1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com)
7 * Copyright (C) 2008 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Library General Public
11 * License as published by the Free Software Foundation; either
12 * version 2 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Library General Public License for more details.
18 *
19 * You should have received a copy of the GNU Library General Public License
20 * along with this library; see the file COPYING.LIB. If not, write to
21 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
22 * Boston, MA 02110-1301, USA.
23 */
24
25 #include "config.h"
26 #include "platform/network/FormDataBuilder.h"
27
28 #include <limits>
29 #include "wtf/CryptographicallyRandomNumber.h"
30 #include "wtf/HexNumber.h"
31 #include "wtf/text/CString.h"
32 #include "wtf/text/TextEncoding.h"
33
34 namespace blink {
35
36 // Helper functions
append(Vector<char> & buffer,char string)37 static inline void append(Vector<char>& buffer, char string)
38 {
39 buffer.append(string);
40 }
41
append(Vector<char> & buffer,const char * string)42 static inline void append(Vector<char>& buffer, const char* string)
43 {
44 buffer.append(string, strlen(string));
45 }
46
append(Vector<char> & buffer,const CString & string)47 static inline void append(Vector<char>& buffer, const CString& string)
48 {
49 buffer.append(string.data(), string.length());
50 }
51
appendQuotedString(Vector<char> & buffer,const CString & string)52 static void appendQuotedString(Vector<char>& buffer, const CString& string)
53 {
54 // Append a string as a quoted value, escaping quotes and line breaks.
55 // FIXME: Is it correct to use percent escaping here? Other browsers do not encode these characters yet,
56 // so we should test popular servers to find out if there is an encoding form they can handle.
57 size_t length = string.length();
58 for (size_t i = 0; i < length; ++i) {
59 char c = string.data()[i];
60
61 switch (c) {
62 case 0x0a:
63 append(buffer, "%0A");
64 break;
65 case 0x0d:
66 append(buffer, "%0D");
67 break;
68 case '"':
69 append(buffer, "%22");
70 break;
71 default:
72 append(buffer, c);
73 }
74 }
75 }
76
encodingFromAcceptCharset(const String & acceptCharset,const String & inputEncoding,const String & defaultCharset)77 WTF::TextEncoding FormDataBuilder::encodingFromAcceptCharset(const String& acceptCharset, const String& inputEncoding, const String& defaultCharset)
78 {
79 String normalizedAcceptCharset = acceptCharset;
80 normalizedAcceptCharset.replace(',', ' ');
81
82 Vector<String> charsets;
83 normalizedAcceptCharset.split(' ', charsets);
84
85 WTF::TextEncoding encoding;
86
87 Vector<String>::const_iterator end = charsets.end();
88 for (Vector<String>::const_iterator it = charsets.begin(); it != end; ++it) {
89 if ((encoding = WTF::TextEncoding(*it)).isValid())
90 return encoding;
91 }
92
93 if (inputEncoding.isEmpty()) {
94 if (defaultCharset.isEmpty())
95 return WTF::UTF8Encoding();
96
97 return defaultCharset;
98 }
99
100 return inputEncoding;
101 }
102
generateUniqueBoundaryString()103 Vector<char> FormDataBuilder::generateUniqueBoundaryString()
104 {
105 Vector<char> boundary;
106
107 // The RFC 2046 spec says the alphanumeric characters plus the
108 // following characters are legal for boundaries: '()+_,-./:=?
109 // However the following characters, though legal, cause some sites
110 // to fail: (),./:=+
111 // Note that our algorithm makes it twice as much likely for 'A' or 'B'
112 // to appear in the boundary string, because 0x41 and 0x42 are present in
113 // the below array twice.
114 static const char alphaNumericEncodingMap[64] = {
115 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
116 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50,
117 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
118 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
119 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E,
120 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76,
121 0x77, 0x78, 0x79, 0x7A, 0x30, 0x31, 0x32, 0x33,
122 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42
123 };
124
125 // Start with an informative prefix.
126 append(boundary, "----WebKitFormBoundary");
127
128 // Append 16 random 7bit ascii AlphaNumeric characters.
129 Vector<char> randomBytes;
130
131 for (unsigned i = 0; i < 4; ++i) {
132 uint32_t randomness = cryptographicallyRandomNumber();
133 randomBytes.append(alphaNumericEncodingMap[(randomness >> 24) & 0x3F]);
134 randomBytes.append(alphaNumericEncodingMap[(randomness >> 16) & 0x3F]);
135 randomBytes.append(alphaNumericEncodingMap[(randomness >> 8) & 0x3F]);
136 randomBytes.append(alphaNumericEncodingMap[randomness & 0x3F]);
137 }
138
139 boundary.appendVector(randomBytes);
140 boundary.append(0); // Add a 0 at the end so we can use this as a C-style string.
141 return boundary;
142 }
143
beginMultiPartHeader(Vector<char> & buffer,const CString & boundary,const CString & name)144 void FormDataBuilder::beginMultiPartHeader(Vector<char>& buffer, const CString& boundary, const CString& name)
145 {
146 addBoundaryToMultiPartHeader(buffer, boundary);
147
148 // FIXME: This loses data irreversibly if the input name includes characters you can't encode
149 // in the website's character set.
150 append(buffer, "Content-Disposition: form-data; name=\"");
151 appendQuotedString(buffer, name);
152 append(buffer, '"');
153 }
154
addBoundaryToMultiPartHeader(Vector<char> & buffer,const CString & boundary,bool isLastBoundary)155 void FormDataBuilder::addBoundaryToMultiPartHeader(Vector<char>& buffer, const CString& boundary, bool isLastBoundary)
156 {
157 append(buffer, "--");
158 append(buffer, boundary);
159
160 if (isLastBoundary)
161 append(buffer, "--");
162
163 append(buffer, "\r\n");
164 }
165
addFilenameToMultiPartHeader(Vector<char> & buffer,const WTF::TextEncoding & encoding,const String & filename)166 void FormDataBuilder::addFilenameToMultiPartHeader(Vector<char>& buffer, const WTF::TextEncoding& encoding, const String& filename)
167 {
168 // FIXME: This loses data irreversibly if the filename includes characters you can't encode
169 // in the website's character set.
170 append(buffer, "; filename=\"");
171 appendQuotedString(buffer, encoding.normalizeAndEncode(filename, WTF::QuestionMarksForUnencodables));
172 append(buffer, '"');
173 }
174
addContentTypeToMultiPartHeader(Vector<char> & buffer,const CString & mimeType)175 void FormDataBuilder::addContentTypeToMultiPartHeader(Vector<char>& buffer, const CString& mimeType)
176 {
177 append(buffer, "\r\nContent-Type: ");
178 append(buffer, mimeType);
179 }
180
finishMultiPartHeader(Vector<char> & buffer)181 void FormDataBuilder::finishMultiPartHeader(Vector<char>& buffer)
182 {
183 append(buffer, "\r\n\r\n");
184 }
185
addKeyValuePairAsFormData(Vector<char> & buffer,const CString & key,const CString & value,FormData::EncodingType encodingType)186 void FormDataBuilder::addKeyValuePairAsFormData(Vector<char>& buffer, const CString& key, const CString& value, FormData::EncodingType encodingType)
187 {
188 if (encodingType == FormData::TextPlain) {
189 if (!buffer.isEmpty())
190 append(buffer, "\r\n");
191 append(buffer, key);
192 append(buffer, '=');
193 append(buffer, value);
194 } else {
195 if (!buffer.isEmpty())
196 append(buffer, '&');
197 encodeStringAsFormData(buffer, key);
198 append(buffer, '=');
199 encodeStringAsFormData(buffer, value);
200 }
201 }
202
encodeStringAsFormData(Vector<char> & buffer,const CString & string)203 void FormDataBuilder::encodeStringAsFormData(Vector<char>& buffer, const CString& string)
204 {
205 // Same safe characters as Netscape for compatibility.
206 static const char safeCharacters[] = "-._*";
207
208 // http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1
209 unsigned length = string.length();
210 for (unsigned i = 0; i < length; ++i) {
211 unsigned char c = string.data()[i];
212
213 if ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || strchr(safeCharacters, c))
214 append(buffer, c);
215 else if (c == ' ')
216 append(buffer, '+');
217 else if (c == '\n' || (c == '\r' && (i + 1 >= length || string.data()[i + 1] != '\n')))
218 append(buffer, "%0D%0A");
219 else if (c != '\r') {
220 append(buffer, '%');
221 appendByteAsHex(c, buffer);
222 }
223 }
224 }
225
226 }
227