cros: Extract the base name from the file name provided by caller

This is to prevent "directory traversal attack", e.g. when the
caller provides a path such as:
"../../../../../var/log/chrome/wp.jpg".

Bug: 908304
Test: Using the test extension provided in the bug.
Change-Id: I5fc699963cc32c85042d065d19e3842566cde5f1
Reviewed-on: https://chromium-review.googlesource.com/c/1351426Reviewed-by: Xiaoqian Dai <xdai@chromium.org>
Commit-Queue: Wenzhao (Colin) Zang <wzang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610961}

chrome/browser/chromeos/extensions/wallpaper_api.cc

@@ -183,9 +183,11 @@ void WallpaperSetWallpaperFunction::OnWallpaperDecoded(
       extensions::api::wallpaper::ToString(params_->details.layout));
   wallpaper_api_util::RecordCustomWallpaperLayout(layout);
 
+  const std::string file_name =
+      base::FilePath(params_->details.filename).BaseName().value();
   WallpaperControllerClient::Get()->SetCustomWallpaper(
-      account_id_, wallpaper_files_id_, params_->details.filename, layout,
-      image, false /*preview_mode=*/);
+      account_id_, wallpaper_files_id_, file_name, layout, image,
+      /*preview_mode=*/false);
   unsafe_wallpaper_decoder_ = nullptr;
 
   // We need to generate thumbnail image anyway to make the current third party

chrome/browser/chromeos/extensions/wallpaper_private_api.cc

@@ -423,8 +423,10 @@ void WallpaperPrivateSetCustomWallpaperFunction::OnWallpaperDecoded(
       wallpaper_base::ToString(params->layout));
   wallpaper_api_util::RecordCustomWallpaperLayout(layout);
 
+  const std::string file_name =
+      base::FilePath(params->file_name).BaseName().value();
   WallpaperControllerClient::Get()->SetCustomWallpaper(
-      account_id_, wallpaper_files_id_, params->file_name, layout, image,
+      account_id_, wallpaper_files_id_, file_name, layout, image,
       params->preview_mode);
   unsafe_wallpaper_decoder_ = nullptr;