From ad8817f5b7650047de2bb353ef8cbd82dc212be1 Mon Sep 17 00:00:00 2001
From: blythe <blythe@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Wed, 3 Jun 1998 00:23:00 +0000
Subject: [PATCH] Fix a bug where we would attempt to execute c:\autoexec.bat,
 which is a bad thing

git-svn-id: svn://10.0.0.236/trunk@2974 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/cmd/winfe/feutil.cpp  | 10 +++++++++-
 mozilla/cmd/winfe/helpers.cpp | 28 +++++++++-------------------
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/mozilla/cmd/winfe/feutil.cpp b/mozilla/cmd/winfe/feutil.cpp
index 72eaa371abc..9f477dee744 100755
--- a/mozilla/cmd/winfe/feutil.cpp
+++ b/mozilla/cmd/winfe/feutil.cpp
@@ -2219,7 +2219,15 @@ BOOL FEU_FindExecutable(const char *pFileName, char *pExecutable, BOOL bIdentity
     //  pFileName may not be a file name, but an extension.
     //  We want to support just extensions for ease, so check on it.
     if(bExtension && pFileName) {
-        //  We have an extension.
+        //  Do we need to add a period?
+        char aExt[_MAX_EXT];
+        if(*pFileName != '.')   {
+            aExt[0] = '.';
+            aExt[1] = '\0';
+            strcat(aExt, pFileName);
+            pFileName = aExt;
+        }
+
         //  Fill out the rest of the name.
         bFreeFileName = TRUE;
         pFileName = (const char *)WH_TempFileName(xpTemporary, "G", pFileName);
diff --git a/mozilla/cmd/winfe/helpers.cpp b/mozilla/cmd/winfe/helpers.cpp
index cc6c11a8528..2aae5b662cf 100755
--- a/mozilla/cmd/winfe/helpers.cpp
+++ b/mozilla/cmd/winfe/helpers.cpp
@@ -378,23 +378,6 @@ char *InventDescription(const char *pExtension)
     return NULL;
 }
 
-static BOOL
-HasShellOpenCommand(LPCSTR lpszFileClass)
-{
-	char	szKey[_MAX_PATH];
-	HKEY	hKey;
-
-	// See if there's a shell/open key specified for the file class
-	PR_snprintf(szKey, sizeof(szKey), "%s\\shell\\open", lpszFileClass);
-
-	if (RegOpenKey(HKEY_CLASSES_ROOT, szKey, &hKey) == ERROR_SUCCESS) {
-		RegCloseKey(hKey);
-		return TRUE;
-	}
-
-	return FALSE;
-}
-
 // Create a front-end data structure if necessary, and set how_handle as
 // HANDLE_SHELLEXECUTE if there's a shell\open command for the file extension.
 // It will also set the description if there isn't already one
@@ -421,13 +404,20 @@ void ShellHelper(NET_cdataStruct *pNet, const char *pExtension)
             if (GetClassName(pExtension, pApp->strFileClass)) {
 				// XXX - We really should handle verbs other than Open. FindExecutable()
 				// and ShellExecute() don't either, but ShellExecuteEx() does...
-				if (HasShellOpenCommand((LPCSTR)pApp->strFileClass)) {
+                char aExe[_MAX_PATH];
+                aExe[0] = '\0';
+				if(FEU_FindExecutable(pExtension, aExe, FALSE, TRUE))   {
 					pApp->how_handle = HANDLE_SHELLEXECUTE;
 					pApp->csCmd = MIME_SHELLEXECUTE;
 				}
+                else if(aExe[0])    {
+                    //  We reach this only if the extension itself is executable.
+                    //  Those that are themselves shellexecutable must save or
+                    //      we risk security.
+                    pApp->how_handle = HANDLE_SAVE;
+                }
             }
 
-
             //  application/octet-stream is always save.
             if(!stricmp(pNet->ci.type, APPLICATION_OCTET_STREAM)) {
                     pApp->how_handle = HANDLE_SAVE;