From 63f338693ca524404cd82de70ee37eab7283d0a0 Mon Sep 17 00:00:00 2001 From: "cbiesinger%web.de" Date: Sun, 8 Aug 2004 21:37:51 +0000 Subject: [PATCH] don't use eval, and don't allow entering non-numbers as values for integer prefs Bug 254434 r=timeless sr=neil git-svn-id: svn://10.0.0.236/trunk@160508 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/xpfe/global/resources/content/config.js | 11 ++++++++++- .../global/resources/locale/en-US/config.properties | 3 +++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/mozilla/xpfe/global/resources/content/config.js b/mozilla/xpfe/global/resources/content/config.js index c3e4fef1b47..107f2e8ae8c 100644 --- a/mozilla/xpfe/global/resources/content/config.js +++ b/mozilla/xpfe/global/resources/content/config.js @@ -538,7 +538,16 @@ function ModifyPref(entry) if (!gPromptService.prompt(window, title, entry.prefCol, result, null, dummy)) return false; if (entry.typeCol == nsIPrefBranch.PREF_INT) { - gPrefBranch.setIntPref(entry.prefCol, eval(result.value)); + // | 0 converts to integer or 0; - 0 to float or NaN. + // Thus, this check should catch all cases. + var val = result.value | 0; + if (val != result.value - 0) { + var err_title = gConfigBundle.getString("nan_title"); + var err_text = gConfigBundle.getString("nan_text"); + gPromptService.alert(window, err_title, err_text); + return false; + } + gPrefBranch.setIntPref(entry.prefCol, val); } else { var supportsString = Components.classes[nsSupportsString_CONTRACTID].createInstance(nsISupportsString); supportsString.data = result.value; diff --git a/mozilla/xpfe/global/resources/locale/en-US/config.properties b/mozilla/xpfe/global/resources/locale/en-US/config.properties index aa11a6b9f6d..af7ebf6f777 100644 --- a/mozilla/xpfe/global/resources/locale/en-US/config.properties +++ b/mozilla/xpfe/global/resources/locale/en-US/config.properties @@ -52,3 +52,6 @@ bool=boolean new_title=New %S value new_prompt=Enter the preference name modify_title=Enter %S value + +nan_title=Invalid value +nan_text=The text you entered is not a number.