Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev am: af0b4466ff am: 8940d2b0ff am: bb27626141 am: 6c35cf2434 am: 42a5983364 am: 75095e6f02 am: 7c625e1938 am: 54a62d5feb

Browse Source 
am: a5a2c88fb3

* commit 'a5a2c88fb3ac43315575de94696c837cb6b88c35':
  Don't pass URL path and username/password to PAC scripts

Change-Id: Ia33d40ae5d4b6ee0cd3cfcdc8587d6002603f128
This commit is contained in:
Paul Jensen
2016-05-26 15:13:07 +00:00
committed by android-build-merger
parent 040cf14047 a5a2c88fb3
commit 7ff57eaff9
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/net/PacProxySelector.java
View File

@@ -30,6 +30,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
/**
@@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
// Strip path and username/password from URI so it's not visible to PAC script. The
// path often contains credentials the app does not want exposed to a potentially
// malicious PAC script.
if (!"http".equalsIgnoreCase(uri.getScheme())) {
uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
}
urlString = uri.toURL().toString();
} catch (URISyntaxException e) {
urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}