зеркало из https://github.com/mozilla/pjs.git
Bug 239122 Liveconnect can be used to read any file on user's filesystem
enabling UniversalBrowserRead only during js calling applet r=jst, sr=brendan, a=chofmann
This commit is contained in:
Родитель
b29af615c1
Коммит
1da55256d2
|
@ -55,6 +55,8 @@
|
|||
# include "prmon.h"
|
||||
#endif
|
||||
|
||||
JSBool JSIsCallingApplet = JS_FALSE;
|
||||
|
||||
/*
|
||||
* At certain times during initialization, there may be no JavaScript context
|
||||
* available to direct error reports to, in which case the error messages
|
||||
|
@ -103,6 +105,7 @@ jclass jlClass; /* java.lang.Class */
|
|||
jclass jlBoolean; /* java.lang.Boolean */
|
||||
jclass jlDouble; /* java.lang.Double */
|
||||
jclass jlString; /* java.lang.String */
|
||||
jclass jaApplet; /* java.applet.Applet */
|
||||
jclass njJSObject; /* netscape.javascript.JSObject */
|
||||
jclass njJSException; /* netscape.javascript.JSException */
|
||||
jclass njJSUtil; /* netscape.javascript.JSUtil */
|
||||
|
@ -261,6 +264,8 @@ init_java_VM_reflection(JSJavaVM *jsjava_vm, JNIEnv *jEnv)
|
|||
LOAD_CLASS(java/lang/String, jlString);
|
||||
LOAD_CLASS(java/lang/Void, jlVoid);
|
||||
|
||||
LOAD_CLASS(java/applet/Applet, jaApplet);
|
||||
|
||||
LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass);
|
||||
LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass);
|
||||
LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass);
|
||||
|
@ -592,6 +597,7 @@ JSJ_DisconnectFromJavaVM(JSJavaVM *jsjava_vm)
|
|||
UNLOAD_CLASS(java/lang/Double, jlDouble);
|
||||
UNLOAD_CLASS(java/lang/String, jlString);
|
||||
UNLOAD_CLASS(java/lang/Void, jlVoid);
|
||||
UNLOAD_CLASS(java/applet/Applet, jaApplet);
|
||||
UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject);
|
||||
UNLOAD_CLASS(netscape/javascript/JSException, njJSException);
|
||||
UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil);
|
||||
|
@ -869,3 +875,10 @@ JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval v, jobject *vp)
|
|||
}
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
|
||||
JS_EXPORT_API(JSBool)
|
||||
JSJ_IsJSCallApplet()
|
||||
{
|
||||
return JSIsCallingApplet;
|
||||
}
|
||||
|
|
|
@ -654,6 +654,10 @@ JavaObject_getPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
|
|||
java_obj = java_wrapper->java_obj;
|
||||
field_val = method_val = JSVAL_VOID;
|
||||
|
||||
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||
JSIsCallingApplet = JS_TRUE;
|
||||
}
|
||||
|
||||
/* If a field member, get the value of the field */
|
||||
if (member_descriptor->field) {
|
||||
success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val);
|
||||
|
@ -777,6 +781,11 @@ JavaObject_setPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
|
|||
}
|
||||
|
||||
java_obj = java_wrapper->java_obj;
|
||||
|
||||
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||
JSIsCallingApplet = JS_TRUE;
|
||||
}
|
||||
|
||||
result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp);
|
||||
jsj_ExitJava(jsj_env);
|
||||
return result;
|
||||
|
|
|
@ -1375,9 +1375,9 @@ static JSBool
|
|||
invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env,
|
||||
jobject java_class_or_instance,
|
||||
JavaClassDescriptor *class_descriptor,
|
||||
JavaMethodSpec *method,
|
||||
JavaMethodSpec *method,
|
||||
JSBool is_static_method,
|
||||
jsval *argv, jsval *vp)
|
||||
jsval *argv, jsval *vp)
|
||||
{
|
||||
jvalue java_value;
|
||||
jvalue *jargv;
|
||||
|
@ -1803,6 +1803,10 @@ jsj_JavaInstanceMethodWrapper(JSContext *cx, JSObject *obj,
|
|||
if (!jEnv)
|
||||
return JS_FALSE;
|
||||
|
||||
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||
JSIsCallingApplet = JS_TRUE;
|
||||
}
|
||||
|
||||
/* Try to find an instance method with the given name first */
|
||||
member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id);
|
||||
if (member_descriptor)
|
||||
|
|
|
@ -301,6 +301,7 @@ extern jclass jlClass; /* java.lang.Class */
|
|||
extern jclass jlBoolean; /* java.lang.Boolean */
|
||||
extern jclass jlDouble; /* java.lang.Double */
|
||||
extern jclass jlString; /* java.lang.String */
|
||||
extern jclass jaApplet; /* java.applet.Applet */
|
||||
extern jclass njJSObject; /* netscape.javascript.JSObject */
|
||||
extern jclass njJSException; /* netscape.javascript.JSException */
|
||||
extern jclass njJSUtil; /* netscape.javascript.JSUtil */
|
||||
|
@ -352,6 +353,12 @@ extern jfieldID njJSException_filename; /* netscape.javascript.JSExceptio
|
|||
extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */
|
||||
extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */
|
||||
|
||||
/*
|
||||
* XXX, bug 146458,
|
||||
* whether we are doing a liveconnect call from javascript to java applet
|
||||
*/
|
||||
extern JSBool JSIsCallingApplet;
|
||||
|
||||
/**************** Java <==> JS conversions and Java types *******************/
|
||||
extern JSBool
|
||||
jsj_ComputeJavaClassSignature(JSContext *cx,
|
||||
|
|
|
@ -470,7 +470,10 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
JS_ASSERT((jsj_env->recursion_depth == 0) || (jsj_env->cx == cx));
|
||||
/* simultaneous calls from different JSContext are not allowed */
|
||||
if ((jsj_env->recursion_depth > 0) && (jsj_env->cx != cx))
|
||||
return NULL;
|
||||
|
||||
jsj_env->recursion_depth++;
|
||||
|
||||
/* bug #60018: prevent dangling pointer to JSContext */
|
||||
|
@ -485,6 +488,7 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
|
|||
extern void
|
||||
jsj_ExitJava(JSJavaThreadState *jsj_env)
|
||||
{
|
||||
JSIsCallingApplet = JS_FALSE;
|
||||
if (jsj_env) {
|
||||
JS_ASSERT(jsj_env->recursion_depth > 0);
|
||||
if (--jsj_env->recursion_depth == 0)
|
||||
|
|
|
@ -299,6 +299,9 @@ JSJ_ConvertJavaObjectToJSValue(JSContext *cx, jobject java_obj, jsval *vp);
|
|||
JS_EXPORT_API(JSBool)
|
||||
JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp);
|
||||
|
||||
JS_EXPORT_API(JSBool)
|
||||
JSJ_IsJSCallApplet();
|
||||
|
||||
JS_END_EXTERN_C
|
||||
|
||||
#endif /* _JSJAVA_H */
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
#include "nsCSecurityContext.h"
|
||||
#include "nsIScriptContext.h"
|
||||
#include "jvmmgr.h"
|
||||
#include "jsjava.h"
|
||||
|
||||
// For GetOrigin()
|
||||
|
||||
|
@ -87,7 +88,12 @@ nsCSecurityContext::Implies(const char* target, const char* action, PRBool *bAll
|
|||
// |m_HasUniversalBrowserReadCapability| into the out parameter
|
||||
// once Java's origin checking code is fixed.
|
||||
// See bug 146458 for details.
|
||||
*bAllowedAccess = PR_TRUE;
|
||||
if (JSJ_IsJSCallApplet()) {
|
||||
*bAllowedAccess = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
*bAllowedAccess = m_HasUniversalBrowserReadCapability;
|
||||
}
|
||||
} else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) {
|
||||
*bAllowedAccess = m_HasUniversalJavaCapability;
|
||||
} else {
|
||||
|
|
Загрузка…
Ссылка в новой задаче