]> git.saurik.com Git - cydia.git/commitdiff
projects / cydia.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1baae08)
Only send X-Cydia-Token to vaguely trusted hosts.
authorJay Freeman (saurik) <saurik@saurik.com>
Wed, 9 Mar 2011 13:06:14 +0000 (05:06 -0800)
committerJay Freeman (saurik) <saurik@saurik.com>
Wed, 9 Mar 2011 13:07:54 +0000 (05:07 -0800)
MobileCydia.mm patch | blob | blame | history

diff --git a/MobileCydia.mm b/MobileCydia.mm
index 1f62b2bfa7664f041f479f635cde607e6d54e917..3c11b91e17f5504b3db0b38d6aa50f968b7b24d0 100644 (file)
--- a/MobileCydia.mm
+++ b/MobileCydia.mm
@@ -709,6 +709,7 @@ static NSString *Idiom_;
 static _H<NSMutableDictionary> SessionData_;
 static _H<NSObject> HostConfig_;
 static _H<NSMutableSet> BridgedHosts_;
+static _H<NSMutableSet> TokenHosts_;
 static _H<NSMutableSet> PipelinedHosts_;
 static _H<NSMutableSet> CachedURLs_;
 
@@ -3841,6 +3842,8 @@ static _H<NSMutableSet> Diversions_;
         return @"addInternalRedirect";
     else if (selector == @selector(addPipelinedHost:scheme:))
         return @"addPipelinedHost";
+    else if (selector == @selector(addTokenHost:))
+        return @"addTokenHost";
     else if (selector == @selector(addTrivialSource:))
         return @"addTrivialSource";
     else if (selector == @selector(close))
@@ -3995,6 +3998,11 @@ static _H<NSMutableSet> Diversions_;
     [BridgedHosts_ addObject:host];
 } }
 
+- (void) addTokenHost:(NSString *)host {
+@synchronized (HostConfig_) {
+    [TokenHosts_ addObject:host];
+} }
+
 - (void) addPipelinedHost:(NSString *)host scheme:(NSString *)scheme {
 @synchronized (HostConfig_) {
     if (scheme != (id) [WebUndefined undefined])
@@ -4263,14 +4271,25 @@ static _H<NSMutableSet> Diversions_;
 }
 
 - (NSURLRequest *) webView:(WebView *)view resource:(id)resource willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response fromDataSource:(WebDataSource *)source {
+    NSURL *url([request URL]);
+    NSString *host([url host]);
+
     NSMutableURLRequest *copy([[super webView:view resource:resource willSendRequest:request redirectResponse:response fromDataSource:source] mutableCopy]);
 
     if (System_ != NULL && [copy valueForHTTPHeaderField:@"X-System"] == nil)
         [copy setValue:System_ forHTTPHeaderField:@"X-System"];
     if (Machine_ != NULL && [copy valueForHTTPHeaderField:@"X-Machine"] == nil)
         [copy setValue:[NSString stringWithUTF8String:Machine_] forHTTPHeaderField:@"X-Machine"];
-    if (Token_ != nil && [copy valueForHTTPHeaderField:@"X-Cydia-Token"] == nil)
-        [copy setValue:Token_ forHTTPHeaderField:@"X-Cydia-Token"];
+
+    bool token;
+    @synchronized (HostConfig_) {
+        token = [TokenHosts_ containsObject:host];
+    }
+
+    if (token) {
+        if (Token_ != nil && [copy valueForHTTPHeaderField:@"X-Cydia-Token"] == nil)
+            [copy setValue:Token_ forHTTPHeaderField:@"X-Cydia-Token"];
+    }
 
     return copy;
 }
@@ -9672,6 +9691,7 @@ int main(int argc, char *argv[]) {
     HostConfig_ = [[[NSObject alloc] init] autorelease];
     @synchronized (HostConfig_) {
         BridgedHosts_ = [NSMutableSet setWithCapacity:4];
+        TokenHosts_ = [NSMutableSet setWithCapacity:4];
         PipelinedHosts_ = [NSMutableSet setWithCapacity:4];
         CachedURLs_ = [NSMutableSet setWithCapacity:32];
     }
Cydia Installer