diff --git a/toolkit/mozapps/downloads/content/downloads.js b/toolkit/mozapps/downloads/content/downloads.js index 89a7728e3fdd..3c6080d01379 100644 --- a/toolkit/mozapps/downloads/content/downloads.js +++ b/toolkit/mozapps/downloads/content/downloads.js @@ -42,6 +42,7 @@ const kObserverServiceProgID = "@mozilla.org/observer-service;1"; const NC_NS = "http://home.netscape.com/NC-rdf#"; const PREF_BDM_CLOSEWHENDONE = "browser.download.manager.closeWhenDone"; +const PREF_BDM_ALERTONEXEOPEN = "browser.download.manager.alertOnEXEOpen"; var gDownloadManager = null; var gDownloadListener = null; @@ -313,6 +314,33 @@ function onDownloadOpen(aEvent) if (f.exists()) { // XXXben security check! + if (f.isExecutable()) { + var dontAsk = false; + var pref = Components.classes["@mozilla.org/preferences-service;1"] + .getService(Components.interfaces.nsIPrefBranch); + try { + dontAsk = !pref.getBoolPref(PREF_BDM_ALERTONEXEOPEN); + } + catch (e) { } + + if (!dontAsk) { + var strings = document.getElementById("downloadStrings"); + var name = aEvent.target.getAttribute("target"); + var message = strings.getFormattedString("fileExecutableSecurityWarning", [name, name]); + + var title = strings.getString("fileExecutableSecurityWarningTitle"); + var dontAsk = strings.getString("fileExecutableSecurityWarningDontAsk"); + + var promptSvc = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService); + var checkbox = { value: false }; + var open = promptSvc.confirmCheck(window, title, message, dontAsk, checkbox); + + if (!open) + return; + else + pref.setBoolPref(PREF_BDM_ALERTONEXEOPEN, !checkbox.value); + } + } f.launch(); } else { diff --git a/toolkit/mozapps/downloads/locale/downloads.properties b/toolkit/mozapps/downloads/locale/downloads.properties index 89aaa42d5044..a970a5ad375c 100644 --- a/toolkit/mozapps/downloads/locale/downloads.properties +++ b/toolkit/mozapps/downloads/locale/downloads.properties @@ -36,4 +36,9 @@ fileDoesNotExistShowErrorUnix=%S does not exist. (Perhaps you moved it from the chooseAppFilePickerTitle=Open With... downloadsTitle=%S%% of 1 file - Downloads -downloadsTitleMultiple=%S%% of %S files - Downloads \ No newline at end of file +downloadsTitleMultiple=%S%% of %S files - Downloads + +fileExecutableSecurityWarning="%S" is an executable file. Executable files may contain viruses or other malicious code that could harm your computer. Use caution when opening this file. Are you sure you want to launch "%S"? +fileExecutableSecurityWarningTitle=Open Executable File? +fileExecutableSecurityWarningDontAsk=Don't ask me this again + diff --git a/toolkit/mozapps/installer/windows/wizard/setup/dialogs.c b/toolkit/mozapps/installer/windows/wizard/setup/dialogs.c index 32b5901fe8e6..af4fe09a228d 100644 --- a/toolkit/mozapps/installer/windows/wizard/setup/dialogs.c +++ b/toolkit/mozapps/installer/windows/wizard/setup/dialogs.c @@ -41,6 +41,9 @@ // commdlg.h is needed to build with WIN32_LEAN_AND_MEAN #include +// Turn off default to safe upgrade for 0.8... until we can guarantee that we won't be deleting other files. +#define DEFAULT_SAFE_UPGRADE FALSE + static WNDPROC OldListBoxWndProc; static DWORD gdwACFlag; static BOOL gDidShowUpgradePanel; @@ -118,7 +121,7 @@ void InitSequence(HINSTANCE hInstance) // If we're not showing the Upgrade dialog, we need to set some state to // tell the installer to default to a Safe Install. - sgProduct.doCleanupOnUpgrade = TRUE; + sgProduct.doCleanupOnUpgrade = DEFAULT_SAFE_UPGRADE; } if (diSelectComponents.bShowDialog) { @@ -337,6 +340,7 @@ LRESULT CALLBACK DlgProcLicense(HWND hDlg, UINT msg, WPARAM wParam, LONG lParam) // Check the "Decline" Radio button by default. CheckDlgButton(hDlg, IDC_RADIO_DECLINE, BST_CHECKED); SendMessage(GetDlgItem(hDlg, IDC_RADIO_DECLINE), BM_SETCHECK, BST_CHECKED, 0); + PropSheet_SetWizButtons(GetParent(hDlg), PSWIZB_BACK); // License Text lstrcpy(szBuf, szSetupDir); @@ -592,7 +596,7 @@ void CheckForUpgrade(HWND aPanel, int aNextPanel) if(sgProduct.mode == NORMAL) nextPanel = DLG_UPGRADE; else { - sgProduct.doCleanupOnUpgrade = TRUE; + sgProduct.doCleanupOnUpgrade = DEFAULT_SAFE_UPGRADE; nextPanel = aNextPanel; } }