angler-fishThe Vulnerability History Project

Fix an issue that download filename from content disposition is not sanitized

      The filename from content disposition may not be sanitized.
This change uses net::GetSuggestedFileName() to sanitize the filename
before passing it to java.
Also, there is no need to call URLUtil.guessFileName() since
GetSuggestedFileName() will always return a non-null value.

BUG=570750

Review URL: https://codereview.chromium.org/1717783002

Cr-Commit-Position: refs/heads/master@{#377447}
by Noah the Jack Russel 2016-02-25 01:10:38 UTC
commit 168f723d0f0ce60d92a6307c754181f6d8644583
Chromium Fix CVE-2016-1656
chrome/android/java/src/org/chromium/chrome/browser/download/ChromeDownloadDelegate.java
+54 -4
chrome/android/javatests/src/org/chromium/chrome/browser/download/ChromeDownloadDelegateTest.java
+47
chrome/browser/android/download/download_manager_service.cc
-4
content/browser/android/download_controller_android_impl.cc
+4 -13
content/browser/android/download_controller_android_impl.h
-3
content/public/browser/android/download_controller_android.h
-4
expand_less