summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dom/base/nsContentUtils.cpp8
-rw-r--r--netwerk/base/nsBaseChannel.cpp6
-rw-r--r--netwerk/protocol/http/HttpBaseChannel.cpp6
-rw-r--r--uriloader/exthandler/nsExternalHelperAppService.cpp9
4 files changed, 26 insertions, 3 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 61d10e022..3568ced90 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5123,6 +5123,14 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
fileName.SetIsVoid(true); // No actionable download attribute was found.
}
+ // Sanitize fileNames containing control characters by replacing them with
+ // underscores.
+ if (!fileName.IsVoid()) {
+ for (int i = 0; i < 32; i++) {
+ fileName.ReplaceChar(char16_t(i), '_');
+ }
+ }
+
handler->OnLinkClick(aContent, aLinkURI,
fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());
diff --git a/netwerk/base/nsBaseChannel.cpp b/netwerk/base/nsBaseChannel.cpp
index 2575fac04..51caa546e 100644
--- a/netwerk/base/nsBaseChannel.cpp
+++ b/netwerk/base/nsBaseChannel.cpp
@@ -579,6 +579,12 @@ NS_IMETHODIMP
nsBaseChannel::SetContentDispositionFilename(const nsAString &aContentDispositionFilename)
{
mContentDispositionFilename = new nsString(aContentDispositionFilename);
+
+ // For safety reasons ensure the filename doesn't contain null characters and
+ // replace them with underscores. We may later pass the extension to system
+ // MIME APIs that expect null terminated strings.
+ mContentDispositionFilename->ReplaceChar(char16_t(0), '_');
+
return NS_OK;
}
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index a53022f71..bf8e17537 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -562,6 +562,12 @@ NS_IMETHODIMP
HttpBaseChannel::SetContentDispositionFilename(const nsAString& aContentDispositionFilename)
{
mContentDispositionFilename = new nsString(aContentDispositionFilename);
+
+ // For safety reasons ensure the filename doesn't contain null characters and
+ // replace them with underscores. We may later pass the extension to system
+ // MIME APIs that expect null terminated strings.
+ mContentDispositionFilename->ReplaceChar(char16_t(0), '_');
+
return NS_OK;
}
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 49a54ea5f..0ca3d7edf 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1181,9 +1181,12 @@ nsExternalAppHandler::nsExternalAppHandler(nsIMIMEInfo * aMIMEInfo,
mTempFileExtension = char16_t('.');
AppendUTF8toUTF16(aTempFileExtension, mTempFileExtension);
- // replace platform specific path separator and illegal characters to avoid any confusion
- mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_');
- mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_');
+ // Replace platform specific path separator and illegal characters to avoid any confusion
+ mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS, '_');
+ mSuggestedFileName.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' ');
+ mSuggestedFileName.ReplaceChar(char16_t(0), '_');
+ mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS, '_');
+ mTempFileExtension.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' ');
// Remove unsafe bidi characters which might have spoofing implications (bug 511521).
const char16_t unsafeBidiCharacters[] = {