Backing out last change that was intended for a branch, not the trunk.

2005-05-09 21:20:22 +00:00 · 2005-05-09 21:20:22 +00:00 · 7a2d6bac3c
--- a/xpinstall/src/nsJSInstallTriggerGlobal.cpp
+++ b/xpinstall/src/nsJSInstallTriggerGlobal.cpp
@ -143,39 +143,6 @@ static JSBool CreateNativeObject(JSContext *cx, JSObject *obj, nsIDOMInstallTrig
    return JS_TRUE;
 }

-//
-// Helper function for URI verification
-//
-static nsresult
-InstallTriggerCheckLoadURIFromScript(const nsAString& uriStr)
-{
-    nsresult rv;
-    nsCOMPtr<nsIScriptSecurityManager> secman(
-        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID,&rv));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // get the script base URI
-    nsCOMPtr<nsIURI> scriptURI;
-    nsCOMPtr<nsIPrincipal> principal;
-    rv = secman->GetSubjectPrincipal(getter_AddRefs(principal));
-    NS_ENSURE_SUCCESS(rv, rv);
-    if (!principal)
-        return NS_ERROR_FAILURE;
-
-    rv = principal->GetURI(getter_AddRefs(scriptURI));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // convert the requested URL string to a URI
-    nsCOMPtr<nsIURI> uri;
-    rv = NS_NewURI(getter_AddRefs(uri), uriStr);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // are we allowed to load this one?
-    rv = secman->CheckLoadURI(scriptURI, uri,
-                    nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA);
-    return rv;
-}
-
 //
 // Native method UpdateEnabled
 //
@ -248,7 +215,11 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
    }
  }

+  // if we can't create a security manager we might be in the wizard, allow
  PRBool abortLoad = PR_FALSE;
+  nsCOMPtr<nsIScriptSecurityManager> secman(
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
+

  // parse associative array of installs
  if ( argc >= 1 && JSVAL_IS_OBJECT(argv[0]) )
@ -296,6 +267,19 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
                xpiURL = NS_ConvertUTF8toUTF16(resolvedURL);
            }

+            // Make sure we're allowed to load this URL
+            if (secman)
+            {
+                nsCOMPtr<nsIURI> uri;
+                nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL);
+                if (NS_SUCCEEDED(rv))
+                {
+                    rv = secman->CheckLoadURIFromScript(cx, uri);
+                    if (NS_FAILED(rv))
+                        abortLoad = PR_TRUE;
+                }
+            }
+
            nsAutoString icon(iconURL);
            if (iconURL && baseURL)
            {
@ -304,28 +288,13 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
                icon = NS_ConvertUTF8toUTF16(resolvedIcon);
            }

-            // Make sure we're allowed to load this URL and the icon URL
-            nsresult rv = InstallTriggerCheckLoadURIFromScript(xpiURL);
-            if (NS_FAILED(rv))
+            nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() );
+            if ( item )
+            {
+                trigger->Add( item );
+            }
+            else
                abortLoad = PR_TRUE;
-
-            if (!abortLoad && iconURL)
-            {
-                rv = InstallTriggerCheckLoadURIFromScript(icon);
-                if (NS_FAILED(rv))
-                    abortLoad = PR_TRUE;
-            }
-
-            if (!abortLoad)
-            {
-                nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() );
-                if ( item )
-                {
-                    trigger->Add( item );
-                }
-                else
-                    abortLoad = PR_TRUE;
-            }
        }
        else
            abortLoad = PR_TRUE;
@ -424,9 +393,20 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva
    }

    // Make sure caller is allowed to load this url.
-    nsresult rv = InstallTriggerCheckLoadURIFromScript(sourceURL);
-    if (NS_FAILED(rv))
-        return JS_FALSE;
+    // if we can't create a security manager we might be in the wizard, allow
+    nsCOMPtr<nsIScriptSecurityManager> secman(
+        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
+    if (secman)
+    {
+        nsCOMPtr<nsIURI> uri;
+        nsresult rv = NS_NewURI(getter_AddRefs(uri), sourceURL);
+        if (NS_SUCCEEDED(rv))
+        {
+            rv = secman->CheckLoadURIFromScript(cx, uri);
+            if (NS_FAILED(rv))
+                return JS_FALSE;
+        }
+    }

    if ( chromeType & CHROME_ALL )
    {
@ -501,9 +481,20 @@ InstallTriggerGlobalStartSoftwareUpdate(JSContext *cx, JSObject *obj, uintN argc
    }

    // Make sure caller is allowed to load this url.
-    nsresult rv = InstallTriggerCheckLoadURIFromScript(xpiURL);
-    if (NS_FAILED(rv))
-        return JS_FALSE;
+    // if we can't create a security manager we might be in the wizard, allow
+    nsCOMPtr<nsIScriptSecurityManager> secman(
+        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
+    if (secman)
+    {
+        nsCOMPtr<nsIURI> uri;
+        nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL);
+        if (NS_SUCCEEDED(rv))
+        {
+            rv = secman->CheckLoadURIFromScript(cx, uri);
+            if (NS_FAILED(rv))
+                return JS_FALSE;
+        }
+    }

    if (argc >= 2 && !JS_ValueToInt32(cx, argv[1], (int32 *)&flags))
    {