diff --git a/xpinstall/public/nsIDOMInstallTriggerGlobal.h b/xpinstall/public/nsIDOMInstallTriggerGlobal.h index 8304d499f5e..efeda1b52cd 100644 --- a/xpinstall/public/nsIDOMInstallTriggerGlobal.h +++ b/xpinstall/public/nsIDOMInstallTriggerGlobal.h @@ -60,7 +60,7 @@ public: EQUAL = 0 }; - NS_IMETHOD UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool* aReturn)=0; + NS_IMETHOD UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool aUseWhitelist, PRBool* aReturn)=0; NS_IMETHOD Install(nsIScriptGlobalObject* globalObject, nsXPITriggerInfo* aInfo, PRBool* aReturn)=0; diff --git a/xpinstall/src/nsInstallTrigger.cpp b/xpinstall/src/nsInstallTrigger.cpp index 5215ae93b6a..3e6c9602810 100644 --- a/xpinstall/src/nsInstallTrigger.cpp +++ b/xpinstall/src/nsInstallTrigger.cpp @@ -385,21 +385,33 @@ nsInstallTrigger::AllowInstall(nsIURI* aLaunchURI) NS_IMETHODIMP -nsInstallTrigger::UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool* aReturn) +nsInstallTrigger::UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool aUseWhitelist, PRBool* aReturn) { + // disallow unless we successfully find otherwise *aReturn = PR_FALSE; - NS_ENSURE_ARG_POINTER(aGlobalObject); - // find the current site - nsCOMPtr domdoc; - nsCOMPtr window(do_QueryInterface(aGlobalObject)); - if ( window ) + if (!aUseWhitelist) { - window->GetDocument(getter_AddRefs(domdoc)); - nsCOMPtr doc(do_QueryInterface(domdoc)); - if ( doc ) + // simple global pref check + nsCOMPtr prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID)); + if (prefBranch) + prefBranch->GetBoolPref( XPINSTALL_ENABLE_PREF, aReturn); + } + else + { + NS_ENSURE_ARG_POINTER(aGlobalObject); + + // find the current site + nsCOMPtr domdoc; + nsCOMPtr window(do_QueryInterface(aGlobalObject)); + if ( window ) { - *aReturn = AllowInstall( doc->GetDocumentURI() ); + window->GetDocument(getter_AddRefs(domdoc)); + nsCOMPtr doc(do_QueryInterface(domdoc)); + if ( doc ) + { + *aReturn = AllowInstall( doc->GetDocumentURI() ); + } } } diff --git a/xpinstall/src/nsInstallTrigger.h b/xpinstall/src/nsInstallTrigger.h index 289a142a08b..fff0bd5a5d6 100644 --- a/xpinstall/src/nsInstallTrigger.h +++ b/xpinstall/src/nsInstallTrigger.h @@ -28,6 +28,9 @@ #define XPI_PERMISSION "install" +#define XPI_WHITELIST PR_TRUE +#define XPI_GLOBAL PR_FALSE + class nsInstallTrigger: public nsIScriptObjectOwner, public nsIDOMInstallTriggerGlobal, public nsIContentHandler @@ -44,7 +47,7 @@ class nsInstallTrigger: public nsIScriptObjectOwner, NS_IMETHOD GetScriptObject(nsIScriptContext *aContext, void** aScriptObject); NS_IMETHOD SetScriptObject(void* aScriptObject); - NS_IMETHOD UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool* aReturn); + NS_IMETHOD UpdateEnabled(nsIScriptGlobalObject* aGlobalObject, PRBool aUseWhitelist, PRBool* aReturn); NS_IMETHOD Install(nsIScriptGlobalObject* aGlobalObject, nsXPITriggerInfo *aInfo, PRBool* aReturn); NS_IMETHOD InstallChrome(nsIScriptGlobalObject* aGlobalObject, PRUint32 aType, nsXPITriggerItem* aItem, PRBool* aReturn); NS_IMETHOD StartSoftwareUpdate(nsIScriptGlobalObject* aGlobalObject, const nsString& aURL, PRInt32 aFlags, PRInt32* aReturn); diff --git a/xpinstall/src/nsJSInstallTriggerGlobal.cpp b/xpinstall/src/nsJSInstallTriggerGlobal.cpp index 3383512d4b2..b410145df41 100644 --- a/xpinstall/src/nsJSInstallTriggerGlobal.cpp +++ b/xpinstall/src/nsJSInstallTriggerGlobal.cpp @@ -147,7 +147,7 @@ InstallTriggerGlobalUpdateEnabled(JSContext *cx, JSObject *obj, uintN argc, jsva PRBool nativeRet = PR_FALSE; if (globalObject) - nativeThis->UpdateEnabled(globalObject, &nativeRet); + nativeThis->UpdateEnabled(globalObject, XPI_GLOBAL, &nativeRet); *rval = BOOLEAN_TO_JSVAL(nativeRet); return JS_TRUE; @@ -174,7 +174,7 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg globalObject = scriptContext->GetGlobalObject(); PRBool enabled = PR_FALSE; - nativeThis->UpdateEnabled(globalObject, &enabled); + nativeThis->UpdateEnabled(globalObject, XPI_WHITELIST, &enabled); if (!enabled || !globalObject) return JS_TRUE; @@ -312,7 +312,7 @@ PR_STATIC_CALLBACK(JSBool) InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)JS_GetPrivate(cx, obj); - uint32 chromeType; + uint32 chromeType = NOT_CHROME; nsAutoString sourceURL; nsAutoString name; @@ -322,6 +322,9 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva return JS_TRUE; } + // get chromeType first, the update enabled check for skins skips whitelisting + if (argc >=1) + JS_ValueToECMAUint32(cx, argv[0], &chromeType); // make sure XPInstall is enabled, return if not nsIScriptGlobalObject *globalObject = nsnull; @@ -330,7 +333,8 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva globalObject = scriptContext->GetGlobalObject(); PRBool enabled = PR_FALSE; - nativeThis->UpdateEnabled(globalObject, &enabled); + PRBool useWhitelist = ( chromeType != CHROME_SKIN ); + nativeThis->UpdateEnabled(globalObject, useWhitelist, &enabled); if (!enabled || !globalObject) return JS_TRUE; @@ -352,7 +356,6 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva if ( argc >= 3 ) { - JS_ValueToECMAUint32(cx, argv[0], &chromeType); ConvertJSValToStr(sourceURL, cx, argv[1]); ConvertJSValToStr(name, cx, argv[2]); @@ -417,7 +420,7 @@ InstallTriggerGlobalStartSoftwareUpdate(JSContext *cx, JSObject *obj, uintN argc globalObject = scriptContext->GetGlobalObject(); PRBool enabled = PR_FALSE; - nativeThis->UpdateEnabled(globalObject, &enabled); + nativeThis->UpdateEnabled(globalObject, XPI_WHITELIST, &enabled); if (!enabled || !globalObject) return JS_TRUE; @@ -510,7 +513,7 @@ InstallTriggerGlobalCompareVersion(JSContext *cx, JSObject *obj, uintN argc, jsv globalObject = scriptContext->GetGlobalObject(); PRBool enabled = PR_FALSE; - nativeThis->UpdateEnabled(globalObject, &enabled); + nativeThis->UpdateEnabled(globalObject, XPI_WHITELIST, &enabled); if (!enabled) return JS_TRUE; @@ -608,7 +611,7 @@ InstallTriggerGlobalGetVersion(JSContext *cx, JSObject *obj, uintN argc, jsval * globalObject = scriptContext->GetGlobalObject(); PRBool enabled = PR_FALSE; - nativeThis->UpdateEnabled(globalObject, &enabled); + nativeThis->UpdateEnabled(globalObject, XPI_WHITELIST, &enabled); if (!enabled) return JS_TRUE;