Skip to content

GitLab

T
tangled
Commit 43bfc099 authored by treib's avatar treib Committed by Commit bot
Browse files
Options

Supervised users: Escape the URL only in permission requests sent through Sync (not Apiary). 

BUG=408936

Review URL: https://codereview.chromium.org/522633002

Cr-Commit-Position: refs/heads/master@{#292637}
parent ebae1d3f
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 21 deletions
chrome/browser/supervised_user/permission_request_creator.h
View file @ 43bfc099
......@@ -5,15 +5,15 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_
#include <string>
#include "base/callback_forward.h"
class GURL;
class PermissionRequestCreator {
public:
virtual ~PermissionRequestCreator() {}
virtual void CreatePermissionRequest(const std::string& url_requested,
virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) = 0;
};
......
chrome/browser/supervised_user/permission_request_creator_apiary.cc
View file @ 43bfc099
......@@ -62,7 +62,7 @@ PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) {
}
void PermissionRequestCreatorApiary::CreatePermissionRequest(
const std::string& url_requested,
const GURL& url_requested,
const base::Closure& callback) {
url_requested_ = url_requested;
callback_ = callback;
......@@ -103,7 +103,7 @@ void PermissionRequestCreatorApiary::OnGetTokenSuccess(
base::DictionaryValue dict;
dict.SetStringWithoutPathExpansion("namespace", kNamespace);
dict.SetStringWithoutPathExpansion("objectRef", url_requested_);
dict.SetStringWithoutPathExpansion("objectRef", url_requested_.spec());
dict.SetStringWithoutPathExpansion("state", kState);
std::string body;
base::JSONWriter::Write(&dict, &body);
......
chrome/browser/supervised_user/permission_request_creator_apiary.h
View file @ 43bfc099
......@@ -5,11 +5,13 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_
#include "chrome/browser/supervised_user/permission_request_creator.h"
#include <string>
#include "base/memory/scoped_ptr.h"
#include "chrome/browser/supervised_user/permission_request_creator.h"
#include "google_apis/gaia/oauth2_token_service.h"
#include "net/url_request/url_fetcher_delegate.h"
#include "url/gurl.h"
class Profile;
class SupervisedUserSigninManagerWrapper;
......@@ -37,7 +39,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator,
Profile* profile);
// PermissionRequestCreator implementation:
virtual void CreatePermissionRequest(const std::string& url_requested,
virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) OVERRIDE;
private:
......@@ -62,7 +64,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator,
scoped_ptr<SupervisedUserSigninManagerWrapper> signin_wrapper_;
base::Closure callback_;
net::URLRequestContextGetter* context_;
std::string url_requested_;
GURL url_requested_;
scoped_ptr<OAuth2TokenService::Request> access_token_request_;
std::string access_token_;
bool access_token_expired_;
......
chrome/browser/supervised_user/permission_request_creator_sync.cc
View file @ 43bfc099
......@@ -8,6 +8,8 @@
#include "base/values.h"
#include "chrome/browser/supervised_user/supervised_user_settings_service.h"
#include "chrome/browser/supervised_user/supervised_user_shared_settings_service.h"
#include "net/base/escape.h"
#include "url/gurl.h"
using base::Time;
......@@ -35,11 +37,12 @@ PermissionRequestCreatorSync::PermissionRequestCreatorSync(
PermissionRequestCreatorSync::~PermissionRequestCreatorSync() {}
void PermissionRequestCreatorSync::CreatePermissionRequest(
const std::string& url_requested,
const GURL& url_requested,
const base::Closure& callback) {
// Add the prefix.
// Escape the URL and add the prefix.
std::string key = SupervisedUserSettingsService::MakeSplitSettingKey(
kSupervisedUserAccessRequestKeyPrefix, url_requested);
kSupervisedUserAccessRequestKeyPrefix,
net::EscapeQueryParamValue(url_requested.spec(), true));
scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue);
......
chrome/browser/supervised_user/permission_request_creator_sync.h
View file @ 43bfc099
......@@ -5,9 +5,10 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_
#include "chrome/browser/supervised_user/permission_request_creator.h"
#include <string>
#include "base/memory/scoped_ptr.h"
#include "chrome/browser/supervised_user/permission_request_creator.h"
class SupervisedUserSettingsService;
class SupervisedUserSharedSettingsService;
......@@ -22,7 +23,7 @@ class PermissionRequestCreatorSync : public PermissionRequestCreator {
virtual ~PermissionRequestCreatorSync();
// PermissionRequestCreator implementation:
virtual void CreatePermissionRequest(const std::string& url_requested,
virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) OVERRIDE;
private:
......
chrome/browser/supervised_user/supervised_user_service.cc
View file @ 43bfc099
......@@ -43,7 +43,6 @@
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/user_metrics.h"
#include "google_apis/gaia/google_service_auth_error.h"
#include "net/base/escape.h"
#include "ui/base/l10n/l10n_util.h"
#if defined(OS_CHROMEOS)
......@@ -541,15 +540,9 @@ void SupervisedUserService::OnPermissionRequestIssued() {
}
void SupervisedUserService::AddAccessRequest(const GURL& url) {
// Normalize the URL.
GURL normalized_url = SupervisedUserURLFilter::Normalize(url);
// Escape the URL.
std::string output(net::EscapeQueryParamValue(normalized_url.spec(), true));
waiting_for_permissions_ = true;
permissions_creator_->CreatePermissionRequest(
output,
SupervisedUserURLFilter::Normalize(url),
base::Bind(&SupervisedUserService::OnPermissionRequestIssued,
weak_ptr_factory_.GetWeakPtr()));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment