Skip to content

GitLab

T
tangled
Commit 43bfc099 authored by treib's avatar treib Committed by Commit bot
Browse files
Options

Supervised users: Escape the URL only in permission requests sent through Sync (not Apiary). 

BUG=408936

Review URL: https://codereview.chromium.org/522633002

Cr-Commit-Position: refs/heads/master@{#292637}
parent ebae1d3f
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 21 deletions
chrome/browser/supervised_user/permission_request_creator.h
View file @ 43bfc099
...@@ -5,15 +5,15 @@ ...@@ -5,15 +5,15 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_ #ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_ #define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_H_
#include <string>
#include "base/callback_forward.h" #include "base/callback_forward.h"
class GURL;
class PermissionRequestCreator { class PermissionRequestCreator {
public: public:
virtual ~PermissionRequestCreator() {} virtual ~PermissionRequestCreator() {}
virtual void CreatePermissionRequest(const std::string& url_requested, virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) = 0; const base::Closure& callback) = 0;
}; };
......
chrome/browser/supervised_user/permission_request_creator_apiary.cc
View file @ 43bfc099
...@@ -62,7 +62,7 @@ PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) { ...@@ -62,7 +62,7 @@ PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) {
} }
void PermissionRequestCreatorApiary::CreatePermissionRequest( void PermissionRequestCreatorApiary::CreatePermissionRequest(
const std::string& url_requested, const GURL& url_requested,
const base::Closure& callback) { const base::Closure& callback) {
url_requested_ = url_requested; url_requested_ = url_requested;
callback_ = callback; callback_ = callback;
...@@ -103,7 +103,7 @@ void PermissionRequestCreatorApiary::OnGetTokenSuccess( ...@@ -103,7 +103,7 @@ void PermissionRequestCreatorApiary::OnGetTokenSuccess(
base::DictionaryValue dict; base::DictionaryValue dict;
dict.SetStringWithoutPathExpansion("namespace", kNamespace); dict.SetStringWithoutPathExpansion("namespace", kNamespace);
dict.SetStringWithoutPathExpansion("objectRef", url_requested_); dict.SetStringWithoutPathExpansion("objectRef", url_requested_.spec());
dict.SetStringWithoutPathExpansion("state", kState); dict.SetStringWithoutPathExpansion("state", kState);
std::string body; std::string body;
base::JSONWriter::Write(&dict, &body); base::JSONWriter::Write(&dict, &body);
......
chrome/browser/supervised_user/permission_request_creator_apiary.h
View file @ 43bfc099
...@@ -5,11 +5,13 @@ ...@@ -5,11 +5,13 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_ #ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_ #define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_APIARY_H_
#include "chrome/browser/supervised_user/permission_request_creator.h" #include <string>
#include "base/memory/scoped_ptr.h" #include "base/memory/scoped_ptr.h"
#include "chrome/browser/supervised_user/permission_request_creator.h"
#include "google_apis/gaia/oauth2_token_service.h" #include "google_apis/gaia/oauth2_token_service.h"
#include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_fetcher_delegate.h"
#include "url/gurl.h"
class Profile; class Profile;
class SupervisedUserSigninManagerWrapper; class SupervisedUserSigninManagerWrapper;
...@@ -37,7 +39,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator, ...@@ -37,7 +39,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator,
Profile* profile); Profile* profile);
// PermissionRequestCreator implementation: // PermissionRequestCreator implementation:
virtual void CreatePermissionRequest(const std::string& url_requested, virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) OVERRIDE; const base::Closure& callback) OVERRIDE;
private: private:
...@@ -62,7 +64,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator, ...@@ -62,7 +64,7 @@ class PermissionRequestCreatorApiary : public PermissionRequestCreator,
scoped_ptr<SupervisedUserSigninManagerWrapper> signin_wrapper_; scoped_ptr<SupervisedUserSigninManagerWrapper> signin_wrapper_;
base::Closure callback_; base::Closure callback_;
net::URLRequestContextGetter* context_; net::URLRequestContextGetter* context_;
std::string url_requested_; GURL url_requested_;
scoped_ptr<OAuth2TokenService::Request> access_token_request_; scoped_ptr<OAuth2TokenService::Request> access_token_request_;
std::string access_token_; std::string access_token_;
bool access_token_expired_; bool access_token_expired_;
......
chrome/browser/supervised_user/permission_request_creator_sync.cc
View file @ 43bfc099
...@@ -8,6 +8,8 @@ ...@@ -8,6 +8,8 @@
#include "base/values.h" #include "base/values.h"
#include "chrome/browser/supervised_user/supervised_user_settings_service.h" #include "chrome/browser/supervised_user/supervised_user_settings_service.h"
#include "chrome/browser/supervised_user/supervised_user_shared_settings_service.h" #include "chrome/browser/supervised_user/supervised_user_shared_settings_service.h"
#include "net/base/escape.h"
#include "url/gurl.h"
using base::Time; using base::Time;
...@@ -35,11 +37,12 @@ PermissionRequestCreatorSync::PermissionRequestCreatorSync( ...@@ -35,11 +37,12 @@ PermissionRequestCreatorSync::PermissionRequestCreatorSync(
PermissionRequestCreatorSync::~PermissionRequestCreatorSync() {} PermissionRequestCreatorSync::~PermissionRequestCreatorSync() {}
void PermissionRequestCreatorSync::CreatePermissionRequest( void PermissionRequestCreatorSync::CreatePermissionRequest(
const std::string& url_requested, const GURL& url_requested,
const base::Closure& callback) { const base::Closure& callback) {
// Add the prefix. // Escape the URL and add the prefix.
std::string key = SupervisedUserSettingsService::MakeSplitSettingKey( std::string key = SupervisedUserSettingsService::MakeSplitSettingKey(
kSupervisedUserAccessRequestKeyPrefix, url_requested); kSupervisedUserAccessRequestKeyPrefix,
net::EscapeQueryParamValue(url_requested.spec(), true));
scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue); scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue);
......
chrome/browser/supervised_user/permission_request_creator_sync.h
View file @ 43bfc099
...@@ -5,9 +5,10 @@ ...@@ -5,9 +5,10 @@
#ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_ #ifndef CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_
#define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_ #define CHROME_BROWSER_SUPERVISED_USER_PERMISSION_REQUEST_CREATOR_SYNC_H_
#include "chrome/browser/supervised_user/permission_request_creator.h" #include <string>
#include "base/memory/scoped_ptr.h" #include "base/memory/scoped_ptr.h"
#include "chrome/browser/supervised_user/permission_request_creator.h"
class SupervisedUserSettingsService; class SupervisedUserSettingsService;
class SupervisedUserSharedSettingsService; class SupervisedUserSharedSettingsService;
...@@ -22,7 +23,7 @@ class PermissionRequestCreatorSync : public PermissionRequestCreator { ...@@ -22,7 +23,7 @@ class PermissionRequestCreatorSync : public PermissionRequestCreator {
virtual ~PermissionRequestCreatorSync(); virtual ~PermissionRequestCreatorSync();
// PermissionRequestCreator implementation: // PermissionRequestCreator implementation:
virtual void CreatePermissionRequest(const std::string& url_requested, virtual void CreatePermissionRequest(const GURL& url_requested,
const base::Closure& callback) OVERRIDE; const base::Closure& callback) OVERRIDE;
private: private:
......
chrome/browser/supervised_user/supervised_user_service.cc
View file @ 43bfc099
...@@ -43,7 +43,6 @@ ...@@ -43,7 +43,6 @@
#include "content/public/browser/browser_thread.h" #include "content/public/browser/browser_thread.h"
#include "content/public/browser/user_metrics.h" #include "content/public/browser/user_metrics.h"
#include "google_apis/gaia/google_service_auth_error.h" #include "google_apis/gaia/google_service_auth_error.h"
#include "net/base/escape.h"
#include "ui/base/l10n/l10n_util.h" #include "ui/base/l10n/l10n_util.h"
#if defined(OS_CHROMEOS) #if defined(OS_CHROMEOS)
...@@ -541,15 +540,9 @@ void SupervisedUserService::OnPermissionRequestIssued() { ...@@ -541,15 +540,9 @@ void SupervisedUserService::OnPermissionRequestIssued() {
} }
void SupervisedUserService::AddAccessRequest(const GURL& url) { void SupervisedUserService::AddAccessRequest(const GURL& url) {
// Normalize the URL.
GURL normalized_url = SupervisedUserURLFilter::Normalize(url);
// Escape the URL.
std::string output(net::EscapeQueryParamValue(normalized_url.spec(), true));
waiting_for_permissions_ = true; waiting_for_permissions_ = true;
permissions_creator_->CreatePermissionRequest( permissions_creator_->CreatePermissionRequest(
output, SupervisedUserURLFilter::Normalize(url),
base::Bind(&SupervisedUserService::OnPermissionRequestIssued, base::Bind(&SupervisedUserService::OnPermissionRequestIssued,
weak_ptr_factory_.GetWeakPtr())); weak_ptr_factory_.GetWeakPtr()));
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment