aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Otte <otte@gnome.org>2009-12-18 18:16:03 +0800
committerBenjamin Otte <otte@gnome.org>2009-12-18 21:21:00 +0800
commit6f69c3f879cc880d53dfb85081aef8462c3fad36 (patch)
treea3665bc6a56b49fe6ef0a93a3674b7d04223e108
parentb6102135d673197eecdc6497d6153d00f6b75301 (diff)
downloadgsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.gz
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.bz2
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.lz
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.xz
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.zst
gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.zip
Make form code safe against unnamed password/username elements
-rw-r--r--embed/ephy-web-view.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index 2935ed2ad..c95539c96 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -1065,6 +1065,11 @@ form_submitted_cb (JSContextRef js_context,
name_field_name = js_get_element_attribute (js_context, name_element, "name");
password_field_name = js_get_element_attribute (js_context, password_element, "name");
+ if (!name_field_name || !password_field_name) {
+ g_free (name_field_name);
+ g_free (password_field_name);
+ return JSValueMakeUndefined (js_context);
+ }
js_string = JSStringCreateWithUTF8CString ("value");
js_value = JSObjectGetProperty (js_context, name_element, js_string, NULL);
@@ -1142,8 +1147,8 @@ pre_fill_form (JSContextRef js_context,
EphyEmbedSingleFormAuthData *data = (EphyEmbedSingleFormAuthData*)p->data;
char *username_field_name = js_get_element_attribute (js_context, username_element, "name");
char *password_field_name = js_get_element_attribute (js_context, password_element, "name");
- if (g_str_equal (username_field_name, data->form_username) &&
- g_str_equal (password_field_name, data->form_password)) {
+ if (g_strcmp0 (username_field_name, data->form_username) == 0 &&
+ g_strcmp0 (password_field_name, data->form_password) == 0) {
FillData *fill_data = g_slice_new (FillData);
char *uri_str = soup_uri_to_string (uri, FALSE);