XForms Bug 316931 - Switch submission security code to use nsIPrincipal. r=bz,allan

2006-01-11 17:05:17 +00:00 · 2006-01-11 17:05:17 +00:00 · 8b3589937d
--- a/extensions/xforms/nsXFormsInstanceElement.cpp
+++ b/extensions/xforms/nsXFormsInstanceElement.cpp
@ -183,7 +183,7 @@ nsXFormsInstanceElement::OnChannelRedirect(nsIChannel *OldChannel,
  nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
  NS_ENSURE_STATE(doc);

-  if (!nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), newURI)) {
+  if (!nsXFormsUtils::CheckSameOrigin(doc, newURI)) {
    nsXFormsUtils::ReportError(NS_LITERAL_STRING("instanceLoadOrigin"), domDoc);
    return NS_ERROR_ABORT;
  }
@ -535,7 +535,7 @@ nsXFormsInstanceElement::LoadExternalInstance(const nsAString &aSrc)
        NS_NewURI(getter_AddRefs(uri), aSrc,
                  doc->GetDocumentCharacterSet().get(), doc->GetDocumentURI());
        if (uri) {
-          if (nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), uri)) {
+          if (nsXFormsUtils::CheckSameOrigin(doc, uri)) {
            nsCOMPtr<nsILoadGroup> loadGroup;
            loadGroup = doc->GetDocumentLoadGroup();
            NS_WARN_IF_FALSE(loadGroup, "No load group!");
--- a/extensions/xforms/nsXFormsLabelElement.cpp
+++ b/extensions/xforms/nsXFormsLabelElement.cpp
@ -216,7 +216,7 @@ nsXFormsLabelElement::LoadExternalLabel(const nsAString& aSrc)
    NS_NewURI(getter_AddRefs(uri), aSrc, doc->GetDocumentCharacterSet().get(),
              doc->GetDocumentURI());
    if (uri) {
-      if (nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), uri)) {
+      if (nsXFormsUtils::CheckSameOrigin(doc, uri)) {
        nsCOMPtr<nsILoadGroup> loadGroup;
        loadGroup = doc->GetDocumentLoadGroup();
        NS_WARN_IF_FALSE(loadGroup, "No load group!");
--- a/extensions/xforms/nsXFormsSubmissionElement.cpp
+++ b/extensions/xforms/nsXFormsSubmissionElement.cpp
@ -74,7 +74,6 @@
 #include "nsIMultiplexInputStream.h"
 #include "nsIMIMEInputStream.h"
 #include "nsINameSpaceManager.h"
-#include "nsIDocument.h"
 #include "nsIContent.h"
 #include "nsIFileURL.h"
 #include "nsIMIMEService.h"
@ -381,7 +380,7 @@ nsXFormsSubmissionElement::OnChannelRedirect(nsIChannel *aOldChannel,
  nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
  NS_ENSURE_STATE(doc);

-  if (!CheckSameOrigin(doc->GetDocumentURI(), newURI)) {
+  if (!CheckSameOrigin(doc, newURI)) {
    nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"),
                               mElement);
    return NS_ERROR_ABORT;
@ -947,7 +946,7 @@ nsXFormsSubmissionElement::SerializeDataXML(nsIDOMNode *data,
 }

 PRBool
-nsXFormsSubmissionElement::CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI)
+nsXFormsSubmissionElement::CheckSameOrigin(nsIDocument *aBaseDocument, nsIURI *aTestURI)
 {
  // we default to true to allow regular posts to work like html forms.
  PRBool allowSubmission = PR_TRUE;
@ -966,25 +965,22 @@ nsXFormsSubmissionElement::CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI)

    // if same origin is required, default to false
    allowSubmission = PR_FALSE;
+    nsIURI *baseURI = aBaseDocument->GetDocumentURI();

-    // if we don't replace the instance, we allow file:// and chrome://
-    // to submit data anywhere
+    // if we don't replace the instance, we allow file:// to submit data anywhere
    if (!mIsReplaceInstance) {
-      aBaseURI->SchemeIs("file", &allowSubmission);
-      if (!allowSubmission) {
-        aBaseURI->SchemeIs("chrome", &allowSubmission);
-      }
+      baseURI->SchemeIs("file", &allowSubmission);
    }

    // let's check the permission manager
    if (!allowSubmission) {
-      allowSubmission = CheckPermissionManager(aBaseURI);
+      allowSubmission = CheckPermissionManager(baseURI);
    }

    // if none of the above checks have allowed the submission, we do a
    // same origin check.
    if (!allowSubmission) {
-      allowSubmission = nsXFormsUtils::CheckSameOrigin(aBaseURI, aTestURI);
+      allowSubmission = nsXFormsUtils::CheckSameOrigin(aBaseDocument, aTestURI);
    }
  }

@ -1919,7 +1915,7 @@ nsXFormsSubmissionElement::SendData(const nsCString &uriSpec,
    }
  }

-  if (!CheckSameOrigin(doc->GetDocumentURI(), uri)) {
+  if (!CheckSameOrigin(doc, uri)) {
    nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"),
                               mElement);
    return NS_ERROR_ABORT;
--- a/extensions/xforms/nsXFormsSubmissionElement.h
+++ b/extensions/xforms/nsXFormsSubmissionElement.h
@ -49,6 +49,7 @@
 #include "nsIChannelEventSink.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsHashSets.h"
+#include "nsIDocument.h"


 class nsIMultiplexInputStream;
@ -130,7 +131,7 @@ private:
   * @return true if aTestURI has the same origin as aBaseURI or if
   * there is no need for a same origin check.
   */
-  PRBool CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI);
+  PRBool CheckSameOrigin(nsIDocument *aBaseDocument, nsIURI *aTestURI);
  PRBool CheckPermissionManager(nsIURI *aBaseURI);
  nsresult AddNameSpaces(nsIDOMElement* aTarget, nsIDOMNode* aSource,
                         nsStringHashSet* aPrefixHash);
--- a/extensions/xforms/nsXFormsUtils.cpp
+++ b/extensions/xforms/nsXFormsUtils.cpp
@ -1107,18 +1107,37 @@ nsXFormsUtils::FindParentContext(nsIDOMElement           *aElement,
 }

 /* static */ PRBool
-nsXFormsUtils::CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI)
+nsXFormsUtils::CheckSameOrigin(nsIDocument *aBaseDocument, nsIURI *aTestURI)
 {
  nsresult rv;

-  // check to see if we're allowed to load this URI
+  // get the base document's principal
+  nsIPrincipal *basePrincipal = aBaseDocument->GetPrincipal();
+
+  if (basePrincipal) {
+    // check for the UniversalBrowserRead capability.
+    PRBool crossSiteAccessEnabled;
+    rv = basePrincipal->IsCapabilityEnabled("UniversalBrowserRead", nsnull,
+                                            &crossSiteAccessEnabled);
+    if (NS_SUCCEEDED(rv) && crossSiteAccessEnabled)
+      return PR_TRUE;
+
+    // check the security manager and do a same original check on the principal
  nsCOMPtr<nsIScriptSecurityManager> secMan =
      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
  if (secMan) {
-    rv = secMan->CheckSameOriginURI(aBaseURI, aTestURI);
+      // get a principal for the uri we are testing
+      nsCOMPtr<nsIPrincipal> testPrincipal;
+      rv = secMan->GetCodebasePrincipal(aTestURI, getter_AddRefs(testPrincipal));
+
+      if (NS_SUCCEEDED(rv)) {
+        rv = secMan->CheckSameOriginPrincipal(aBaseDocument->GetPrincipal(),
+                                              testPrincipal);
    if (NS_SUCCEEDED(rv))
      return PR_TRUE;
  }
+    }
+  }

  // else, check with the permission manager to see if this host is
  // permitted to access sites from other domains.
@ -1126,7 +1145,8 @@ nsXFormsUtils::CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI)
  nsCOMPtr<nsIPermissionManager> permMgr =
      do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
  PRUint32 perm;
-  rv = permMgr->TestPermission(aBaseURI, "xforms-load", &perm);
+  rv = permMgr->TestPermission(aBaseDocument->GetDocumentURI(), "xforms-load",
+                               &perm);
  if (NS_SUCCEEDED(rv) && perm == nsIPermissionManager::ALLOW_ACTION)
    return PR_TRUE; 

--- a/extensions/xforms/nsXFormsUtils.h
+++ b/extensions/xforms/nsXFormsUtils.h
@ -44,6 +44,7 @@
 #include "nsCOMPtr.h"
 #include "nsCOMArray.h"
 #include "nsIDOMNode.h"
+#include "nsIDocument.h"
 #include "nsIDOMXPathResult.h"
 #include "nsIModelElementPrivate.h"
 #include "nsIScriptError.h"
@ -351,9 +352,9 @@ public:
                                                PRInt32                 *aContextSize);

  /**
-   * @return true if aTestURI has the same origin as aBaseURI
+   * @return true if aTestURI has the same origin as aBaseDocument
   */
-  static NS_HIDDEN_(PRBool) CheckSameOrigin(nsIURI *aBaseURI,
+  static NS_HIDDEN_(PRBool) CheckSameOrigin(nsIDocument *aBaseDocument,
                                            nsIURI *aTestURI);

  /**