                                9398100A0824BF01008DF038 /* WebKit */,
                        );