From 02eaec4711c1a2402099a82571fc8fac4e6deaa0 Mon Sep 17 00:00:00 2001 From: "mstoltz%netscape.com" Date: Tue, 22 Aug 2000 02:06:52 +0000 Subject: [PATCH] Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor git-svn-id: svn://10.0.0.236/trunk@76849 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/caps/idl/nsICodebasePrincipal.idl | 2 - .../caps/include/nsScriptSecurityManager.h | 4 - mozilla/caps/src/nsAggregatePrincipal.cpp | 13 +- mozilla/caps/src/nsBasePrincipal.cpp | 4 +- mozilla/caps/src/nsCertificatePrincipal.cpp | 2 +- mozilla/caps/src/nsCodebasePrincipal.cpp | 35 ++--- mozilla/caps/src/nsScriptSecurityManager.cpp | 123 ++++++------------ .../chrome/src/nsChromeProtocolHandler.cpp | 28 ++-- .../xul/document/src/nsXULDocument.cpp | 22 +--- .../psm-glue/src/nsPSMComponent.cpp | 11 +- .../chrome/src/nsChromeProtocolHandler.cpp | 28 ++-- mozilla/rdf/content/src/nsXULDocument.cpp | 22 +--- 12 files changed, 93 insertions(+), 201 deletions(-) diff --git a/mozilla/caps/idl/nsICodebasePrincipal.idl b/mozilla/caps/idl/nsICodebasePrincipal.idl index dfe2fd46bd3..3612f619931 100644 --- a/mozilla/caps/idl/nsICodebasePrincipal.idl +++ b/mozilla/caps/idl/nsICodebasePrincipal.idl @@ -34,7 +34,5 @@ interface nsICodebasePrincipal : nsISupports { readonly attribute nsIURI URI; readonly attribute string origin; - - boolean SameOrigin(in nsIPrincipal other); }; diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index 09a17b56402..74264a2e5e4 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -147,9 +147,6 @@ private: NS_IMETHOD InitPrefs(); - NS_IMETHOD - EnsurePrefsLoaded(); - static nsresult PrincipalPrefNames(const char* pref, char** grantedPref, char** deniedPref); @@ -174,7 +171,6 @@ private: PRBool mIsJavaScriptEnabled; PRBool mIsMailJavaScriptEnabled; PRBool mIsWritingPrefs; - PRBool mPrefsInitialized; unsigned char hasDomainPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; }; diff --git a/mozilla/caps/src/nsAggregatePrincipal.cpp b/mozilla/caps/src/nsAggregatePrincipal.cpp index 0d943096aa9..6ada2938fcf 100644 --- a/mozilla/caps/src/nsAggregatePrincipal.cpp +++ b/mozilla/caps/src/nsAggregatePrincipal.cpp @@ -102,17 +102,6 @@ nsAggregatePrincipal::GetOrigin(char** aOrigin) return codebase->GetOrigin(aOrigin); } -NS_IMETHODIMP -nsAggregatePrincipal::SameOrigin(nsIPrincipal* other, PRBool* result) -{ - if (!mCodebase) - return NS_ERROR_FAILURE; - - nsCOMPtr codebase = do_QueryInterface(mCodebase); - return codebase->SameOrigin(other, result); -} - - //////////////////////////////////////////////// // Methods implementing nsIAggregatePrincipal // //////////////////////////////////////////////// @@ -264,7 +253,7 @@ nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result) PRBool certEqual = PR_TRUE; if (mCertificate) { - mCertificate->Equals(other, &certEqual); + rv = mCertificate->Equals(other, &certEqual); if(NS_FAILED(rv)) return rv; } PRBool cbEqual = PR_TRUE; diff --git a/mozilla/caps/src/nsBasePrincipal.cpp b/mozilla/caps/src/nsBasePrincipal.cpp index 2ef88b7c447..4a85da13e2c 100644 --- a/mozilla/caps/src/nsBasePrincipal.cpp +++ b/mozilla/caps/src/nsBasePrincipal.cpp @@ -264,12 +264,12 @@ AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr) if (value == nsIPrincipal::ENABLE_GRANTED) { capList->granted->Append(key->GetString(), key->GetStringLength()); - capList->granted += ' '; + capList->granted->Append(' '); } else if (value == nsIPrincipal::ENABLE_DENIED) { capList->denied->Append(key->GetString(), key->GetStringLength()); - capList->denied += ' '; + capList->denied->Append(' '); } return PR_TRUE; } diff --git a/mozilla/caps/src/nsCertificatePrincipal.cpp b/mozilla/caps/src/nsCertificatePrincipal.cpp index c14d60c83f5..309e7a50c0e 100644 --- a/mozilla/caps/src/nsCertificatePrincipal.cpp +++ b/mozilla/caps/src/nsCertificatePrincipal.cpp @@ -133,7 +133,7 @@ nsCertificatePrincipal::HashValue(PRUint32 *result) { char* str; if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE; - *result = nsCRT::HashCode(str); + *result = nsCRT::HashCode(str, nsnull); nsCRT::free(str); return NS_OK; } diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp index e95f73ee851..a8dcf34d8dd 100644 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ b/mozilla/caps/src/nsCodebasePrincipal.cpp @@ -74,25 +74,7 @@ nsCodebasePrincipal::HashValue(PRUint32 *result) nsXPIDLCString origin; if (NS_FAILED(GetOrigin(getter_Copies(origin)))) return NS_ERROR_FAILURE; - *result = nsCRT::HashCode(origin); - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::Equals(nsIPrincipal *other, PRBool *result) -{ - *result = PR_FALSE; - if (this == other) { - *result = PR_TRUE; - return NS_OK; - } - if (!other) { - *result = PR_FALSE; - return NS_OK; - } - if (NS_FAILED(SameOrigin(other, result))) { - return NS_ERROR_FAILURE; - } + *result = nsCRT::HashCode(origin, nsnull); return NS_OK; } @@ -143,16 +125,15 @@ nsCodebasePrincipal::GetOrigin(char **origin) if (NS_FAILED(mURI->GetScheme(getter_Copies(s)))) return NS_ERROR_FAILURE; - // STRING USE WARNING: perhaps |str| should be an |nsCAutoString|? -- scc - nsAutoString t; - t.AssignWithConversion(s); - t.AppendWithConversion("://"); + nsCAutoString t; + t.Assign(s); + t.Append("://"); if (NS_SUCCEEDED(mURI->GetHost(getter_Copies(s)))) { - t.AppendWithConversion(s); + t.Append(s); } else if (NS_SUCCEEDED(mURI->GetSpec(getter_Copies(s)))) { // Some URIs (e.g., nsSimpleURI) don't support host. Just // get the full spec. - t.AssignWithConversion(s); + t.Assign(s); } else { return NS_ERROR_FAILURE; } @@ -161,8 +142,10 @@ nsCodebasePrincipal::GetOrigin(char **origin) } NS_IMETHODIMP -nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result) +nsCodebasePrincipal::Equals(nsIPrincipal *other, PRBool *result) { + + //-- Equals is defined as object equality or same origin *result = PR_FALSE; if (this == other) { *result = PR_TRUE; diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 945a9e2c514..5f3d5097c54 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -384,7 +384,6 @@ nsScriptSecurityManager::CheckScriptAccess(JSContext *cx, void *aObj, PRInt32 domPropInt, PRBool isWrite) { - EnsurePrefsLoaded(); nsCOMPtr principal; if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal)))) { return NS_ERROR_FAILURE; @@ -427,7 +426,6 @@ NS_IMETHODIMP nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI) { - EnsurePrefsLoaded(); // Get principal of currently executing script. nsCOMPtr principal; if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal)))) { @@ -518,23 +516,23 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI, return NS_OK; } - enum Action { AllowProtocol, DenyProtocol, LocalProtocol, PrefAccess }; + enum Action { AllowProtocol, DenyProtocol, PrefControlled }; struct { const char *name; Action action; } protocolList[] = { { "about", AllowProtocol }, { "data", AllowProtocol }, - { "file", PrefAccess }, + { "file", PrefControlled }, { "ftp", AllowProtocol }, { "http", AllowProtocol }, { "https", AllowProtocol }, { "keyword", DenyProtocol }, { "res", DenyProtocol }, - { "resource", LocalProtocol }, + { "resource", DenyProtocol }, { "datetime", DenyProtocol }, { "finger", AllowProtocol }, - { "chrome", LocalProtocol }, + { "chrome", AllowProtocol }, { "javascript", AllowProtocol }, { "mailto", AllowProtocol }, { "imap", DenyProtocol }, @@ -551,27 +549,13 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI, case AllowProtocol: // everyone can access these schemes. return NS_OK; - case PrefAccess: - // Allow access if pref is set - NS_ASSERTION(mPrefs,"nsScriptSecurityManager::mPrefs not initialized"); + case PrefControlled: + // Allow access if pref is false mPrefs->GetBoolPref("security.checkloaduri", &doCheck); - if (!doCheck) - return NS_OK; - // Otherwise fall through to Deny. + return doCheck ? NS_ERROR_DOM_BAD_URI : NS_OK; case DenyProtocol: // Deny access return NS_ERROR_DOM_BAD_URI; - case LocalProtocol: - // TEMPORARY: file:// can access chrome://. See bug 42076. - if (nsCRT::strcasecmp(fromScheme, "file") == 0) - return NS_OK; - // Other local protocols can access these schemes - for (unsigned j=0; j < sizeof(protocolList)/sizeof(protocolList[0]); j++) - if (nsCRT::strcasecmp(fromScheme, protocolList[j].name) == 0) - if (protocolList[j].action == LocalProtocol) - return NS_OK; - else - return NS_ERROR_DOM_BAD_URI; } } } @@ -588,21 +572,20 @@ NS_IMETHODIMP nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj, void *aTargetObj) { - EnsurePrefsLoaded(); - nsCOMPtr principal; + nsCOMPtr subject; nsresult rv = GetFunctionObjectPrincipal(aCx, (JSObject *)aFunObj, - getter_AddRefs(principal)); + getter_AddRefs(subject)); if (NS_FAILED(rv)) return rv; // First check if the principal the function was compiled under is // allowed to execute scripts. - if (!principal) { + if (!subject) { return NS_ERROR_DOM_SECURITY_ERR; } PRBool result; - rv = CanExecuteScripts(principal, &result); + rv = CanExecuteScripts(subject, &result); if (NS_FAILED(rv)) { return rv; } @@ -618,19 +601,16 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj, nsCOMPtr object; if (NS_FAILED(GetObjectPrincipal(aCx, obj, getter_AddRefs(object)))) return NS_ERROR_FAILURE; - if (principal == object) { + if (subject == object) { return NS_OK; } - nsCOMPtr subjectCodebase = do_QueryInterface(principal); - if (subjectCodebase) { - PRBool isSameOrigin = PR_FALSE; - if (NS_FAILED(subjectCodebase->SameOrigin(object, &isSameOrigin))) - return NS_ERROR_FAILURE; + PRBool isSameOrigin = PR_FALSE; + if (NS_FAILED(subject->Equals(object, &isSameOrigin))) + return NS_ERROR_FAILURE; - if (isSameOrigin) - return NS_OK; - } + if (isSameOrigin) + return NS_OK; // Allow access to about:blank nsCOMPtr objectCodebase = do_QueryInterface(object); @@ -678,7 +658,6 @@ NS_IMETHODIMP nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID, nsIPrincipal **result) { - EnsurePrefsLoaded(); nsresult rv; //-- Create a certificate principal nsCertificatePrincipal *certificate = new nsCertificatePrincipal(); @@ -719,7 +698,6 @@ NS_IMETHODIMP nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI, nsIPrincipal **result) { - EnsurePrefsLoaded(); nsresult rv; nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); if (!codebase) @@ -856,7 +834,6 @@ NS_IMETHODIMP nsScriptSecurityManager::IsCapabilityEnabled(const char *capability, PRBool *result) { - EnsurePrefsLoaded(); nsresult rv; JSStackFrame *fp = nsnull; JSContext *cx = GetCurrentContext(); @@ -1027,7 +1004,6 @@ NS_IMETHODIMP nsScriptSecurityManager::RequestCapability(nsIPrincipal* aPrincipal, const char *capability, PRInt16* canEnable) { - EnsurePrefsLoaded(); if (NS_FAILED(aPrincipal->CanEnableCapability(capability, canEnable))) return NS_ERROR_FAILURE; if (*canEnable == nsIPrincipal::ENABLE_WITH_USER_PERMISSION) { @@ -1082,7 +1058,6 @@ nsScriptSecurityManager::GetPrincipalAndFrame(JSContext *cx, NS_IMETHODIMP nsScriptSecurityManager::EnableCapability(const char *capability) { - EnsurePrefsLoaded(); JSContext *cx = GetCurrentContext(); JSStackFrame *fp; @@ -1127,7 +1102,6 @@ nsScriptSecurityManager::EnableCapability(const char *capability) NS_IMETHODIMP nsScriptSecurityManager::RevertCapability(const char *capability) { - EnsurePrefsLoaded(); JSContext *cx = GetCurrentContext(); JSStackFrame *fp; nsCOMPtr principal; @@ -1145,7 +1119,6 @@ nsScriptSecurityManager::RevertCapability(const char *capability) NS_IMETHODIMP nsScriptSecurityManager::DisableCapability(const char *capability) { - EnsurePrefsLoaded(); JSContext *cx = GetCurrentContext(); JSStackFrame *fp; nsCOMPtr principal; @@ -1165,7 +1138,6 @@ nsScriptSecurityManager::SetCanEnableCapability(const char* certificateID, const char* capability, PRInt16 canEnable) { - EnsurePrefsLoaded(); nsresult rv; nsCOMPtr subjectPrincipal; rv = GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); @@ -1418,8 +1390,7 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) mSystemPrincipal(nsnull), mPrincipals(nsnull), mIsJavaScriptEnabled(PR_FALSE), mIsMailJavaScriptEnabled(PR_FALSE), - mIsWritingPrefs(PR_FALSE), - mPrefsInitialized(PR_FALSE) + mIsWritingPrefs(PR_FALSE) { NS_INIT_REFCNT(); memset(hasDomainPolicyVector, 0, sizeof(hasDomainPolicyVector)); @@ -1532,15 +1503,13 @@ nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, if (subject == object) { return NS_OK; } - nsCOMPtr subjectCodebase = do_QueryInterface(subject); - if (subjectCodebase) { - PRBool isSameOrigin = PR_FALSE; - if (NS_FAILED(subjectCodebase->SameOrigin(object, &isSameOrigin))) - return NS_ERROR_FAILURE; - if (isSameOrigin) - return NS_OK; - } + PRBool isSameOrigin = PR_FALSE; + if (NS_FAILED(subject->Equals(object, &isSameOrigin))) + return NS_ERROR_FAILURE; + + if (isSameOrigin) + return NS_OK; // Allow access to about:blank nsCOMPtr objectCodebase = do_QueryInterface(object); @@ -1617,7 +1586,6 @@ NS_IMETHODIMP nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext, nsISupports* aObj) { - EnsurePrefsLoaded(); NS_ASSERTION(mPrefs,"nsScriptSecurityManager::mPrefs not initialized"); PRBool ok = PR_FALSE; if (NS_FAILED(IsCapabilityEnabled("UniversalXPConnect", &ok))) @@ -2121,34 +2089,25 @@ nsScriptSecurityManager::InitPrefs() // set callbacks in case the value of the pref changes prefs->RegisterCallback(jsEnabledPrefName, JSEnabledPrefChanged, this); prefs->RegisterCallback(jsMailEnabledPrefName, JSEnabledPrefChanged, this); - return NS_OK; -} -NS_IMETHODIMP -nsScriptSecurityManager::EnsurePrefsLoaded() -{ - if (!mPrefsInitialized) - { - mPrefs->EnumerateChildren("capability.policy", - nsScriptSecurityManager::EnumeratePolicyCallback, - (void *) this); - - if (!mPrincipals) { - mPrincipals = new nsSupportsHashtable(31); - if (!mPrincipals) - return NS_ERROR_OUT_OF_MEMORY; - } - EnumeratePrincipalsInfo info; - info.ht = mPrincipals; - info.prefs = mSecurityPrefs; - - mPrefs->EnumerateChildren("capability.principal", - nsScriptSecurityManager::EnumeratePrincipalsCallback, - (void *) &info); - - mPrefs->RegisterCallback("capability.principal", PrincipalPrefChanged, this); - mPrefsInitialized = PR_TRUE; + mPrefs->EnumerateChildren("capability.policy", + nsScriptSecurityManager::EnumeratePolicyCallback, + (void *) this); + + if (!mPrincipals) { + mPrincipals = new nsSupportsHashtable(31); + if (!mPrincipals) + return NS_ERROR_OUT_OF_MEMORY; } + EnumeratePrincipalsInfo info; + info.ht = mPrincipals; + info.prefs = mSecurityPrefs; + + mPrefs->EnumerateChildren("capability.principal", + nsScriptSecurityManager::EnumeratePrincipalsCallback, + (void *) &info); + + mPrefs->RegisterCallback("capability.principal", PrincipalPrefChanged, this); return NS_OK; } diff --git a/mozilla/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/chrome/src/nsChromeProtocolHandler.cpp index c3cd13abf82..b1922b05fb3 100644 --- a/mozilla/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/chrome/src/nsChromeProtocolHandler.cpp @@ -18,7 +18,6 @@ * Rights Reserved. * * Contributor(s): - * Pierre Phaneuf */ /* @@ -713,17 +712,24 @@ nsChromeProtocolHandler::NewChannel(nsIURI* aURI, rv = result->SetOriginalURI(aURI); if (NS_FAILED(rv)) return rv; - // Get a system principal for chrome and set the owner + // Get a system principal for xul files and set the owner // property of the result - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) return rv; - - nsCOMPtr principal; - rv = securityManager->GetSystemPrincipal(getter_AddRefs(principal)); - if (NS_FAILED(rv)) return rv; - - nsCOMPtr owner = do_QueryInterface(principal); - result->SetOwner(owner); + nsCOMPtr url = do_QueryInterface(aURI); + nsXPIDLCString fileExtension; + rv = url->GetFileExtension(getter_Copies(fileExtension)); + if (PL_strcmp(fileExtension, "xul") == 0) + { + NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, + NS_SCRIPTSECURITYMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) return rv; + + nsCOMPtr principal; + rv = securityManager->GetSystemPrincipal(getter_AddRefs(principal)); + if (NS_FAILED(rv)) return rv; + + nsCOMPtr owner = do_QueryInterface(principal); + result->SetOwner(owner); + } } *aResult = result; diff --git a/mozilla/content/xul/document/src/nsXULDocument.cpp b/mozilla/content/xul/document/src/nsXULDocument.cpp index 0304c9ce5fd..1b0806874c8 100644 --- a/mozilla/content/xul/document/src/nsXULDocument.cpp +++ b/mozilla/content/xul/document/src/nsXULDocument.cpp @@ -21,7 +21,6 @@ * Chris Waterson * * Contributor(s): - * Pierre Phaneuf * Ben Goodger */ @@ -5894,12 +5893,6 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) rv = doc->GetPrincipal(getter_AddRefs(docPrincipal)); if (NS_FAILED(rv)) return rv; - // If we're an untrusted document, this will get the codebase - // principal of the document for comparison to each URL that the - // XUL wants to load. If we're a trusted document, this will just - // be null. - nsCOMPtr codebase; - if (docPrincipal.get() == gSystemPrincipal) { // If we're a privileged (e.g., chrome) document, then add the // local store as the first data source in the db. Note that @@ -5913,17 +5906,6 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) if (NS_FAILED(rv)) return rv; } } - else { - // We're not privileged. So grab our codebase for comparison - // with the pricipals of the datasource's we're about to - // load. If, for some reason, we don't have a codebase - // principal, then panic and abort the template setup. - codebase = do_QueryInterface(docPrincipal); - - NS_ASSERTION(codebase != nsnull, "no codebase principal for non-privileged XUL doc"); - if (! codebase) - return NS_ERROR_UNEXPECTED; - } // Parse datasources: they are assumed to be a whitespace // separated list of URIs; e.g., @@ -5954,7 +5936,7 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) rv = rdf_MakeAbsoluteURI(docurl, uriStr); if (NS_FAILED(rv)) return rv; - if (codebase) { + if (docPrincipal.get() != gSystemPrincipal) { // Our document is untrusted, so check to see if we can // load the datasource that they've asked for. nsCOMPtr uri; @@ -5968,7 +5950,7 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) if (NS_FAILED(rv)) return rv; PRBool same; - rv = codebase->SameOrigin(principal, &same); + rv = docPrincipal->Equals(principal, &same); NS_ASSERTION(NS_SUCCEEDED(rv), "unable to test same origin"); if (NS_FAILED(rv)) return rv; diff --git a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp index aa5ff4f27d4..14c60e616eb 100644 --- a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp +++ b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp @@ -1075,21 +1075,12 @@ nsPSMComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, SSM_FID_CERT_COMMON_NAME, &common); if (result != CMTSuccess) return NS_ERROR_FAILURE; - //-- Unique cert ID for caps module is common name + fingerprint - nsCAutoString uniqueID; - uniqueID = (char*)common.data; - uniqueID.Append('/'); - uniqueID.Append((char*)fingerprint.data); - nsXPIDLCString uniqueIDChar; - uniqueIDChar = uniqueID.GetBuffer(); - if (!uniqueIDChar) return NS_ERROR_OUT_OF_MEMORY; - //-- Get a principal nsresult rv; NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, NS_SCRIPTSECURITYMANAGER_PROGID, &rv) if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = secMan->GetCertificatePrincipal(uniqueIDChar, + rv = secMan->GetCertificatePrincipal((const char*)fingerprint.data, aPrincipal); if (NS_FAILED(rv)) return rv; diff --git a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp index c3cd13abf82..b1922b05fb3 100644 --- a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp @@ -18,7 +18,6 @@ * Rights Reserved. * * Contributor(s): - * Pierre Phaneuf */ /* @@ -713,17 +712,24 @@ nsChromeProtocolHandler::NewChannel(nsIURI* aURI, rv = result->SetOriginalURI(aURI); if (NS_FAILED(rv)) return rv; - // Get a system principal for chrome and set the owner + // Get a system principal for xul files and set the owner // property of the result - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) return rv; - - nsCOMPtr principal; - rv = securityManager->GetSystemPrincipal(getter_AddRefs(principal)); - if (NS_FAILED(rv)) return rv; - - nsCOMPtr owner = do_QueryInterface(principal); - result->SetOwner(owner); + nsCOMPtr url = do_QueryInterface(aURI); + nsXPIDLCString fileExtension; + rv = url->GetFileExtension(getter_Copies(fileExtension)); + if (PL_strcmp(fileExtension, "xul") == 0) + { + NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, + NS_SCRIPTSECURITYMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) return rv; + + nsCOMPtr principal; + rv = securityManager->GetSystemPrincipal(getter_AddRefs(principal)); + if (NS_FAILED(rv)) return rv; + + nsCOMPtr owner = do_QueryInterface(principal); + result->SetOwner(owner); + } } *aResult = result; diff --git a/mozilla/rdf/content/src/nsXULDocument.cpp b/mozilla/rdf/content/src/nsXULDocument.cpp index 0304c9ce5fd..1b0806874c8 100644 --- a/mozilla/rdf/content/src/nsXULDocument.cpp +++ b/mozilla/rdf/content/src/nsXULDocument.cpp @@ -21,7 +21,6 @@ * Chris Waterson * * Contributor(s): - * Pierre Phaneuf * Ben Goodger */ @@ -5894,12 +5893,6 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) rv = doc->GetPrincipal(getter_AddRefs(docPrincipal)); if (NS_FAILED(rv)) return rv; - // If we're an untrusted document, this will get the codebase - // principal of the document for comparison to each URL that the - // XUL wants to load. If we're a trusted document, this will just - // be null. - nsCOMPtr codebase; - if (docPrincipal.get() == gSystemPrincipal) { // If we're a privileged (e.g., chrome) document, then add the // local store as the first data source in the db. Note that @@ -5913,17 +5906,6 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) if (NS_FAILED(rv)) return rv; } } - else { - // We're not privileged. So grab our codebase for comparison - // with the pricipals of the datasource's we're about to - // load. If, for some reason, we don't have a codebase - // principal, then panic and abort the template setup. - codebase = do_QueryInterface(docPrincipal); - - NS_ASSERTION(codebase != nsnull, "no codebase principal for non-privileged XUL doc"); - if (! codebase) - return NS_ERROR_UNEXPECTED; - } // Parse datasources: they are assumed to be a whitespace // separated list of URIs; e.g., @@ -5954,7 +5936,7 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) rv = rdf_MakeAbsoluteURI(docurl, uriStr); if (NS_FAILED(rv)) return rv; - if (codebase) { + if (docPrincipal.get() != gSystemPrincipal) { // Our document is untrusted, so check to see if we can // load the datasource that they've asked for. nsCOMPtr uri; @@ -5968,7 +5950,7 @@ nsXULDocument::CheckTemplateBuilder(nsIContent* aElement) if (NS_FAILED(rv)) return rv; PRBool same; - rv = codebase->SameOrigin(principal, &same); + rv = docPrincipal->Equals(principal, &same); NS_ASSERTION(NS_SUCCEEDED(rv), "unable to test same origin"); if (NS_FAILED(rv)) return rv;