diff options
| author | Benjamin Otte <otte@gnome.org> | 2009-12-18 18:16:03 +0800 |
|---|---|---|
| committer | Benjamin Otte <otte@gnome.org> | 2009-12-18 21:21:00 +0800 |
| commit | 6f69c3f879cc880d53dfb85081aef8462c3fad36 (patch) | |
| tree | a3665bc6a56b49fe6ef0a93a3674b7d04223e108 /embed | |
| parent | b6102135d673197eecdc6497d6153d00f6b75301 (diff) | |
| download | gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.gz gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.tar.zst gsoc2013-epiphany-6f69c3f879cc880d53dfb85081aef8462c3fad36.zip | |
Make form code safe against unnamed password/username elements
Diffstat (limited to 'embed')
| -rw-r--r-- | embed/ephy-web-view.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c index 2935ed2ad..c95539c96 100644 --- a/embed/ephy-web-view.c +++ b/embed/ephy-web-view.c @@ -1065,6 +1065,11 @@ form_submitted_cb (JSContextRef js_context, name_field_name = js_get_element_attribute (js_context, name_element, "name"); password_field_name = js_get_element_attribute (js_context, password_element, "name"); + if (!name_field_name || !password_field_name) { + g_free (name_field_name); + g_free (password_field_name); + return JSValueMakeUndefined (js_context); + } js_string = JSStringCreateWithUTF8CString ("value"); js_value = JSObjectGetProperty (js_context, name_element, js_string, NULL); @@ -1142,8 +1147,8 @@ pre_fill_form (JSContextRef js_context, EphyEmbedSingleFormAuthData *data = (EphyEmbedSingleFormAuthData*)p->data; char *username_field_name = js_get_element_attribute (js_context, username_element, "name"); char *password_field_name = js_get_element_attribute (js_context, password_element, "name"); - if (g_str_equal (username_field_name, data->form_username) && - g_str_equal (password_field_name, data->form_password)) { + if (g_strcmp0 (username_field_name, data->form_username) == 0 && + g_strcmp0 (password_field_name, data->form_password) == 0) { FillData *fill_data = g_slice_new (FillData); char *uri_str = soup_uri_to_string (uri, FALSE); |