From 92ce3b9365fe7a83f35505ecd026f8e0d5d96820 Mon Sep 17 00:00:00 2001
From: "zeniko@gmail.com" <zeniko@gmail.com>
Date: Tue, 18 Nov 2008 10:48:46 -0800
Subject: [PATCH 1/2] Bug 464620 - prevent dataloss from incorrectly restored
 sessions (r=dietrich, a=beltzner)

---
 .../sessionstore/src/nsSessionStore.js        | 37 ++++++++++++-------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/browser/components/sessionstore/src/nsSessionStore.js b/browser/components/sessionstore/src/nsSessionStore.js
index f8d287ffa33d..540e0a2e481f 100644
--- a/browser/components/sessionstore/src/nsSessionStore.js
+++ b/browser/components/sessionstore/src/nsSessionStore.js
@@ -1953,11 +1953,16 @@ SessionStoreService.prototype = {
       return;
     }
     
+    // always call this before injecting content into a document!
+    function hasExpectedURL(aDocument, aURL)
+      !aURL || aURL.replace(/#.*/, "") == aDocument.location.href.replace(/#.*/, "");
+    
     // restore text data saved by Firefox 2.0/3.0
     var textArray = this.__SS_restore_text ? this.__SS_restore_text.split(" ") : [];
-    function restoreTextData(aContent, aPrefix) {
+    function restoreTextData(aContent, aPrefix, aURL) {
       textArray.forEach(function(aEntry) {
-        if (/^((?:\d+\|)*)(#?)([^\s=]+)=(.*)$/.test(aEntry) && RegExp.$1 == aPrefix) {
+        if (/^((?:\d+\|)*)(#?)([^\s=]+)=(.*)$/.test(aEntry) &&
+            RegExp.$1 == aPrefix && hasExpectedURL(aContent.document, aURL)) {
           var document = aContent.document;
           var node = RegExp.$2 ? document.getElementById(RegExp.$3) : document.getElementsByName(RegExp.$3)[0] || null;
           if (node && "value" in node) {
@@ -1971,8 +1976,11 @@ SessionStoreService.prototype = {
       });
     }
     
-    function restoreFormData(aDocument, aData) {
+    function restoreFormData(aDocument, aData, aURL) {
       for (let key in aData) {
+        if (!hasExpectedURL(aDocument, aURL))
+          return;
+        
         let node = key.charAt(0) == "#" ? aDocument.getElementById(key.slice(1)) :
                                           XPathHelper.resolve(aDocument, key);
         if (!node)
@@ -2002,18 +2010,19 @@ SessionStoreService.prototype = {
     }
     
     let selectedPageStyle = this.__SS_restore_pageStyle;
+    let window = this.ownerDocument.defaultView;
     function restoreTextDataAndScrolling(aContent, aData, aPrefix) {
       if (aData.formdata)
-        restoreFormData(aContent.document, aData.formdata);
+        restoreFormData(aContent.document, aData.formdata, aData.url);
       else
-        restoreTextData(aContent, aPrefix);
+        restoreTextData(aContent, aPrefix, aData.url);
       if (aData.innerHTML) {
-        aContent.setTimeout(
-              function(aHTML) {
-                if (aContent.document.designMode == "on") {
-                  aContent.document.body.innerHTML = aHTML;
-                }
-              }, 0, aData.innerHTML);
+        window.setTimeout(function() {
+          if (aContent.document.designMode == "on" &&
+              hasExpectedURL(aContent.document, aData.url)) {
+            aContent.document.body.innerHTML = aData.innerHTML;
+          }
+        }, 0);
       }
       if (aData.scroll && /(\d+),(\d+)/.test(aData.scroll)) {
         aContent.scrollTo(RegExp.$1, RegExp.$2);
@@ -2022,7 +2031,8 @@ SessionStoreService.prototype = {
         aSS.disabled = aSS.title && aSS.title != selectedPageStyle;
       });
       for (var i = 0; i < aContent.frames.length; i++) {
-        if (aData.children && aData.children[i]) {
+        if (aData.children && aData.children[i] &&
+          hasExpectedURL(aContent.document, aData.url)) {
           restoreTextDataAndScrolling(aContent.frames[i], aData.children[i], aPrefix + i + "|");
         }
       }
@@ -2030,8 +2040,7 @@ SessionStoreService.prototype = {
     
     // don't restore text data and scrolling state if the user has navigated
     // away before the loading completed (except for in-page navigation)
-    if (!this.__SS_restore_data.url || this.currentURI.spec.replace(/#.*/, "") ==
-                                       this.__SS_restore_data.url.replace(/#.*/, "")) {
+    if (hasExpectedURL(aEvent.originalTarget, this.__SS_restore_data.url)) {
       var content = aEvent.originalTarget.defaultView;
       if (this.currentURI.spec == "about:config") {
         // unwrap the document for about:config because otherwise the properties

From 984229a6b029e67ce9faa7626472747896c7fd2c Mon Sep 17 00:00:00 2001
From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Tue, 18 Nov 2008 14:11:35 -0500
Subject: [PATCH 2/2] Bug 462806.  Don't init PSM to deal with random JARs. 
 Save that for signed JARs.  r=dveditz, sr=vlad, a=beltzner

---
 modules/libjar/nsJAR.cpp | 21 ++++++++++++---------
 modules/libjar/nsJAR.h   |  2 +-
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/modules/libjar/nsJAR.cpp b/modules/libjar/nsJAR.cpp
index 0c7955c6a832..15f84f7bb956 100644
--- a/modules/libjar/nsJAR.cpp
+++ b/modules/libjar/nsJAR.cpp
@@ -376,15 +376,8 @@ nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal)
     return NS_ERROR_NULL_POINTER;
   *aPrincipal = nsnull;
 
-  //-- Get the signature verifier service
-  nsresult rv;
-  nsCOMPtr<nsISignatureVerifier> verifier = 
-           do_GetService(SIGNATURE_VERIFIER_CONTRACTID, &rv);
-  if (NS_FAILED(rv)) // No signature verifier available
-    return NS_OK;
-
   //-- Parse the manifest
-  rv = ParseManifest(verifier);
+  nsresult rv = ParseManifest();
   if (NS_FAILED(rv)) return rv;
   if (mGlobalStatus == JAR_NO_MANIFEST)
     return NS_OK;
@@ -525,7 +518,7 @@ nsJAR::ReadLine(const char** src)
 #define JAR_SF_HEADER (const char*)"Signature-Version: 1.0"
 
 nsresult
-nsJAR::ParseManifest(nsISignatureVerifier* verifier)
+nsJAR::ParseManifest()
 {
   //-- Verification Step 1
   if (mParsedManifest)
@@ -612,6 +605,16 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
     return NS_OK;
   }
 
+  //-- Get the signature verifier service
+  nsCOMPtr<nsISignatureVerifier> verifier = 
+           do_GetService(SIGNATURE_VERIFIER_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) // No signature verifier available
+  {
+    mGlobalStatus = JAR_NO_MANIFEST;
+    mParsedManifest = PR_TRUE;
+    return NS_OK;
+  }
+
   //-- Verify that the signature file is a valid signature of the SF file
   PRInt32 verifyError;
   rv = verifier->VerifySignature(sigBuffer, sigLen, manifestBuffer, manifestLen, 
diff --git a/modules/libjar/nsJAR.h b/modules/libjar/nsJAR.h
index 4dd2210dc5d7..8129d97056c5 100644
--- a/modules/libjar/nsJAR.h
+++ b/modules/libjar/nsJAR.h
@@ -154,7 +154,7 @@ class nsJAR : public nsIZipReader, public nsIJAR
     //-- Private functions
     PRFileDesc* OpenFile();
 
-    nsresult ParseManifest(nsISignatureVerifier* verifier);
+    nsresult ParseManifest();
     void     ReportError(const char* aFilename, PRInt16 errorCode);
     nsresult LoadEntry(const char* aFilename, char** aBuf, 
                        PRUint32* aBufLen = nsnull);