bool HTMLFrameElementBase::isURLAllowed(const AtomicString& URLString) const
{
if (URLString.isEmpty())
return true;
KURL completeURL(document()->completeURL(URLString.deprecatedString()));
completeURL.setRef(DeprecatedString::null);
// Don't allow more than 200 total frames in a set. This seems
// like a reasonable upper bound, and otherwise mutually recursive
// frameset pages can quickly bring the program to its knees with
// exponential growth in the number of frames.
// FIXME: This limit could be higher, but WebKit has some
// algorithms that happen while loading which appear to be N^2 or
// worse in the number of frames
if (Frame* parentFrame = document()->frame())
if (parentFrame->page()->frameCount() > 200)
return false;
// We allow one level of self-reference because some sites depend on that.
// But we don't allow more than one.
bool foundSelfReference = false;
for (Frame* frame = document()->frame(); frame; frame = frame->tree()->parent()) {
KURL frameURL = frame->loader()->url();
frameURL.setRef(DeprecatedString::null);
if (frameURL == completeURL) {
if (foundSelfReference)
return false;
foundSelfReference = true;
}
}
return true;
}
bool HTMLElementImpl::isURLAllowed(const QString& url) const
{
KHTMLView *w = getDocument()->view();
KURL newURL(getDocument()->completeURL(url));
newURL.setRef(QString::null);
// Prohibit non-file URLs if we are asked to.
if (!w || w->part()->onlyLocalReferences() && newURL.protocol() != "file")
return false;
// do we allow this suburl ?
if ( !kapp || !kapp->kapp->authorizeURLAction("redirect", w->part()->url(), newURL) )
return false;
// We allow one level of self-reference because some sites depend on that.
// But we don't allow more than one.
bool foundSelfReference = false;
for (KHTMLPart *part = w->part(); part; part = part->parentPart()) {
KURL partURL = part->url();
partURL.setRef(QString::null);
if (partURL == newURL) {
if (foundSelfReference)
return false;
foundSelfReference = true;
}
}
return true;
}
void JSLocation::setHash(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
String oldRef = url.ref();
String str = value.toString(exec);
if (str.startsWith("#"))
str = str.substring(1);
if (oldRef == str || (oldRef.isNull() && str.isEmpty()))
return;
url.setRef(str);
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
static bool isURLAllowed(Document *doc, const String &url)
{
KURL newURL(doc->completeURL(url.deprecatedString()));
newURL.setRef(DeprecatedString::null);
if (doc->frame()->page()->frameCount() >= 200)
return false;
// We allow one level of self-reference because some sites depend on that.
// But we don't allow more than one.
bool foundSelfReference = false;
for (Frame *frame = doc->frame(); frame; frame = frame->tree()->parent()) {
KURL frameURL = frame->url();
frameURL.setRef(DeprecatedString::null);
if (frameURL == newURL) {
if (foundSelfReference)
return false;
foundSelfReference = true;
}
}
return true;
}
void ResourceHandleManager::initializeHandle(ResourceHandle* job)
{
KURL kurl = job->request().url();
// Remove any fragment part, otherwise curl will send it as part of the request.
kurl.setRef("");
ResourceHandleInternal* d = job->getInternal();
String url = kurl.string();
if (kurl.isLocalFile()) {
String query = kurl.query();
// Remove any query part sent to a local file.
if (!query.isEmpty())
url = url.left(url.find(query));
// Determine the MIME type based on the path.
d->m_response.setMimeType(MIMETypeRegistry::getMIMETypeForPath(url));
}
d->m_handle = curl_easy_init();
#ifndef NDEBUG
if (getenv("DEBUG_CURL"))
curl_easy_setopt(d->m_handle, CURLOPT_VERBOSE, 1);
#endif
curl_easy_setopt(d->m_handle, CURLOPT_PRIVATE, job);
curl_easy_setopt(d->m_handle, CURLOPT_ERRORBUFFER, m_curlErrorBuffer);
curl_easy_setopt(d->m_handle, CURLOPT_WRITEFUNCTION, writeCallback);
curl_easy_setopt(d->m_handle, CURLOPT_WRITEDATA, job);
curl_easy_setopt(d->m_handle, CURLOPT_HEADERFUNCTION, headerCallback);
curl_easy_setopt(d->m_handle, CURLOPT_WRITEHEADER, job);
curl_easy_setopt(d->m_handle, CURLOPT_AUTOREFERER, 1);
curl_easy_setopt(d->m_handle, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(d->m_handle, CURLOPT_MAXREDIRS, 10);
curl_easy_setopt(d->m_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_easy_setopt(d->m_handle, CURLOPT_SHARE, m_curlShareHandle);
curl_easy_setopt(d->m_handle, CURLOPT_DNS_CACHE_TIMEOUT, 60 * 5); // 5 minutes
// FIXME: Enable SSL verification when we have a way of shipping certs
// and/or reporting SSL errors to the user.
if (ignoreSSLErrors)
curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, false);
// enable gzip and deflate through Accept-Encoding:
curl_easy_setopt(d->m_handle, CURLOPT_ENCODING, "");
// url must remain valid through the request
ASSERT(!d->m_url);
// url is in ASCII so latin1() will only convert it to char* without character translation.
d->m_url = strdup(url.latin1().data());
curl_easy_setopt(d->m_handle, CURLOPT_URL, d->m_url);
if (m_cookieJarFileName) {
curl_easy_setopt(d->m_handle, CURLOPT_COOKIEFILE, m_cookieJarFileName);
curl_easy_setopt(d->m_handle, CURLOPT_COOKIEJAR, m_cookieJarFileName);
}
struct curl_slist* headers = 0;
if (job->request().httpHeaderFields().size() > 0) {
HTTPHeaderMap customHeaders = job->request().httpHeaderFields();
HTTPHeaderMap::const_iterator end = customHeaders.end();
for (HTTPHeaderMap::const_iterator it = customHeaders.begin(); it != end; ++it) {
String key = it->first;
String value = it->second;
String headerString(key);
headerString.append(": ");
headerString.append(value);
CString headerLatin1 = headerString.latin1();
headers = curl_slist_append(headers, headerLatin1.data());
}
}
if ("GET" == job->request().httpMethod())
curl_easy_setopt(d->m_handle, CURLOPT_HTTPGET, TRUE);
else if ("POST" == job->request().httpMethod())
setupPOST(job, &headers);
else if ("PUT" == job->request().httpMethod())
setupPUT(job, &headers);
else if ("HEAD" == job->request().httpMethod())
curl_easy_setopt(d->m_handle, CURLOPT_NOBODY, TRUE);
if (headers) {
curl_easy_setopt(d->m_handle, CURLOPT_HTTPHEADER, headers);
d->m_customHeaders = headers;
}
}
void tdeio_isoProtocol::listDir( const KURL & url )
{
kdDebug() << "tdeio_isoProtocol::listDir " << url.url() << endl;
TQString path;
if ( !checkNewFile( url.path(), path, url.hasRef() ? url.htmlRef().toInt() : -1 ) )
{
TQCString _path( TQFile::encodeName(url.path()));
kdDebug() << "Checking (stat) on " << _path << endl;
struct stat buff;
if ( ::stat( _path.data(), &buff ) == -1 || !S_ISDIR( buff.st_mode ) ) {
error( TDEIO::ERR_DOES_NOT_EXIST, url.path() );
return;
}
// It's a real dir -> redirect
KURL redir;
redir.setPath( url.path() );
if (url.hasRef()) redir.setRef(url.htmlRef());
kdDebug() << "Ok, redirection to " << redir.url() << endl;
redirection( redir );
finished();
// And let go of the iso file - for people who want to unmount a cdrom after that
delete m_isoFile;
m_isoFile = 0L;
return;
}
if ( path.isEmpty() )
{
KURL redir( TQString::fromLatin1( "iso:/") );
kdDebug() << "url.path()==" << url.path() << endl;
if (url.hasRef()) redir.setRef(url.htmlRef());
redir.setPath( url.path() + TQString::fromLatin1("/") );
kdDebug() << "tdeio_isoProtocol::listDir: redirection " << redir.url() << endl;
redirection( redir );
finished();
return;
}
kdDebug() << "checkNewFile done" << endl;
const KArchiveDirectory* root = m_isoFile->directory();
const KArchiveDirectory* dir;
if (!path.isEmpty() && path != "/")
{
kdDebug() << TQString(TQString("Looking for entry %1").arg(path)) << endl;
const KArchiveEntry* e = root->entry( path );
if ( !e )
{
error( TDEIO::ERR_DOES_NOT_EXIST, path );
return;
}
if ( ! e->isDirectory() )
{
error( TDEIO::ERR_IS_FILE, path );
return;
}
dir = (KArchiveDirectory*)e;
} else {
dir = root;
}
TQStringList l = dir->entries();
totalSize( l.count() );
UDSEntry entry;
TQStringList::Iterator it = l.begin();
for( ; it != l.end(); ++it )
{
kdDebug() << (*it) << endl;
const KArchiveEntry* isoEntry = dir->entry( (*it) );
createUDSEntry( isoEntry, entry );
listEntry( entry, false );
}
listEntry( entry, true ); // ready
finished();
kdDebug() << "tdeio_isoProtocol::listDir done" << endl;
}