зеркало из https://github.com/mozilla/pjs.git
Backing out last change that was intended for a branch, not the trunk.
This commit is contained in:
Родитель
dc89582656
Коммит
7a2d6bac3c
|
@ -143,39 +143,6 @@ static JSBool CreateNativeObject(JSContext *cx, JSObject *obj, nsIDOMInstallTrig
|
|||
return JS_TRUE;
|
||||
}
|
||||
|
||||
//
|
||||
// Helper function for URI verification
|
||||
//
|
||||
static nsresult
|
||||
InstallTriggerCheckLoadURIFromScript(const nsAString& uriStr)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIScriptSecurityManager> secman(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID,&rv));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// get the script base URI
|
||||
nsCOMPtr<nsIURI> scriptURI;
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = secman->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (!principal)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
rv = principal->GetURI(getter_AddRefs(scriptURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// convert the requested URL string to a URI
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = NS_NewURI(getter_AddRefs(uri), uriStr);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// are we allowed to load this one?
|
||||
rv = secman->CheckLoadURI(scriptURI, uri,
|
||||
nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA);
|
||||
return rv;
|
||||
}
|
||||
|
||||
//
|
||||
// Native method UpdateEnabled
|
||||
//
|
||||
|
@ -248,7 +215,11 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
|
|||
}
|
||||
}
|
||||
|
||||
// if we can't create a security manager we might be in the wizard, allow
|
||||
PRBool abortLoad = PR_FALSE;
|
||||
nsCOMPtr<nsIScriptSecurityManager> secman(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
|
||||
|
||||
// parse associative array of installs
|
||||
if ( argc >= 1 && JSVAL_IS_OBJECT(argv[0]) )
|
||||
|
@ -296,6 +267,19 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
|
|||
xpiURL = NS_ConvertUTF8toUTF16(resolvedURL);
|
||||
}
|
||||
|
||||
// Make sure we're allowed to load this URL
|
||||
if (secman)
|
||||
{
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
rv = secman->CheckLoadURIFromScript(cx, uri);
|
||||
if (NS_FAILED(rv))
|
||||
abortLoad = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
nsAutoString icon(iconURL);
|
||||
if (iconURL && baseURL)
|
||||
{
|
||||
|
@ -304,28 +288,13 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg
|
|||
icon = NS_ConvertUTF8toUTF16(resolvedIcon);
|
||||
}
|
||||
|
||||
// Make sure we're allowed to load this URL and the icon URL
|
||||
nsresult rv = InstallTriggerCheckLoadURIFromScript(xpiURL);
|
||||
if (NS_FAILED(rv))
|
||||
nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() );
|
||||
if ( item )
|
||||
{
|
||||
trigger->Add( item );
|
||||
}
|
||||
else
|
||||
abortLoad = PR_TRUE;
|
||||
|
||||
if (!abortLoad && iconURL)
|
||||
{
|
||||
rv = InstallTriggerCheckLoadURIFromScript(icon);
|
||||
if (NS_FAILED(rv))
|
||||
abortLoad = PR_TRUE;
|
||||
}
|
||||
|
||||
if (!abortLoad)
|
||||
{
|
||||
nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() );
|
||||
if ( item )
|
||||
{
|
||||
trigger->Add( item );
|
||||
}
|
||||
else
|
||||
abortLoad = PR_TRUE;
|
||||
}
|
||||
}
|
||||
else
|
||||
abortLoad = PR_TRUE;
|
||||
|
@ -424,9 +393,20 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva
|
|||
}
|
||||
|
||||
// Make sure caller is allowed to load this url.
|
||||
nsresult rv = InstallTriggerCheckLoadURIFromScript(sourceURL);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
// if we can't create a security manager we might be in the wizard, allow
|
||||
nsCOMPtr<nsIScriptSecurityManager> secman(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
if (secman)
|
||||
{
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(uri), sourceURL);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
rv = secman->CheckLoadURIFromScript(cx, uri);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if ( chromeType & CHROME_ALL )
|
||||
{
|
||||
|
@ -501,9 +481,20 @@ InstallTriggerGlobalStartSoftwareUpdate(JSContext *cx, JSObject *obj, uintN argc
|
|||
}
|
||||
|
||||
// Make sure caller is allowed to load this url.
|
||||
nsresult rv = InstallTriggerCheckLoadURIFromScript(xpiURL);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
// if we can't create a security manager we might be in the wizard, allow
|
||||
nsCOMPtr<nsIScriptSecurityManager> secman(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
if (secman)
|
||||
{
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
rv = secman->CheckLoadURIFromScript(cx, uri);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if (argc >= 2 && !JS_ValueToInt32(cx, argv[1], (int32 *)&flags))
|
||||
{
|
||||
|
|
Загрузка…
Ссылка в новой задаче