Bug 159484 - do not get/set passwords for URLs with no host. r=morse, sr=dveditz.

git-svn-id: svn://10.0.0.236/branches/NETSCAPE_6_2_3_BRANCH@126096 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/build/mac/build_scripts/MozillaCheckoutList.txt

@@ -7,12 +7,12 @@
 #   mozilla/gc, , 10/25/2000 12:00:00
 #
 
-mozilla/nsprpub,        NETSCAPE_6_2_2_BRANCH
-mozilla/security/nss,   NETSCAPE_6_2_2_BRANCH
-mozilla/security/manager, NETSCAPE_6_2_2_BRANCH
-mozilla/accessible, NETSCAPE_6_2_2_BRANCH
-DirectorySDKSourceC,    NETSCAPE_6_2_2_BRANCH
-mozilla/lib/mac/Instrumentation, NETSCAPE_6_2_2_BRANCH
-mozilla/gfx2, NETSCAPE_6_2_2_BRANCH
-mozilla/modules/libpr0n, NETSCAPE_6_2_2_BRANCH
-SeaMonkeyAll, NETSCAPE_6_2_2_BRANCH
+mozilla/nsprpub,        NETSCAPE_6_2_3_BRANCH
+mozilla/security/nss,   NETSCAPE_6_2_3_BRANCH
+mozilla/security/manager, NETSCAPE_6_2_3_BRANCH
+mozilla/accessible, NETSCAPE_6_2_3_BRANCH
+DirectorySDKSourceC,    NETSCAPE_6_2_3_BRANCH
+mozilla/lib/mac/Instrumentation, NETSCAPE_6_2_3_BRANCH
+mozilla/gfx2, NETSCAPE_6_2_3_BRANCH
+mozilla/modules/libpr0n, NETSCAPE_6_2_3_BRANCH
+SeaMonkeyAll, NETSCAPE_6_2_3_BRANCH

mozilla/caps/idl/nsIAggregatePrincipal.idl

@@ -34,7 +34,9 @@ interface nsIAggregatePrincipal : nsISupports {
 
     attribute nsIPrincipal certificate;
     attribute nsIPrincipal codebase;
+    readonly attribute nsIPrincipal originalCodebase;
     readonly attribute nsIPrincipal primaryChild;
 
     void intersect(in nsIPrincipal other);
+    boolean wasCodebaseChanged();
 };

mozilla/caps/idl/nsIScriptSecurityManager.idl

@@ -183,6 +183,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
      */
     [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
                                                in JSObjectPtr obj);
+
+    /**
+     * Returns OK if aJSContext and target have the same "origin"
+     * (scheme, host, and port).
+     */
+    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
+                                    in nsIURI aTargetURI);
 };
 
 %{C++

mozilla/caps/include/nsAggregatePrincipal.h

@@ -94,6 +94,8 @@ public:
 protected:
     nsCOMPtr<nsIPrincipal> mCertificate;
     nsCOMPtr<nsIPrincipal> mCodebase;
+    nsCOMPtr<nsIPrincipal> mOriginalCodebase;
+    PRBool mCodebaseWasChanged;
 };
 
 #endif // _NS_AGGREGATE_PRINCIPAL_H_

mozilla/caps/include/nsScriptSecurityManager.h

@@ -126,8 +126,9 @@ private:
                             const char* aProperty, void** aPolicy);
 
     nsresult
-    CheckSameOrigin(JSContext* aCx, nsIPrincipal* aSubject, 
-                    nsIPrincipal* aObject, PRUint32 aAction);
+    CheckSameOriginInternal(nsIPrincipal* aSubject, 
+                            nsIPrincipal* aObject, PRUint32 aAction,
+                            PRBool checkForPrivileges);
     
     PRInt32 
     GetSecurityLevel(nsIPrincipal *principal,

mozilla/caps/src/nsAggregatePrincipal.cpp

@@ -170,27 +170,44 @@ NS_IMETHODIMP
 nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
 {
     nsresult rv;
-    //-- Make sure this really is a codebase principal
-    if (aCodebase)
+    nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
+
+    //-- If newCodebase is an aggregate, get its underlying codebase
+    nsCOMPtr<nsIAggregatePrincipal> agg = 
+        do_QueryInterface(newCodebase, &rv);
+    if (NS_SUCCEEDED(rv))
     {
+        rv = agg->GetCodebase(getter_AddRefs(newCodebase));
+        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+    }
+    else
+    { //-- Make sure this really is a codebase principal
         nsCOMPtr<nsICodebasePrincipal> tempCodebase = 
-            do_QueryInterface(aCodebase, &rv);
+            do_QueryInterface(newCodebase, &rv);
         if (NS_FAILED(rv))
             return NS_ERROR_FAILURE;
     }
 
-    //-- If aCodebase is an aggregate, get its underlying codebase
-    nsCOMPtr<nsIAggregatePrincipal> agg = 
-        do_QueryInterface(aCodebase, &rv);
-    if (NS_SUCCEEDED(rv))
-    {
-        nsCOMPtr<nsIPrincipal> underlying;
-        rv = agg->GetCodebase(getter_AddRefs(underlying));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        mCodebase = underlying.get();
-    }
+    mCodebase = newCodebase;
+
+    //-- If this is the first codebase set, remember it.
+    //   If not, remember that the codebase was explicitly set
+    if (!mOriginalCodebase)
+        mOriginalCodebase = newCodebase;
     else
-        mCodebase = aCodebase;
+        mCodebaseWasChanged = PR_TRUE;
+
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
+{
+    NS_ENSURE_ARG_POINTER(aOriginalCodebase);
+
+    *aOriginalCodebase = mOriginalCodebase;
+    NS_IF_ADDREF(*aOriginalCodebase);
+
     return NS_OK;
 }
 
@@ -229,6 +246,13 @@ nsAggregatePrincipal::Intersect(nsIPrincipal* other)
     return NS_OK;
 }
 
+NS_IMETHODIMP 
+nsAggregatePrincipal::WasCodebaseChanged(PRBool* changed)
+{
+    *changed = mCodebaseWasChanged;
+    return NS_OK;
+}
+
 ///////////////////////////////////////
 // Methods implementing nsIPrincipal //
 ///////////////////////////////////////
@@ -403,7 +427,7 @@ nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
 // Constructor, Destructor, initialization //
 /////////////////////////////////////////////
 
-nsAggregatePrincipal::nsAggregatePrincipal() 
+nsAggregatePrincipal::nsAggregatePrincipal() : mCodebaseWasChanged(PR_FALSE)
 {
     NS_INIT_ISUPPORTS();
 }

mozilla/caps/src/nsScriptSecurityManager.cpp

@@ -204,6 +204,55 @@ nsScriptSecurityManager::CheckConnect(JSContext* aJSContext,
                                    nsnull, nsnull, aClassName, aPropertyName, nsnull);
 }
 
+NS_IMETHODIMP
+nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
+                                         nsIURI* aTargetURI)
+{
+    nsresult rv;
+
+    // Get a context if necessary
+    if (!cx)
+    {
+        cx = GetCurrentContextQuick();
+        if (!cx)
+            return NS_OK; // No JS context, so allow access
+    }
+
+    // Get a principal from the context
+    nsCOMPtr<nsIPrincipal> sourcePrincipal;
+    rv = GetSubjectPrincipal(cx, getter_AddRefs(sourcePrincipal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    PRBool equals;
+    if (!sourcePrincipal ||
+        NS_SUCCEEDED(sourcePrincipal->Equals(mSystemPrincipal, &equals))
+                     && equals)
+        // We have native code or the system principal, so allow access
+        return NS_OK;
+
+    // Get the original URI from the source principal.
+    // This has the effect of ignoring any change to document.domain
+    // which must be done to avoid DNS spoofing (bug 154930)
+    nsCOMPtr<nsIAggregatePrincipal> sourceAgg(do_QueryInterface(sourcePrincipal, &rv));
+    NS_ENSURE_SUCCESS(rv, rv); // If it's not a system principal, it must be an aggregate
+    nsCOMPtr<nsIPrincipal> sourceOriginal;
+    rv = sourceAgg->GetOriginalCodebase(getter_AddRefs(sourceOriginal));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // Create a principal from the target URI
+    // XXX factor out the Equals function so this isn't necessary
+    nsCOMPtr<nsIPrincipal> targetPrincipal;
+    rv = GetCodebasePrincipal(aTargetURI, getter_AddRefs(targetPrincipal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    // Compare origins
+    return CheckSameOriginInternal(sourceOriginal, targetPrincipal,
+                                   0, PR_FALSE /* do not check for privileges */);
+}
+
+
 nsresult
 nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                                                  nsIXPCNativeCallContext* aCallContext,
@@ -316,8 +365,8 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                 rv = NS_ERROR_DOM_SECURITY_ERR;
                 break;
             }
-            rv = CheckSameOrigin(aJSContext, subjectPrincipal, objectPrincipal,
-                                 aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
+            rv = CheckSameOriginInternal(subjectPrincipal, objectPrincipal,
+                                         aAction, PR_TRUE /* check for privileges */);
 
             break;
         }
@@ -449,9 +498,12 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
 }
 
 nsresult
-nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
-                                         nsIPrincipal* aObject, PRUint32 aAction)
+nsScriptSecurityManager::CheckSameOriginInternal(nsIPrincipal* aSubject,
+                                                 nsIPrincipal* aObject,
+                                                 PRUint32 aAction,
+                                                 PRBool checkForPrivileges)
 {
+    nsresult rv;
     /*
     ** Get origin of subject and object and compare.
     */
@@ -463,7 +515,25 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
         return NS_ERROR_FAILURE;
 
     if (isSameOrigin)
-        return NS_OK;
+    {   // If either the subject or the object has changed its principal by
+        // explicitly setting document.domain then the other must also have
+        // done so in order to be considered the same origin. This prevents
+        // DNS spoofing based on document.domain (154930)
+        nsCOMPtr<nsIAggregatePrincipal> subjectAgg(do_QueryInterface(aSubject, &rv));
+        NS_ENSURE_SUCCESS(rv, rv);
+        PRBool subjectSetDomain = PR_FALSE;
+        subjectAgg->WasCodebaseChanged(&subjectSetDomain);
+
+        nsCOMPtr<nsIAggregatePrincipal> objectAgg(do_QueryInterface(aObject, &rv));
+        NS_ENSURE_SUCCESS(rv, rv);
+        PRBool objectSetDomain = PR_FALSE;
+        objectAgg->WasCodebaseChanged(&objectSetDomain);
+
+        // If both or neither explicitly set their domain, allow the access
+        if (!(subjectSetDomain || objectSetDomain) ||
+            (subjectSetDomain && objectSetDomain))
+            return NS_OK;
+    }
 
     // Allow access to about:blank
     nsCOMPtr<nsICodebasePrincipal> objectCodebase(do_QueryInterface(aObject));
@@ -476,19 +546,21 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
             return NS_OK;
     }
 
-    /*
-    ** If we failed the origin tests it still might be the case that we
-    ** are a signed script and have permissions to do this operation.
-    ** Check for that here
-    */
-    PRBool capabilityEnabled = PR_FALSE;
-    const char* cap = aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY ?
-                      "UniversalBrowserWrite" : "UniversalBrowserRead";
-    if (NS_FAILED(IsCapabilityEnabled(cap, &capabilityEnabled)))
-        return NS_ERROR_FAILURE;
-    if (capabilityEnabled)
-        return NS_OK;
-
+    if (checkForPrivileges)
+    {
+        /*
+        ** If we failed the origin tests it still might be the case that we
+        ** are a signed script and have permissions to do this operation.
+        ** Check for that here
+        */
+        PRBool capabilityEnabled = PR_FALSE;
+        const char* cap = aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY ?
+                          "UniversalBrowserWrite" : "UniversalBrowserRead";
+        if (NS_FAILED(IsCapabilityEnabled(cap, &capabilityEnabled)))
+            return NS_ERROR_FAILURE;
+        if (capabilityEnabled)
+            return NS_OK;
+        }
     /*
     ** Access tests failed, so now report error.
     */

mozilla/client.mak

@@ -40,14 +40,14 @@ MOZ_OBJDIR = WIN32_O.OBJ
 #// Figure out how to do the pull.
 #//------------------------------------------------------------------------
 # uncomment these, modify branch tag, and check in to branch for milestones
-MOZ_BRANCH=NETSCAPE_6_2_2_BRANCH
-NSPR_CO_TAG=NETSCAPE_6_2_2_BRANCH
-PSM_CO_TAG=NETSCAPE_6_2_2_BRANCH
-NSS_CO_TAG=NETSCAPE_6_2_2_BRANCH
-LDAPCSDK_CO_TAG=NETSCAPE_6_2_2_BRANCH
-ACCESSIBLE_CO_TAG=NETSCAPE_6_2_2_BRANCH
-IMGLIB2_CO_TAG=NETSCAPE_6_2_2_BRANCH
-GFX2_CO_TAG=NETSCAPE_6_2_2_BRANCH
+MOZ_BRANCH=NETSCAPE_6_2_3_BRANCH
+NSPR_CO_TAG=NETSCAPE_6_2_3_BRANCH
+PSM_CO_TAG=NETSCAPE_6_2_3_BRANCH
+NSS_CO_TAG=NETSCAPE_6_2_3_BRANCH
+LDAPCSDK_CO_TAG=NETSCAPE_6_2_3_BRANCH
+ACCESSIBLE_CO_TAG=NETSCAPE_6_2_3_BRANCH
+IMGLIB2_CO_TAG=NETSCAPE_6_2_3_BRANCH
+GFX2_CO_TAG=NETSCAPE_6_2_3_BRANCH
 
 
 !ifdef MOZ_BRANCH

mozilla/client.mk

@@ -52,14 +52,14 @@
 #
 # For branches, uncomment the MOZ_CO_TAG line with the proper tag,
 # and commit this file on that tag.
-MOZ_CO_TAG = NETSCAPE_6_2_2_BRANCH
-NSPR_CO_TAG = NETSCAPE_6_2_2_BRANCH
-PSM_CO_TAG = NETSCAPE_6_2_2_BRANCH
-NSS_CO_TAG = NETSCAPE_6_2_2_BRANCH
-LDAPCSDK_CO_TAG = NETSCAPE_6_2_2_BRANCH
-ACCESSIBLE_CO_TAG = NETSCAPE_6_2_2_BRANCH
-GFX2_CO_TAG = NETSCAPE_6_2_2_BRANCH
-IMGLIB2_CO_TAG = NETSCAPE_6_2_2_BRANCH
+MOZ_CO_TAG = NETSCAPE_6_2_3_BRANCH
+NSPR_CO_TAG = NETSCAPE_6_2_3_BRANCH
+PSM_CO_TAG = NETSCAPE_6_2_3_BRANCH
+NSS_CO_TAG = NETSCAPE_6_2_3_BRANCH
+LDAPCSDK_CO_TAG = NETSCAPE_6_2_3_BRANCH
+ACCESSIBLE_CO_TAG = NETSCAPE_6_2_3_BRANCH
+GFX2_CO_TAG = NETSCAPE_6_2_3_BRANCH
+IMGLIB2_CO_TAG = NETSCAPE_6_2_3_BRANCH
 BUILD_MODULES = all
 
 #######################################################################

mozilla/content/xml/document/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= layout
 LIBRARY_NAME	= gkconxmldoc_s
-REQUIRES	= xpcom string js dom widget caps htmlparser necko view docshell webshell uriloader pref xpconnect uconv chardet lwbrk exthandler mimetype
+REQUIRES	= xpcom string js dom widget caps htmlparser necko view docshell webshell uriloader pref xpconnect uconv chardet lwbrk exthandler mimetype windowwatcher
 
 CPPSRCS		= \
 		nsXMLContentSink.cpp \

mozilla/content/xml/document/src/nsXMLDocument.cpp

@@ -75,6 +75,8 @@
 #include "nsContentCID.h"
 #include "nsDOMAttribute.h"
 #include "nsGUIEvent.h"
+#include "nsIWindowWatcher.h"
+#include "nsIAuthPrompt.h"
 
 #include "nsCExternalHandlerService.h"
 #include "nsIMIMEService.h"
@@ -183,7 +185,7 @@ NS_NewXMLDocument(nsIDocument** aInstancePtrResult)
 
 nsXMLDocument::nsXMLDocument() 
   : mAttrStyleSheet(nsnull), mInlineStyleSheet(nsnull), 
-    mParser(nsnull)
+    mParser(nsnull), mCrossSiteAccessEnabled(PR_FALSE)
 {
 }
 
@@ -256,35 +258,72 @@ nsXMLDocument::GetContentType(nsAWritableString& aContentType) const
 NS_IMETHODIMP
 nsXMLDocument::GetInterface(const nsIID& aIID, void** aSink)
 {
-  // Since we implement all the interfaces that you can get with
-  // GetInterface() we can simply call QueryInterface() here and let
-  // it do all the work.
+  if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
+    NS_ENSURE_ARG_POINTER(aSink);
+    *aSink = nsnull;
+
+    nsresult rv;
+    nsCOMPtr<nsIWindowWatcher> ww(do_GetService("@mozilla.org/embedcomp/window-watcher;1", &rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIAuthPrompt> prompt;
+    rv = ww->GetNewAuthPrompter(nsnull, getter_AddRefs(prompt));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsIAuthPrompt *p = prompt.get();
+    NS_ADDREF(p);
+    *aSink = p;
+    return NS_OK;
+  }
+
 
   return QueryInterface(aIID, aSink);
 }
 
-
 // nsIHttpEventSink
 NS_IMETHODIMP
 nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
 {
+  NS_ENSURE_ARG_POINTER(aNewChannel);
+
   nsresult rv;
 
-  nsCOMPtr<nsIScriptSecurityManager> securityManager = 
+  nsCOMPtr<nsIScriptSecurityManager> secMan = 
            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
-  nsCOMPtr<nsIURI> newLocation;
+  nsCOMPtr<nsIURI> newLocation; // The redirected URI
   rv = aNewChannel->GetURI(getter_AddRefs(newLocation));
 
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
+  if (mScriptContext && !mCrossSiteAccessEnabled) {
+    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    JSContext *cx = (JSContext *)mScriptContext->GetNativeContext();
+    if (!cx)
+      return NS_ERROR_UNEXPECTED;
+
+    stack->Push(cx);
+
+    rv = secMan->CheckSameOrigin(nsnull, newLocation);
+
+    stack->Pop(&cx);
+  
+    if (NS_FAILED(rv))
+      return rv;
+  }
+
   nsCOMPtr<nsIPrincipal> newCodebase;
-  rv = securityManager->GetCodebasePrincipal(newLocation,
-                                             getter_AddRefs(newCodebase));
+  rv = secMan->GetCodebasePrincipal(newLocation,
+                                    getter_AddRefs(newCodebase));
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
@@ -322,6 +361,25 @@ nsXMLDocument::Load(const nsAReadableString& aUrl)
   SetBaseURL(uri);
   mBaseTarget.Truncate();
 
+
+  // Store script context, if any, in case we encounter redirect (because we need it there)
+  nsCOMPtr<nsIJSContextStack> stack =
+    do_GetService("@mozilla.org/js/xpc/ContextStack;1");
+  if (stack) {
+    JSContext *cx;
+    if (NS_SUCCEEDED(stack->Peek(&cx)) && cx) {
+      nsISupports *priv = (nsISupports *)::JS_GetContextPrivate(cx);
+      if (priv) {
+        priv->QueryInterface(NS_GET_IID(nsIScriptContext), getter_AddRefs(mScriptContext));        
+      }
+    }
+  }
+
+  // Find out if UniversalBrowserRead privileges are enabled - we will need this
+  // in case of a redirect
+  rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &mCrossSiteAccessEnabled);
+  if (NS_FAILED(rv)) return rv;
+
   // Create a channel
   rv = NS_OpenURI(getter_AddRefs(channel), uri, nsnull, nsnull, this);
   if (NS_FAILED(rv)) return rv;

mozilla/content/xml/document/src/nsXMLDocument.h

@@ -28,6 +28,7 @@
 #include "nsIHTMLContentContainer.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIHttpEventSink.h"
+#include "nsIScriptContext.h"
 
 class nsIParser;
 class nsIDOMNode;
@@ -114,6 +115,9 @@ protected:
   nsString mBaseTarget;
 
   nsIParser *mParser;
+
+  nsCOMPtr<nsIScriptContext> mScriptContext;
+  PRBool mCrossSiteAccessEnabled;
 };
 
 

mozilla/docshell/base/nsDocShell.cpp

@@ -4559,16 +4559,14 @@ nsresult nsDocShell::DoURILoad(nsIURI * aURI,
             httpChannel->SetUploadStream(aPostData);
             /* If there is a valid postdata *and* it is a History Load,
              * set up the cache key on the channel, to retrieve the
-             * data only from the cache. When there is a postdata
-             * on a history load, we do not want to go out to the net
-             * in our first attempt. We will go out to the net for a
-             * post data result, *only* if it has expired from cache *and*
-             * the user has given us permission to do so.
+             * data *only* from the cache. If it is a normal reload, the 
+             * cache is free to go to the server for updated postdata. 
              */
-            if (mLoadType == LOAD_HISTORY || mLoadType == LOAD_RELOAD_NORMAL
-                || mLoadType == LOAD_RELOAD_CHARSET_CHANGE) {
-                if (cacheChannel && cacheKey)
+            if (cacheChannel && cacheKey) {
+                if (mLoadType == LOAD_HISTORY || mLoadType == LOAD_RELOAD_CHARSET_CHANGE) 
                     cacheChannel->SetCacheKey(cacheKey, PR_TRUE);
+                else if (mLoadType == LOAD_RELOAD_NORMAL)
+                    cacheChannel->SetCacheKey(cacheKey, PR_FALSE);
             }
         }
         else {
@@ -5442,29 +5440,28 @@ nsDocShell::AddToSessionHistory(nsIURI * aURI,
 
     shouldPersist = ShouldAddToSessionHistory(aURI);
 
-    //
-    // If the entry is being replaced in SH, then just use the
-    // current entry...
-    //
-    if (LOAD_NORMAL_REPLACE == mLoadType) {
-        // There is no need to go to mSessionHistory and get the entry at
-        // current index. mOSHE works for subframes and top level docshells.
+    // Get a handle to the root docshell 
+    nsCOMPtr<nsIDocShellTreeItem> root;
+    GetSameTypeRootTreeItem(getter_AddRefs(root));     
+    /*
+     * If this is a LOAD_NORMAL_REPLACE in a subframe, we use
+     * the existing SH entry in the page and replace the url and
+     * other vitalities.
+     */
+    if (LOAD_NORMAL_REPLACE == mLoadType && (root.get() != NS_STATIC_CAST(nsIDocShellTreeItem *, this))) {
+        // This is a subframe 
         entry = mOSHE;
-        // If there are children for this entry destroy them, as they are
-        // going out of scope. 
-        if (entry) {
-            nsCOMPtr<nsISHContainer> shContainer(do_QueryInterface(entry));
-            if (shContainer) {
-                PRInt32 childCount = 0;
-                shContainer->GetChildCount(&childCount);
-                // Remove all children of this entry 
-                for (PRInt32 i = childCount - 1; i >= 0; i--) {
-                    nsCOMPtr<nsISHEntry> child;
-                    shContainer->GetChildAt(i, getter_AddRefs(child));
-                    shContainer->RemoveChild(child);
-                }
-            }
-        }
+        nsCOMPtr<nsISHContainer> shContainer(do_QueryInterface(entry));
+        if (shContainer) {
+            PRInt32 childCount = 0;
+            shContainer->GetChildCount(&childCount);
+            // Remove all children of this entry 
+            for (PRInt32 i = childCount - 1; i >= 0; i--) {
+                nsCOMPtr<nsISHEntry> child;
+                shContainer->GetChildAt(i, getter_AddRefs(child));
+                shContainer->RemoveChild(child);
+            }  // for
+        }  // shContainer
     }
 
     // Create a new entry if necessary.
@@ -5532,6 +5529,18 @@ nsDocShell::AddToSessionHistory(nsIURI * aURI,
         else
             rv = AddChildSHEntry(nsnull, entry, mChildOffset);
     }
+    else {        
+        if (root.get() == NS_STATIC_CAST(nsIDocShellTreeItem *, this) && mSessionHistory) {
+            // It is a LOAD_NORMAL_REPLACE on the root docshell
+            PRInt32  index = 0;   
+            nsCOMPtr<nsIHistoryEntry> hEntry;
+            mSessionHistory->GetIndex(&index);
+            nsCOMPtr<nsISHistoryInternal>   shPrivate(do_QueryInterface(mSessionHistory));
+            // Replace the current entry with the new entry
+            if (shPrivate)
+                rv = shPrivate->ReplaceEntry(index, entry);
+        }
+    }
 
     // Return the new SH entry...
     if (aNewEntry) {

mozilla/extensions/cookie/nsCookies.cpp

@@ -34,6 +34,7 @@
 #include "nsIPref.h"
 #include "nsTextFormatter.h"
 #include "nsAppDirectoryServiceDefs.h"
+#include "nsNetUtil.h"
 
 #define MAX_NUMBER_OF_COOKIES 300
 #define MAX_COOKIES_PER_SERVER 20
@@ -455,6 +456,20 @@ COOKIE_GetCookie(char * address) {
      isSecure = PR_TRUE;
   }
 
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to get a cookie for,
+     so we must not attempt to get cookies (bug 152725)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult secResult = NS_NewURI(getter_AddRefs(uri),
+                                 address, nsnull);
+  if (NS_FAILED(secResult))
+      return nsnull;
+  nsXPIDLCString tempHost;
+  secResult = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(secResult))
+      return nsnull;
+
   /* search for all cookies */
   if (cookie_list == nsnull) {
     return NULL;
@@ -710,6 +725,20 @@ cookie_SetCookieString(char * curURL, nsIPrompt *aPrompter, const char * setCook
     return;
   }
 
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to set a cookie on,
+     so we must not attempt to set cookies (bug 152725)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult secResult = NS_NewURI(getter_AddRefs(uri),
+                                 curURL, nsnull);
+  if (NS_FAILED(secResult))
+      return;
+  nsXPIDLCString tempHost;
+  secResult = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(secResult))
+      return;
+
 //printf("\nSetCookieString(URL '%s', header '%s') time %d == %s\n",curURL,setCookieHeader,timeToExpire,asctime(gmtime(&timeToExpire)));
   if(cookie_GetLifetimePref() == COOKIE_Discard) {
     if(cookie_GetLifetimeTime() < timeToExpire) {

mozilla/extensions/wallet/src/singsign.cpp

@@ -2041,6 +2041,24 @@ SINGSIGN_RememberSignonData
   nsXPIDLCString strippedRealm;
   nsCOMPtr<nsIIOService> ioService = do_GetService(NS_IOSERVICE_CONTRACTID);
   if (!ioService) return;
+
+
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to get the signon data from,
+     so we must not attempt to restore the signon data (bug 159484)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult result = ioService->NewURI(passwordRealm,
+                                      nsnull, getter_AddRefs(uri));
+  if (NS_FAILED(result)) {
+      return;
+  }
+  nsXPIDLCString tempHost;
+  result = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(result)) {
+      return;
+  }
+
   ioService->ExtractUrlPart(passwordRealm, nsIIOService::url_Host, 0, 0, getter_Copies(strippedRealm));
   if (strippedRealm) {
     si_RememberSignonData(dialog, strippedRealm, signonData, window);
@@ -2156,6 +2174,24 @@ SINGSIGN_RestoreSignonData(nsIPrompt* dialog, const char* passwordRealm, const P
   nsXPIDLCString strippedRealm;
   nsCOMPtr<nsIIOService> ioService = do_GetService(NS_IOSERVICE_CONTRACTID);
   if (!ioService) return;
+
+
+  /* Hacky security check: If address is of a scheme that
+      doesn't support hostnames, we have no host to get the signon data from,
+      so we must not attempt to restore the signon data (bug 159484)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult result = ioService->NewURI(passwordRealm,
+                                      nsnull, getter_AddRefs(uri));
+  if (NS_FAILED(result)) {
+      return;
+  }
+  nsXPIDLCString tempHost;
+  result = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(result)) {
+      return;
+  }
+
   ioService->ExtractUrlPart(passwordRealm, nsIIOService::url_Host, 0, 0, getter_Copies(strippedRealm));
   si_RestoreSignonData(dialog, strippedRealm, name, value, elementNumber);
 }

mozilla/extensions/xmlextras/base/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= xmlextras
 LIBRARY_NAME	= xmlextrasbase_s
-REQUIRES	= xpcom string dom js layout widget caps uconv necko docshell xpconnect webbrwsr
+REQUIRES	= xpcom string dom js layout widget caps uconv necko docshell xpconnect webbrwsr windowwatcher
 
 CPPSRCS	= 				\
 		nsDOMSerializer.cpp	\

mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp

@@ -60,6 +60,8 @@
 #include "nsIDOMElement.h"
 #include "nsIParser.h"
 #include "nsLoadListenerProxy.h"
+#include "nsIWindowWatcher.h"
+#include "nsIAuthPrompt.h"
 
 static const char* kLoadAsData = "loadAsData";
 #define LOADSTR NS_LITERAL_STRING("load")
@@ -117,6 +119,7 @@ nsXMLHttpRequest::nsXMLHttpRequest()
   NS_INIT_ISUPPORTS();
   ChangeState(XML_HTTP_REQUEST_UNINITIALIZED,PR_FALSE);
   mAsync = PR_TRUE;
+  mCrossSiteAccessEnabled = PR_FALSE;
 }
 
 nsXMLHttpRequest::~nsXMLHttpRequest()
@@ -141,6 +144,8 @@ NS_INTERFACE_MAP_BEGIN(nsXMLHttpRequest)
   NS_INTERFACE_MAP_ENTRY(nsIDOMEventTarget)
   NS_INTERFACE_MAP_ENTRY(nsIRequestObserver)
   NS_INTERFACE_MAP_ENTRY(nsIStreamListener)
+  NS_INTERFACE_MAP_ENTRY(nsIHttpEventSink)
+  NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
   NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
   NS_INTERFACE_MAP_ENTRY_DOM_CLASSINFO(XMLHttpRequest)
 NS_INTERFACE_MAP_END
@@ -641,6 +646,12 @@ nsXMLHttpRequest::Open(const char *method, const char *url)
       return NS_OK;
     }
 
+    // Find out if UniversalBrowserRead privileges are enabled
+    // we will need this in case of a redirect
+    rv = secMan->IsCapabilityEnabled("UniversalBrowserRead",
+                                     &mCrossSiteAccessEnabled);
+    if (NS_FAILED(rv)) return rv;
+
     if (argc > 2) {
       JSBool asyncBool;
       JS_ValueToBoolean(cx, argv[2], &asyncBool);
@@ -1113,6 +1124,11 @@ nsXMLHttpRequest::Send(nsISupports *body)
   }
 #endif
 
+  if (!mScriptContext) {
+    // We need a context to check if redirect (if any) is allowed
+    GetCurrentContext(getter_AddRefs(mScriptContext));
+  }
+
   rv = document->StartDocumentLoad(kLoadAsData, mChannel, 
                                    nsnull, nsnull, 
                                    getter_AddRefs(listener),
@@ -1129,6 +1145,9 @@ nsXMLHttpRequest::Send(nsISupports *body)
   if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
 #endif
 
+  // Hook us up to listen to redirects and the like
+  mChannel->SetNotificationCallbacks(this);
+
   // Start reading from the channel
   ChangeState(XML_HTTP_REQUEST_SENT);
   mXMLParserStreamListener = listener;
@@ -1332,6 +1351,79 @@ nsXMLHttpRequest::ChangeState(nsXMLHttpRequestState aState, PRBool aBroadcast)
   return rv;
 }
 
+/////////////////////////////////////////////////////
+// nsIHttpEventSink methods:
+//
+NS_IMETHODIMP
+nsXMLHttpRequest::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
+{
+  NS_ENSURE_ARG_POINTER(aNewChannel);
+
+  if (mScriptContext && !mCrossSiteAccessEnabled) {
+    nsresult rv = NS_ERROR_FAILURE;
+
+    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    JSContext *cx = (JSContext *)mScriptContext->GetNativeContext();
+    if (!cx)
+      return NS_ERROR_UNEXPECTED;
+
+    nsCOMPtr<nsIScriptSecurityManager> secMan = 
+             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIURI> newURI;
+    rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The redirected URI
+    if (NS_FAILED(rv)) 
+      return rv;
+
+    stack->Push(cx);
+
+    rv = secMan->CheckSameOrigin(cx, newURI);
+
+    stack->Pop(&cx);
+    
+    if (NS_FAILED(rv))
+      return rv;
+  }
+
+  mChannel = aNewChannel;
+
+  return NS_OK;
+}
+
+/////////////////////////////////////////////////////
+// nsIInterfaceRequestor methods:
+//
+NS_IMETHODIMP
+nsXMLHttpRequest::GetInterface(const nsIID & aIID, void **aResult)
+{
+  if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
+    NS_ENSURE_ARG_POINTER(aResult);
+    *aResult = nsnull;
+
+    nsresult rv;
+    nsCOMPtr<nsIWindowWatcher> ww(do_GetService("@mozilla.org/embedcomp/window-watcher;1", &rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIAuthPrompt> prompt;
+    rv = ww->GetNewAuthPrompter(nsnull, getter_AddRefs(prompt));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsIAuthPrompt *p = prompt.get();
+    NS_ADDREF(p);
+    *aResult = p;
+    return NS_OK;
+  }
+
+  return QueryInterface(aIID, aResult);
+}
+
 NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
 
 NS_IMETHODIMP nsXMLHttpRequest::

mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.h

@@ -43,6 +43,8 @@
 #include "nsISupportsArray.h"
 #include "jsapi.h"
 #include "nsIScriptContext.h"
+#include "nsIHttpEventSink.h"
+#include "nsIInterfaceRequestor.h"
 
 
 enum nsXMLHttpRequestState {
@@ -60,6 +62,8 @@ class nsXMLHttpRequest : public nsIXMLHttpRequest,
                          public nsIDOMLoadListener,
                          public nsIDOMEventTarget,
                          public nsIStreamListener,
+                         public nsIHttpEventSink, 
+                         public nsIInterfaceRequestor,
                          public nsSupportsWeakReference
 {
 public:
@@ -92,6 +96,12 @@ public:
   // nsIRequestObserver
   NS_DECL_NSIREQUESTOBSERVER
 
+  // nsIHttpEventSink
+  NS_DECL_NSIHTTPEVENTSINK
+ 
+  // nsIInterfaceRequestor
+  NS_DECL_NSIINTERFACEREQUESTOR
+
 protected:
   nsresult GetStreamForWString(const PRUnichar* aStr,
                                PRInt32 aLength,
@@ -145,6 +155,7 @@ protected:
 
   PRInt32 mStatus;
   PRBool mAsync;
+  PRBool mCrossSiteAccessEnabled;
 };
 
 #endif

mozilla/gfx/src/gtk/nsRenderingContextGTK.cpp

@@ -1930,15 +1930,20 @@ nsRenderingContextGTK::my_gdk_draw_text (GdkDrawable *drawable,
     // gdk does this... we don't need it..
     //    XSetFont(drawable_private->xdisplay, gc_private->xgc, xfont->fid);
 
+    // We clamp the sizes down to 32768 which is the maximum width of
+    // a window.  Even if a font was 1 pixel high and started at the
+    // left, the maximum size of a draw request could only be 32k.
+
     if ((xfont->min_byte1 == 0) && (xfont->max_byte1 == 0))
     {
       XDrawString (drawable_private->xdisplay, drawable_private->xwindow,
-                   gc_private->xgc, x, y, text, text_length);
+                   gc_private->xgc, x, y, text, MIN(text_length, 32768));
     }
     else
     {
       XDrawString16 (drawable_private->xdisplay, drawable_private->xwindow,
-                     gc_private->xgc, x, y, (XChar2b *) text, text_length / 2);
+                     gc_private->xgc, x, y, (XChar2b *) text, 
+                     MIN((text_length / 2), 32768));
     }
   }
   else if (font->type == GDK_FONT_FONTSET)

mozilla/layout/xul/base/public/nsIMenuParent.h

@@ -1,73 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is Mozilla Communicator client code.
- *
- * The Initial Developer of the Original Code is Netscape Communications
- * Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- *   Dean Tessman <dean_tessman@hotmail.com>
- */
-
-#ifndef nsIMenuParent_h___
-#define nsIMenuParent_h___
-
-
-// {D407BF61-3EFA-11d3-97FA-00400553EEF0}
-#define NS_IMENUPARENT_IID \
-{ 0xd407bf61, 0x3efa, 0x11d3, { 0x97, 0xfa, 0x0, 0x40, 0x5, 0x53, 0xee, 0xf0 } }
-
-class nsIMenuFrame;
-
-class nsIMenuParent : public nsISupports {
-
-public:
-  static const nsIID& GetIID() { static nsIID iid = NS_IMENUPARENT_IID; return iid; }
-
-  NS_IMETHOD GetCurrentMenuItem(nsIMenuFrame** aMenuItem) = 0;
-  NS_IMETHOD SetCurrentMenuItem(nsIMenuFrame* aMenuItem) = 0;
-  NS_IMETHOD GetNextMenuItem(nsIMenuFrame* aStart, nsIMenuFrame** aResult) = 0;
-  NS_IMETHOD GetPreviousMenuItem(nsIMenuFrame* aStart, nsIMenuFrame** aResult) = 0;
-
-  NS_IMETHOD SetActive(PRBool aActiveFlag) = 0;
-  NS_IMETHOD GetIsActive(PRBool& isActive) = 0;
-  NS_IMETHOD GetWidget(nsIWidget **aWidget) = 0;
-  
-  NS_IMETHOD IsMenuBar(PRBool& isMenuBar) = 0;
-
-  NS_IMETHOD DismissChain() = 0;
-  NS_IMETHOD HideChain() = 0;
-  NS_IMETHOD KillPendingTimers() = 0;
-
-  NS_IMETHOD CreateDismissalListener() = 0;
-
-  NS_IMETHOD InstallKeyboardNavigator() = 0;
-  NS_IMETHOD RemoveKeyboardNavigator() = 0;
-
-  // Used to move up, down, left, and right in menus.
-  NS_IMETHOD KeyboardNavigation(PRUint32 aDirection, PRBool& aHandledFlag) = 0;
-  NS_IMETHOD ShortcutNavigation(PRUint32 aLetter, PRBool& aHandledFlag) = 0;
-  // Called when the ESC key is held down to close levels of menus.
-  NS_IMETHOD Escape(PRBool& aHandledFlag) = 0;
-  // Called to execute a menu item.
-  NS_IMETHOD Enter() = 0;
-
-  NS_IMETHOD SetIsContextMenu(PRBool aIsContextMenu) = 0;
-  NS_IMETHOD GetIsContextMenu(PRBool& aIsContextMenu) = 0;
-  
-};
-
-#endif
-

mozilla/mailnews/compose/src/nsMsgAttachmentHandler.cpp

@@ -664,8 +664,10 @@ nsMsgAttachmentHandler::SnarfAttachment(nsMsgCompFields *compFields)
 		  m_x_mac_creator = PL_strdup(filetype);
 		}
 
+    long dataSize = 0;
+    long resSize = 0;
+  
     PRBool sendResourceFork = PR_TRUE;
-    PRBool sendDataFork = PR_TRUE;
     PRBool icGaveNeededInfo = PR_FALSE;
  
     nsCOMPtr<nsIInternetConfigService> icService (do_GetService(NS_INTERNETCONFIGSERVICE_CONTRACTID));
@@ -676,7 +678,14 @@ nsMsgAttachmentHandler::SnarfAttachment(nsMsgCompFields *compFields)
       if (NS_SUCCEEDED(rv) && icFlags != -1 && !(icFlags & nsIInternetConfigService::eIICMapFlag_NotOutgoingMask))
       {
         sendResourceFork = (icFlags & nsIInternetConfigService::eIICMapFlag_ResourceForkMask);
-        sendDataFork = (icFlags & nsIInternetConfigService::eIICMapFlag_DataForkMask);
+
+        if (sendResourceFork)
+        {
+          // before deciding to send the resource fork along the data fork, check if we have one,
+          // else don't need to use apple double.
+          if (::FSpGetFileSize(&fsSpec, &dataSize, &resSize) == noErr && resSize == 0)
+            sendResourceFork = PR_FALSE;
+        }
         
         icGaveNeededInfo = PR_TRUE;
       }
@@ -685,9 +694,6 @@ nsMsgAttachmentHandler::SnarfAttachment(nsMsgCompFields *compFields)
     if (! icGaveNeededInfo)
     {
       // If InternetConfig cannot help us, then just try our best...
-      long dataSize = 0;
-      long resSize = 0;
-	
 	    // first check if we have a resource fork
       if (::FSpGetFileSize(&fsSpec, &dataSize, &resSize) == noErr)
         sendResourceFork = (resSize > 0);

mozilla/mailnews/imap/src/nsImapIncomingServer.cpp

@@ -2396,16 +2396,15 @@ nsresult nsImapIncomingServer::RequestOverrideInfo(nsIMsgWindow *aMsgWindow)
 
 			GetUsername(getter_Copies(userName));
       m_logonRedirector->RequiresPassword(userName, &requiresPassword);
+      
       if (requiresPassword)
       {
   			GetPassword(getter_Copies(password));
 
-			  if (!((const char *) password) || nsCRT::strlen((const char *) password) == 0)
+			  if (password.IsEmpty())
 				  PromptForPassword(getter_Copies(password), aMsgWindow);
 
-        // if we still don't have a password then the user must have hit cancel so just
-        // fall out...
-        if (!((const char *) password) || nsCRT::strlen((const char *) password) == 0)
+        if (password.IsEmpty())  // if still empty then the user canceld out of the password dialog
         {
           // be sure to clear the waiting for connection info flag because we aren't waiting
           // anymore for a connection...
@@ -2413,6 +2412,10 @@ nsresult nsImapIncomingServer::RequestOverrideInfo(nsIMsgWindow *aMsgWindow)
           return NS_OK;
         }
       }
+      else
+      {
+        SetUserAuthenticated(PR_TRUE);  // we are already authenicated
+      }
 
       nsCOMPtr<nsIPrompt> dialogPrompter;
       if (aMsgWindow)

mozilla/mailnews/local/src/nsLocalMailFolder.cpp

@@ -469,7 +469,27 @@ nsMsgLocalMailFolder::GetSubFolders(nsIEnumerator* *result)
         rv = localMailServer->SetFlagsOnDefaultMailboxes();
         if (NS_FAILED(rv)) return rv;
       }
-	
+      
+      /*we need to create all the folders at start-up because if a folder having subfolders is
+      closed then the datasource will not ask for subfolders. For IMAP logging onto the 
+      server will create imap folders and for news we don't have any 2nd level newsgroup */
+
+      PRUint32 cnt;
+      rv = mSubFolders->Count(&cnt);
+      if (NS_SUCCEEDED(rv))
+      {
+        nsCOMPtr<nsIEnumerator> enumerator;
+        for (PRUint32 i=0; i< cnt;i++)
+        {
+          nsCOMPtr<nsISupports> supports = getter_AddRefs(mSubFolders->ElementAt(i));
+          nsCOMPtr<nsIMsgFolder> folder = do_QueryInterface(supports, &rv);
+          if (folder && NS_SUCCEEDED(rv))
+          {
+            rv = folder->GetSubFolders(getter_AddRefs(enumerator));
+            NS_ASSERTION(NS_SUCCEEDED(rv),"GetSubFolders failed");
+          }
+        }
+      }
     }
     UpdateSummaryTotals(PR_FALSE);
     

mozilla/mailnews/mime/src/mimemrel.cpp

@@ -112,6 +112,7 @@
  */
 #include "nsCOMPtr.h"
 #include "mimemrel.h"
+#include "mimemapl.h"
 #include "prmem.h"
 #include "prprf.h"
 #include "prlog.h"
@@ -464,10 +465,21 @@ MimeMultipartRelated_output_child_p(MimeObject *obj, MimeObject* child)
 			PR_FREEIF(base_url);
 			PR_Free(location);
 			if (absolute) {
-				char* partnum = mime_part_address(child);
-				if (partnum) {
+        nsCAutoString partnum;
+        char * partNumStr = mime_part_address(child);
+        partnum.Assign(partNumStr); 
+        PR_FREEIF(partNumStr); 
+        if (!partnum.IsEmpty()) {
+          /*
+            AppleDouble part need special care: we need to output only the data fork part of it.
+            The problem at this point is that we haven't yet decoded the children of the AppleDouble
+            part therfore we will have to hope the datafork is the second one!
+          */
+          if (mime_typep(child, (MimeObjectClass *) &mimeMultipartAppleDoubleClass))
+            partnum.Append(".2");
+
 					char* part;
-					part = mime_set_url_part(obj->options->url, partnum,
+          part = mime_set_url_part(obj->options->url, (char *) partnum.get(),
 											 PR_FALSE);
 					if (part) {
 					    /* If there's a space in the url, escape the url.
@@ -513,7 +525,6 @@ MimeMultipartRelated_output_child_p(MimeObject *obj, MimeObject* child)
 						   part URL that was given to us. */
 						if (temp != part) PR_Free(part);
 					}
-					PR_Free(partnum);
 				}
 			}
 		}
@@ -539,7 +550,6 @@ MimeMultipartRelated_output_child_p(MimeObject *obj, MimeObject* child)
 			PR_FREEIF(relobj->base_url);
 			relobj->base_url = base_url;
 		}
-
 	}
 	if (obj->options && !obj->options->write_html_p
 #ifdef MIME_DRAFTS

mozilla/mailnews/mime/src/mimemult.cpp

@@ -390,7 +390,8 @@ MimeMultipart_create_child(MimeObject *obj)
     {
       struct mime_stream_data *msd = (struct mime_stream_data *)body->options->stream_closure;
       if (!body->options->write_html_p && body->content_type && !nsCRT::strcasecmp(body->content_type, APPLICATION_APPLEFILE))
-        msd->channel->SetContentType(APPLICATION_APPLEFILE);
+        if (msd && msd->channel)
+          msd->channel->SetContentType(APPLICATION_APPLEFILE);
     }
 #endif
 

mozilla/modules/libpref/src/init/all.js

@@ -28,7 +28,7 @@ pref("network.search.url","http://cgi.netscape.com/cgi-bin/url_search.cgi?search
 pref("keyword.URL", "http://keyword.netscape.com/keyword/");
 pref("keyword.enabled", true);
 pref("general.useragent.locale", "chrome://navigator/locale/navigator.properties");
-pref("general.useragent.misc", "rv:0.9.4");
+pref("general.useragent.misc", "rv:0.9.4.1");
 
 pref("general.startup.browser",             true);
 pref("general.startup.mail",                false);

mozilla/modules/zlib/src/infblock.c

@@ -249,10 +249,12 @@ int r;
                              &s->sub.trees.tb, s->hufts, z);
       if (t != Z_OK)
       {
-        ZFREE(z, s->sub.trees.blens);
         r = t;
         if (r == Z_DATA_ERROR)
+        {
+          ZFREE(z, s->sub.trees.blens);
           s->mode = BAD;
+        }
         LEAVE
       }
       s->sub.trees.index = 0;
@@ -313,14 +315,17 @@ int r;
         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
                                   s->hufts, z);
-        ZFREE(z, s->sub.trees.blens);
         if (t != Z_OK)
         {
           if (t == (uInt)Z_DATA_ERROR)
+          {
+            ZFREE(z, s->sub.trees.blens);
             s->mode = BAD;
+          }
           r = t;
           LEAVE
         }
+        ZFREE(z, s->sub.trees.blens);
         Tracev((stderr, "inflate:       trees ok\n"));
         if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
         {

mozilla/netwerk/base/src/nsSocketTransport.cpp

@@ -203,7 +203,7 @@ nsSocketTransport::~nsSocketTransport()
     }
     
     if (mService) {
-        PR_AtomicDecrement(&mService->mTotalTransports);
+        mService->OnTransportDestroyed();
         NS_RELEASE(mService);
     }
     
@@ -340,7 +340,7 @@ nsresult nsSocketTransport::Init(nsSocketTransportService* aService,
     
     // Update the active time for timeout purposes...
     mLastActiveTime = PR_IntervalNow();
-    PR_AtomicIncrement(&mService->mTotalTransports);
+    mService->OnTransportCreated();
     
     LOG(("nsSocketTransport: Initializing [%s:%d %x].  rv = %x",
         mHostName, mPort, this, rv));
@@ -422,8 +422,11 @@ nsresult nsSocketTransport::Process(PRInt16 aSelectFlags)
             //
             // A connection has been established with the server
             //
-            PR_AtomicIncrement(&mService->mConnectedTransports);
-            mWasConnected = PR_TRUE;
+            if (!mWasConnected) {
+                const char *host = (mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName;
+                mService->OnTransportConnected(host, &mNetAddress);
+                mWasConnected = PR_TRUE;
+            }
 
             // Send status message
             OnStatus(NS_NET_STATUS_CONNECTED_TO);
@@ -626,46 +629,65 @@ nsresult nsSocketTransport::doResolveHost(void)
     //
     if (PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
         //
-        // Initialize the port used for the connection...
+        // determine the desired host:port
         //
-        // XXX: The list of ports must be restricted - see net_bad_ports_table[] in 
-        //      mozilla/network/main/mkconect.c
-        //
-        mNetAddress.ipv6.port = PR_htons(((mProxyPort != -1 && !mProxyTransparent) ? mProxyPort : mPort));
+        const char *host = (mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName;
+        PRInt32 port = (mProxyPort != -1 && !mProxyTransparent) ? mProxyPort : mPort;
 
-        nsCOMPtr<nsIDNSService> pDNSService(do_GetService(kDNSService, &rv));
-        if (NS_FAILED(rv)) return rv;
+        PRIPv6Addr addr;
+        if (mService->LookupHost(host, &addr)) {
+            // found address!
+            PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &mNetAddress);
+            memcpy(&mNetAddress.ipv6.ip, &addr, sizeof(addr));
+#ifdef PR_LOGGING
+            char buf[128];
+            PR_NetAddrToString(&mNetAddress, buf, sizeof(buf));
+            LOG((" -> using cached ip address [%s]\n", buf));
+#endif
+        }
+        else {
+            //
+            // Initialize the port used for the connection...
+            //
+            // XXX: The list of ports must be restricted - see net_bad_ports_table[] in 
+            //      mozilla/network/main/mkconect.c
+            //
+            mNetAddress.ipv6.port = PR_htons(port);
 
-        //
-        // Give up the SocketTransport lock.  This allows the DNS thread to call the
-        // nsIDNSListener notifications without blocking...
-        //
-        PR_ExitMonitor(mMonitor);
+            nsCOMPtr<nsIDNSService> pDNSService(do_GetService(kDNSService, &rv));
+            if (NS_FAILED(rv)) return rv;
 
-        rv = pDNSService->Lookup((mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName, 
-                                 this, 
-                                 nsnull, 
-                                 getter_AddRefs(mDNSRequest));
-        //
-        // Aquire the SocketTransport lock again...
-        //
-        PR_EnterMonitor(mMonitor);
+            //
+            // Give up the SocketTransport lock.  This allows the DNS thread to call the
+            // nsIDNSListener notifications without blocking...
+            //
+            PR_ExitMonitor(mMonitor);
 
-        if (NS_SUCCEEDED(rv)) {
+            rv = pDNSService->Lookup(host,
+                                     this, 
+                                     nsnull, 
+                                     getter_AddRefs(mDNSRequest));
             //
-            // The DNS lookup has finished...  It has either failed or succeeded.
+            // Aquire the SocketTransport lock again...
             //
-            if (NS_FAILED(mStatus) || !PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
-                mDNSRequest = 0;
-                rv = mStatus;
-            } 
-            //
-            // The DNS lookup is being processed...  Mark the transport as waiting
-            // until the result is available...
-            //
-            else {
-                SetFlag(eSocketDNS_Wait);
-                rv = NS_BASE_STREAM_WOULD_BLOCK;
+            PR_EnterMonitor(mMonitor);
+
+            if (NS_SUCCEEDED(rv)) {
+                //
+                // The DNS lookup has finished...  It has either failed or succeeded.
+                //
+                if (NS_FAILED(mStatus) || !PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
+                    mDNSRequest = 0;
+                    rv = mStatus;
+                } 
+                //
+                // The DNS lookup is being processed...  Mark the transport as waiting
+                // until the result is available...
+                //
+                else {
+                    SetFlag(eSocketDNS_Wait);
+                    rv = NS_BASE_STREAM_WOULD_BLOCK;
+                }
             }
         }
     }
@@ -1129,7 +1151,7 @@ nsresult nsSocketTransport::CloseConnection()
 
     if (mWasConnected) {
         if (mService)
-            PR_AtomicDecrement(&mService->mConnectedTransports);
+            mService->OnTransportClosed();
         mWasConnected = PR_FALSE;
     }
     

mozilla/netwerk/base/src/nsSocketTransportService.cpp

@@ -31,6 +31,7 @@
 #include "nsString.h"
 #include "nsNetCID.h"
 #include "nsProtocolProxyService.h"
+#include "plstr.h"
 
 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
 static NS_DEFINE_CID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
@@ -165,6 +166,12 @@ nsSocketTransportService::Init(void)
     mThreadRunning = PR_TRUE;
     rv = NS_NewThread(&mThread, this, 0, PR_JOINABLE_THREAD);
   }
+
+  //
+  // Initialize hostname database
+  //
+  PL_DHashTableInit(&mHostDB, &ops, nsnull, sizeof(nsHostEntry), 0);
+
   return rv;
 }
 
@@ -677,6 +684,10 @@ nsSocketTransportService::Shutdown(void)
     
     for (i=0; i<mSelectFDSetCount; i++)
       NS_IF_RELEASE(mActiveTransportList[i]);
+ 
+    // clear the hostname database (NOTE: this runs when the browser
+    // enters the offline state).
+    PL_DHashTableFinish(&mHostDB);
 
   } else {
     rv = NS_ERROR_FAILURE;
@@ -763,3 +774,89 @@ nsSocketTransportService::GetNeckoStringByName (const char *aName, PRUnichar **a
 
 	return res;
 }
+
+//-----------------------------------------------------------------------------
+// hostname database impl
+//-----------------------------------------------------------------------------
+
+PLDHashTableOps nsSocketTransportService::ops =
+{
+    PL_DHashAllocTable,
+    PL_DHashFreeTable,
+    PL_DHashGetKeyStub,
+    PL_DHashStringKey,
+    nsSocketTransportService::MatchEntry,
+    PL_DHashMoveEntryStub,
+    nsSocketTransportService::ClearEntry,
+    PL_DHashFinalizeStub,
+    nsnull
+};
+
+PRBool PR_CALLBACK
+nsSocketTransportService::MatchEntry(PLDHashTable *table,
+                                     const PLDHashEntryHdr *entry,
+                                     const void *key)
+{
+    const nsSocketTransportService::nsHostEntry *he =
+        NS_REINTERPRET_CAST(const nsSocketTransportService::nsHostEntry *, entry);
+
+    return !strcmp(he->host(), (const char *) key);
+}
+
+void PR_CALLBACK
+nsSocketTransportService::ClearEntry(PLDHashTable *table,
+                                     PLDHashEntryHdr *entry)
+{
+    nsSocketTransportService::nsHostEntry *he =
+        NS_REINTERPRET_CAST(nsSocketTransportService::nsHostEntry *, entry);
+
+    PL_strfree((char *) he->key);
+    he->key = nsnull;
+    memset(&he->addr, 0, sizeof(he->addr));
+}
+
+PRBool
+nsSocketTransportService::LookupHost(const char *host, PRIPv6Addr *addr)
+{
+    NS_ASSERTION(host, "null host");
+    NS_ASSERTION(addr, "null addr");
+
+    PLDHashEntryHdr *hdr;
+
+    hdr = PL_DHashTableOperate(&mHostDB, host, PL_DHASH_LOOKUP);
+    if (PL_DHASH_ENTRY_IS_BUSY(hdr)) {
+        // found match
+        nsHostEntry *ent = NS_REINTERPRET_CAST(nsHostEntry *, hdr);
+        memcpy(addr, &ent->addr, sizeof(ent->addr));
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+void
+nsSocketTransportService::OnTransportConnected(const char *host, PRNetAddr *addr)
+{
+    // remember hostname
+
+    PLDHashEntryHdr *hdr;
+
+    hdr = PL_DHashTableOperate(&mHostDB, host, PL_DHASH_ADD);
+    if (!hdr)
+        return;
+
+    NS_ASSERTION(PL_DHASH_ENTRY_IS_BUSY(hdr), "entry not busy");
+
+    nsHostEntry *ent = NS_REINTERPRET_CAST(nsHostEntry *, hdr);
+    if (ent->key == nsnull) {
+        ent->key = (const void *) PL_strdup(host);
+        memcpy(&ent->addr, &addr->ipv6.ip, sizeof(ent->addr));
+    }
+#ifdef DEBUG
+    else {
+        // verify that the existing entry is in fact a perfect match
+        NS_ASSERTION(PL_strcmp(ent->host(), host) == 0, "bad match");
+        NS_ASSERTION(memcmp(&ent->addr, &addr->ipv6.ip, sizeof(ent->addr)) == 0, "bad match");
+    }
+#endif
+}

mozilla/netwerk/base/src/nsSocketTransportService.h

@@ -30,6 +30,8 @@
 #include "nsIInputStream.h"
 #include "nsCOMPtr.h"
 #include "nsIStringBundle.h"
+#include "pldhash.h"
+#include "prio.h"
 
 #if defined(XP_PC) || defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_MAC)
 //
@@ -76,24 +78,54 @@ public:
     
     nsresult AddToSelectList(nsSocketTransport* aTransport);
     nsresult RemoveFromSelectList(nsSocketTransport* aTransport);
-    
-    PRInt32   mConnectedTransports;
-    PRInt32   mTotalTransports;
-    
+   
+    //
+    // LookupHost checks to see if we've previously resolved the hostname
+    // during this session.  We remember all successful connections to prevent
+    // ip-address spoofing.  See bug 149943.
+    //
+    // Returns TRUE if found, and sets |result| to the cached value.
+    //
+    PRBool LookupHost(const char *host, PRIPv6Addr *result);
+
+    void OnTransportCreated()   { PR_AtomicIncrement(&mTotalTransports); }
+    void OnTransportConnected(const char *aHost, PRNetAddr *aAddr);
+    void OnTransportClosed()    { PR_AtomicDecrement(&mConnectedTransports); }
+    void OnTransportDestroyed() { PR_AtomicDecrement(&mTotalTransports); } 
+   
     nsresult  GetNeckoStringByName (const char *aName, PRUnichar **aString);
 
 protected:
-    nsIThread*            mThread;
-    PRFileDesc*           mThreadEvent;
-    PRLock*               mThreadLock;
-    PRBool                mThreadRunning;
+    //
+    // mHostDB maps hostname -> nsHostEntry
+    //
+    struct nsHostEntry : PLDHashEntryStub
+    {
+        PRIPv6Addr  addr;
+        const char *host() const { return (const char *) key; }
+    };
+
+    static PLDHashTableOps ops;
+
+    static PRBool PR_CALLBACK MatchEntry(PLDHashTable *, const PLDHashEntryHdr *, const void *);
+    static void   PR_CALLBACK ClearEntry(PLDHashTable *, PLDHashEntryHdr *);
+
+    nsIThread                     *mThread;
+    PRFileDesc                    *mThreadEvent;
+    PRLock                        *mThreadLock;
+    PRBool                         mThreadRunning;
     
-    PRCList               mWorkQ;
+    PRCList                        mWorkQ;
+
+    PRInt32                        mConnectedTransports;
+    PRInt32                        mTotalTransports;
     
-    PRInt32               mSelectFDSetCount;
-    PRPollDesc*           mSelectFDSet;
-    nsSocketTransport**   mActiveTransportList;
-	nsCOMPtr<nsIStringBundle>   m_stringBundle;
+    PRInt32                        mSelectFDSetCount;
+    PRPollDesc                    *mSelectFDSet;
+    nsSocketTransport            **mActiveTransportList;
+    nsCOMPtr<nsIStringBundle>      m_stringBundle;
+
+    PLDHashTable                   mHostDB;
 };
 
 

mozilla/netwerk/protocol/http/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= necko
 LIBRARY_NAME = nkhttp_s
-REQUIRES	= xpcom string pref nkcache mimetype intl
+REQUIRES	= xpcom string pref nkcache mimetype intl xpconnect js
 
 CPPSRCS		= \
 		nsHttp.cpp \

mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp

@@ -33,6 +33,7 @@
 #include "nsIStringBundle.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIFileStream.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsMimeTypes.h"
 #include "nsNetUtil.h"
 #include "nsString2.h"
@@ -1063,6 +1064,15 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType)
         rv = ioService->NewURI(location, mURI, getter_AddRefs(newURI));
         if (NS_FAILED(rv)) return rv;
 
+        // verify that this is a legal redirect
+        nsCOMPtr<nsIScriptSecurityManager> securityManager = 
+                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+        if (securityManager) {
+            rv = securityManager->CheckLoadURI(mURI, newURI,
+                                               nsIScriptSecurityManager::DISALLOW_FROM_MAIL);
+            if (NS_FAILED(rv)) return rv;
+        }
+
         // move the reference of the old location to the new one if the new
         // one has none.
         nsCOMPtr<nsIURL> newURL = do_QueryInterface(newURI, &rv);

mozilla/uriloader/base/nsDocLoader.cpp

@@ -1253,6 +1253,7 @@ NS_IMETHODIMP nsDocLoaderImpl::OnRedirect(nsIHttpChannel *aOldChannel, nsIChanne
     rv = aNewChannel->GetURI(getter_AddRefs(newURI));
     if (NS_FAILED(rv)) return rv;
 
+#ifdef HTTP_DOESNT_CALL_CHECKLOADURI
     // verify that this is a legal redirect
     nsCOMPtr<nsIScriptSecurityManager> securityManager = 
              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
@@ -1260,6 +1261,7 @@ NS_IMETHODIMP nsDocLoaderImpl::OnRedirect(nsIHttpChannel *aOldChannel, nsIChanne
     rv = securityManager->CheckLoadURI(oldURI, newURI,
                                        nsIScriptSecurityManager::DISALLOW_FROM_MAIL);
     if (NS_FAILED(rv)) return rv;
+#endif
 
     nsLoadFlags loadFlags = 0;
     PRInt32 stateFlags = nsIWebProgressListener::STATE_REDIRECTING |

mozilla/uriloader/exthandler/mac/nsInternetConfigService.cpp

@@ -279,7 +279,7 @@ nsresult nsInternetConfigService::FillMIMEInfoForICEntry(ICMapEntry& entry, nsIM
     
     // convert entry.extension which is a Str255 
     // don't forget to remove the '.' in front of the file extension....
-    nsCAutoString temp((char *)&entry.extension[2], (int)entry.extension[0]-1);
+    nsCAutoString temp((char *)&entry.extension[2], entry.extension[0] > 0 ? (int)entry.extension[0]-1 : 0);
     info->AppendExtension(temp);
     info->SetMacType(entry.fileType);
     info->SetMacCreator(entry.fileCreator);

mozilla/uriloader/exthandler/nsExternalHelperAppService.cpp

@@ -918,8 +918,26 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface( aChannel );
   if ( httpChannel ) 
   {
-    // Turn off content encoding conversions.
-    httpChannel->SetApplyConversion( PR_FALSE );
+    nsXPIDLCString encoding;
+    rv = httpChannel->GetResponseHeader("Content-Encoding", getter_Copies(encoding));
+    if (NS_SUCCEEDED(rv) && encoding && *encoding)
+    {
+      nsCOMPtr<nsIURI> uri;
+      if (NS_SUCCEEDED(aChannel->GetURI(getter_AddRefs(uri))) && uri)
+      {
+        nsCOMPtr<nsIURL> url( do_QueryInterface(uri) );
+        if (url)
+        {
+          nsXPIDLCString ext;
+          if (NS_SUCCEEDED(url->GetFileExtension(getter_Copies(ext))) &&
+              // Turn off content encoding conversions if file extension indicates
+              // a file that should normally be compressed.
+              ((!PL_strcasecmp(encoding, "deflate") && !PL_strcasecmp(ext, "zip")) ||
+               (!PL_strcasecmp(encoding, "gzip") && !PL_strcasecmp(ext, "gz"))))
+            httpChannel->SetApplyConversion( PR_FALSE );
+        }
+      }
+    }
   }
 
   // now that the temp file is set up, find out if we need to invoke a dialog asking the user what

mozilla/view/src/nsViewManager.cpp

@@ -1962,9 +1962,35 @@ NS_IMETHODIMP nsViewManager::DispatchEvent(nsGUIEvent *aEvent, nsEventStatus *aS
 											Refresh(view, ((nsPaintEvent*)aEvent)->renderingContext, &damrect, updateFlags);
 										}
 										else {
-                                            // since we got an NS_PAINT event, we need to
-                                            // draw something so we don't get blank areas.
-                                            DefaultRefresh(view, &damrect);
+                       // since we got an NS_PAINT event, we need to
+                       // draw something so we don't get blank areas.
+                       DefaultRefresh(view, &damrect);
+
+                       // Clients like the editor can trigger multiple
+                       // reflows during what the user perceives as a single
+                       // edit operation, so it disables view manager
+                       // refreshing until the edit operation is complete
+                       // so that users don't see the intermediate steps.
+                       // 
+                       // Unfortunately some of these reflows can trigger
+                       // nsScrollPortView and nsScrollingView Scroll() calls
+                       // which in most cases force an immediate BitBlt and
+                       // synchronous paint to happen even if the view manager's
+                       // refresh is disabled. (Bug 97674)
+                       //
+                       // Calling UpdateView() here, is neccessary to add
+                       // the exposed region specified in the synchronous paint
+                       // event to  the view's damaged region so that it gets
+                       // painted properly when refresh is enabled.
+                       //
+                       // Note that calling UpdateView() here was deemed
+                       // to have the least impact on performance, since the
+                       // other alternative was to make Scroll() post an
+                       // async paint event for the *entire* ScrollPort or
+                       // ScrollingView's viewable area. (See bug 97674 for this
+                       // alternate patch.)
+
+                       UpdateView(view, damrect, NS_VMREFRESH_NO_SYNC);
 											}
 										}
 									}

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_ipf32.s

@@ -1,145 +0,0 @@
-
-// Select C numeric constant
-        .radix  C
-// for 64 bit mode, use .psr abi64
-        .psr    abi32
-// big endian
-        .psr    msb
-// Section has executable code
-        .section .text, "ax","progbits"
-// procedure named 'XPTC_InvokeByIndex'
-        .proc   XPTC_InvokeByIndex
-// manual bundling
-        .explicit
-
-// extern "C" PRUint32
-// invoke_copy_to_stack(uint64_t* d,
-//   const PRUint32 paramCount, nsXPTCVariant* s)
-        .global invoke_copy_to_stack
-//      .exclass  invoke_copy_to_stack, @fullyvisible
-        .type   invoke_copy_to_stack,@function
-
-//      .exclass  XPTC_InvokeByIndex, @fullyvisible
-        .type   XPTC_InvokeByIndex,@function
-
-// XPTC_InvokeByIndex(nsISupports* that, PRUint32 methodIndex,
-//   PRUint32 paramCount, nsXPTCVariant* params);
-XPTC_InvokeByIndex::
-        .prologue
-        .save ar.pfs, r37
-// allocate 4 input args, 6 local args, and 8 output args
-        alloc           r37 = ar.pfs, 4, 6, 8, 0   // M
-        nop.i           0                       ;; // I
-
-// unwind table already knows gp, no need to specify anything
-        add             r39 = 0, gp                // A
-        .save rp, r36
-        mov             r36 = rp                   // I
-        .vframe r38
-        add             r38 = 0, sp             ;; // A
-
-// We first calculate the amount of extra memory stack space required
-// for the arguments, and register storage.
-// We then call invoke_copy_to_stack() to write the argument contents
-// to the specified memory regions.
-// We then copy the integer arguments to integer registers, and floating
-// arguments to float registers.
-// Lastly we load the virtual table jump pointer, and call the target
-// subroutine.
-
-// in0 : that
-// in1 : methodIndex
-// in2 : paramCount
-// in3 : params
-
-// stack frame size is 16 + (8 * even(paramCount)) + 64 + 64
-// 16 byte frame header
-// 8 * even(paramCount) memory argument area
-// 64 bytes integer register area
-// 64 bytes float register area
-// This scheme makes sure stack fram size is a multiple of 16
-
-        .body
-        add             r10 = 8, r0          // A
-// r41 points to float register area
-        add             r41 = -64, sp        // A
-// r40 points to int register area
-        add             r40 = -128, sp    ;; // A
-
-        add             out1 = 0, r40        // A
-        add             out2 = 0, r41        // A
-        tbit.z          p14,p15 = in2,0   ;; // I
-
-// compute 8 * even(paramCount)
-(p14)   shladd          r11 = in2, 3, r0  ;; // A
-(p15)   shladd          r11 = in2, 3, r10 ;; // A
-        sub             out0 = r40, r11   ;; // A
-
-// advance the stack frame
-        add             sp = -16, out0       // A
-        add             out3 = 0, in2        // A
-        add             out4 = 0, in3        // A
-
-// branch to invoke_copy_to_stack
-        br.call.sptk.few rp = invoke_copy_to_stack ;; // B
-
-// restore gp
-        add             gp = 0, r39          // A
-        add             out0 = 0, in0        // A
-
-// load the integer and float registers
-        ld8             out1 = [r40], 8      // M
-        ldfd            f8 = [r41], 8       ;; // M
-
-        ld8             out2 = [r40], 8      // M
-        ldfd            f9 = [r41], 8       ;; // M
-
-        ld8             out3 = [r40], 8      // M
-        ldfd            f10 = [r41], 8      ;; // M
-
-        ld8             out4 = [r40], 8      // M
-        ldfd            f11 = [r41], 8      ;; // M
-
-        ld8             out5 = [r40], 8      // M
-        ldfd            f12 = [r41], 8      ;; // M
-// 16 * methodIndex
-        shladd          r11 = in1, 4, r0     // A
-
-        ld8             out6 = [r40], 8      // M
-        ldfd            f13 = [r41], 8      ;; // M
-
-        ld8             out7 = [r40], 8      // M
-        ldfd            f14 = [r41], 8       // M
-        addp4           r8 = 0, in0       ;; // A
-
-// look up virtual base table and dispatch to target subroutine
-// This section assumes 32 bit pointer mode, and virtual base table
-// layout from the ABI http://www.codesourcery.com/cxx-abi/abi.html
-
-// load base table
-        ld4             r8 = [r8]         ;; // M
-        addp4           r8 = r11, r8      ;; // A
-
- // first entry is jump pointer, second entry is gp
-        addp4           r9 = 8, r8       ;; // A
-// load jump pointer
-        ld8             r8 = [r8]
-
-// load gp
-        ld8             gp = [r9]        ;; // M
-        mov             b6 = r8          ;; // I
-
-// branch to target virtual function
-        br.call.sptk.few rp = b6          ;; // B
-
-// epilog
-        mov             ar.pfs = r37         // I
-        mov             rp = r36          ;; // I
-
-        add             sp = 0, r38          // A
-        add             gp = 0, r39          // A
-        br.ret.sptk.few rp                ;; // B
-
-        .endp
-
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf32.cpp

@@ -1,148 +0,0 @@
-
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- */
-
-#include "xptcprivate.h"
-
-#include <iostream.h>
-
-// "This code is for IA64 only"
-
-
-/* invoke_copy_to_stack() will copy from variant array 's' to
- * the stack argument area 'mloc', the integer register area 'iloc', and
- * the float register area 'floc'.
- *
- */
-extern "C" void
-invoke_copy_to_stack(uint64_t* mloc, uint64_t* iloc, uint64_t* floc,
-  const PRUint32 paramCount, nsXPTCVariant* s)
-{
-  uint64_t* dest = mloc;
-  PRUint32 len = paramCount;
-  nsXPTCVariant* source = s;
-
-  PRUint32 indx;
-  PRUint32 endlen;
-  endlen = (len > 7) ? 7 : len;
-  /* handle the memory arguments */
-  for (indx = 7; indx < len; ++indx)
-  {
-    if (source[indx].IsPtrData())
-    {
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].ptr;
-#else
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].ptr;
-#endif
-    }
-    else
-    switch (source[indx].type)
-    {
-    case nsXPTType::T_I8    : *(dest) = source[indx].val.i8;  break;
-    case nsXPTType::T_I16   : *(dest) = source[indx].val.i16; break;
-    case nsXPTType::T_I32   : *(dest) = source[indx].val.i32; break;
-    case nsXPTType::T_I64   : *(dest) = source[indx].val.i64; break;
-    case nsXPTType::T_U8    : *(dest) = source[indx].val.u8;  break;
-    case nsXPTType::T_U16   : *(dest) = source[indx].val.u16; break;
-    case nsXPTType::T_U32   : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_U64   : *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_FLOAT : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_DOUBLE: *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_BOOL  : *(dest) = source[indx].val.b; break;
-    case nsXPTType::T_CHAR  : *(dest) = source[indx].val.c; break;
-    case nsXPTType::T_WCHAR : *(dest) = source[indx].val.wc; break;
-    default:
-    // all the others are plain pointer types
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].val.p;
-#else
-      {
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].val.p;
-      }
-#endif
-    }
-    ++dest;
-  }
-  /* process register arguments */
-  dest = iloc;
-  for (indx = 0; indx < endlen; ++indx)
-  {
-    if (source[indx].IsPtrData())
-    {
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].ptr;
-#else
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].ptr;
-#endif
-    }
-    else
-    switch (source[indx].type)
-    {
-    case nsXPTType::T_I8    : *(dest) = source[indx].val.i8; break;
-    case nsXPTType::T_I16   : *(dest) = source[indx].val.i16; break;
-    case nsXPTType::T_I32   : *(dest) = source[indx].val.i32; break;
-    case nsXPTType::T_I64   : *(dest) = source[indx].val.i64; break;
-    case nsXPTType::T_U8    : *(dest) = source[indx].val.u8; break;
-    case nsXPTType::T_U16   : *(dest) = source[indx].val.u16; break;
-    case nsXPTType::T_U32   : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_U64   : *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_FLOAT :
-      *((double*) (floc++)) = (double) source[indx].val.f;
-      break;
-    case nsXPTType::T_DOUBLE:
-      *((double*) (floc++)) = source[indx].val.d;
-      break;
-    case nsXPTType::T_BOOL  : *(dest) = source[indx].val.b; break;
-    case nsXPTType::T_CHAR  : *(dest) = source[indx].val.c; break;
-    case nsXPTType::T_WCHAR : *(dest) = source[indx].val.wc; break;
-    default:
-    // all the others are plain pointer types
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].val.p;
-#else
-      {
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].val.p;
-      }
-#endif
-    }
-    ++dest;
-  }
-
-}
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_ipf32.s

@@ -1,124 +0,0 @@
-
-// Select C numeric constant
-        .radix  C
-        .psr    abi32
-        .psr    msb
-// Section has executable code
-        .section .text, "ax","progbits"
-// procedure named 'SharedStub'
-        .proc   SharedStub
-// manual bundling
-        .explicit
-
-        .global PrepareAndDispatch
-//      .exclass  PrepareAndDispatch, @fullyvisible
-        .type   PrepareAndDispatch,@function
-
-SharedStub::
-// 9 arguments, first 8 are the input arguments of previous
-// function call.  The last one is methodIndex, and is passed in memory
-        .prologue
-        .save ar.pfs , r41
-// allocate 8 input args, 4 local args, and 5 output args
-        alloc           r41 = ar.pfs, 8, 4, 5, 0   // M
-        .save rp, r40
-        mov             r40 = rp                   // I
-        nop.i           0                       ;; // I
-
-        .save ar.unat, r42
-        mov             r42 = ar.unat              // M
-        .fframe 144
-        add             sp = -144, sp              // A
-// unwind table already knows gp, don't need to specify anything
-        add             r43 = 0, gp             ;; // A
-
-// We have possible 8 integer registers and 8 float registers that could
-// be arguments.  We also have a stack region from the previous
-// stack frame that may hold some stack arguments.
-// We need to write the integer registers to a memory region, write
-// the float registers to a memory region (making sure we don't step
-// on NAT while touching the registers).  We also mark the memory
-// address of the stack arguments.
-// We then call PrepareAndDispatch() specifying the three memory
-// region pointers.
-
-
-        .body
-        add             out0 = 0, in0        // A  move self ptr
-// 144 bytes = 16 byte stack header + 64 byte int space + 64 byte float space
-// current frame is 144 bytes, previous frame is 112 bytes
-// restarg is at 144 + 112 + 16 bytes away from current sp
-// (current frame + previous frame + previous previous frame header)
-// methodIndex is at 144 + 16 bytes away from current sp
-// (current frame + previous frame header)
-        add             out4 = 192, sp       // A  restarg address
-        add             r11  = 160, sp    ;; // A  address of methodIndex
-
-        ld8             out1 = [r11]         // M  load methodIndex
-// sp + 16 is the start of intargs
-        add             out2 = 16, sp        // A  address of intargs
-// the intargs take up 64 bytes, so sp + 16 + 64 is the start of floatargs
-        add             out3 = 80, sp     ;; // A  address of floatargs
-
-        add             r11 = 0, out2     ;; // A
-        st8.spill       [r11] = in1, 8       // M
-        add             r10 = 0, out3     ;; // A
-
-        st8.spill       [r11] = in2, 8    ;; // M
-        st8.spill       [r11] = in3, 8       // M
-        nop.i           0                 ;; // I
-
-        st8.spill       [r11] = in4, 8    ;; // M
-        st8.spill       [r11] = in5, 8       // M
-        nop.i           0                 ;; // I
-
-        st8.spill       [r11] = in6, 8    ;; // M
-        st8.spill       [r11] = in7          // M
-        fclass.nm       p14,p15 = f8,@nat ;; // F
-
-(p14)   stfd            [r10] = f8, 8        // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 = f9,@nat ;; // F
-
-(p12)   stfd            [r10] = f9, 8        // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f10,@nat ;; // F
-
-(p14)   stfd            [r10] = f10, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f11,@nat ;; // F
-
-(p12)   stfd            [r10] = f11, 8       // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f12,@nat ;; // F
-
-(p14)   stfd            [r10] = f12, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f13,@nat ;; // F
-
-(p12)   stfd            [r10] = f13, 8       // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f14,@nat ;; // F
-
-(p14)   stfd            [r10] = f14, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f15,@nat ;; // F
-
-(p12)   stfd            [r10] = f15, 8       // M
-(p13)   add             r10 = 8, r10         // A
-
-// branch to PrepareAndDispatch
-        br.call.dptk.few rp = PrepareAndDispatch ;; // B
-
-// epilog
-        mov             ar.unat = r42        // M
-        mov             ar.pfs = r41         // I
-        mov             rp = r40          ;; // I
-
-        add             gp = 0, r43          // A
-        add             sp = 144, sp         // A
-        br.ret.dptk.few rp                ;; // B
-
-        .endp
-
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_ipf32.cpp

@@ -1,169 +0,0 @@
-
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- */
-
-
-#include "xptcprivate.h"
-
-#include <stddef.h>
-#include <stdlib.h>
-
-// "This code is for IA64 only"
-
-/* Implement shared vtbl methods. */
-
-extern "C" nsresult
-PrepareAndDispatch(nsXPTCStubBase* self, PRUint32 methodIndex,
-  uint64_t* intargs, uint64_t* floatargs, uint64_t* restargs)
-{
-
-#define PARAM_BUFFER_COUNT     16
-
-  nsXPTCMiniVariant paramBuffer[PARAM_BUFFER_COUNT];
-  nsXPTCMiniVariant* dispatchParams = NULL;
-  nsIInterfaceInfo* iface_info = NULL;
-  const nsXPTMethodInfo* info;
-  nsresult result = NS_ERROR_FAILURE;
-  uint64_t* iargs = intargs;
-  uint64_t* fargs = floatargs;
-  PRUint8 paramCount;
-  PRUint8 i;
-
-  NS_ASSERTION(self,"no self");
-
-  self->GetInterfaceInfo(&iface_info);
-  NS_ASSERTION(iface_info,"no interface info");
-
-  iface_info->GetMethodInfo(PRUint16(methodIndex), &info);
-  NS_ASSERTION(info,"no interface info");
-
-  paramCount = info->GetParamCount();
-
-  // setup variant array pointer
-  if(paramCount > PARAM_BUFFER_COUNT)
-    dispatchParams = new nsXPTCMiniVariant[paramCount];
-  else
-    dispatchParams = paramBuffer;
-  NS_ASSERTION(dispatchParams,"no place for params");
-
-  for(i = 0; i < paramCount; ++i)
-  {
-    int isfloat = 0;
-    const nsXPTParamInfo& param = info->GetParam(i);
-    const nsXPTType& type = param.GetType();
-    nsXPTCMiniVariant* dp = &dispatchParams[i];
-
-    if(param.IsOut() || !type.IsArithmetic())
-    {
-#ifdef __LP64__
-        /* 64 bit pointer mode */
-        dp->val.p = (void*) *iargs;
-#else
-        /* 32 bit pointer mode */
-        uint32_t* adr = (uint32_t*) iargs;
-        dp->val.p = (void*) (*(adr+1));
-#endif
-    }
-    else
-    switch(type)
-    {
-    case nsXPTType::T_I8     : dp->val.i8  = *(iargs); break;
-    case nsXPTType::T_I16    : dp->val.i16 = *(iargs); break;
-    case nsXPTType::T_I32    : dp->val.i32 = *(iargs); break;
-    case nsXPTType::T_I64    : dp->val.i64 = *(iargs); break;
-    case nsXPTType::T_U8     : dp->val.u8  = *(iargs); break;
-    case nsXPTType::T_U16    : dp->val.u16 = *(iargs); break;
-    case nsXPTType::T_U32    : dp->val.u32 = *(iargs); break;
-    case nsXPTType::T_U64    : dp->val.u64 = *(iargs); break;
-    case nsXPTType::T_FLOAT  :
-      isfloat = 1;
-      if (i < 7)
-        dp->val.f = (float) *((double*) fargs); /* register */
-      else
-        dp->val.u32 = *(fargs); /* memory */
-      break;
-    case nsXPTType::T_DOUBLE :
-      isfloat = 1;
-      dp->val.u64 = *(fargs);
-      break;
-    case nsXPTType::T_BOOL   : dp->val.b   = *(iargs); break;
-    case nsXPTType::T_CHAR   : dp->val.c   = *(iargs); break;
-    case nsXPTType::T_WCHAR  : dp->val.wc  = *(iargs); break;
-    default:
-      NS_ASSERTION(0, "bad type");
-      break;
-    }
-    if (i < 7)
-    {
-      /* we are parsing register arguments */
-      if (i == 6)
-      {
-        // run out of register arguments, move on to memory arguments
-        iargs = restargs;
-        fargs = restargs;
-      }
-      else
-      {
-        ++iargs; // advance one integer register slot
-        if (isfloat) ++fargs; // advance float register slot if isfloat
-      }
-    }
-    else
-    {
-      /* we are parsing memory arguments */
-      ++iargs;
-      ++fargs;
-    }
-  }
-
-  result = self->CallMethod((PRUint16) methodIndex, info, dispatchParams);
-
-  NS_RELEASE(iface_info);
-
-  if(dispatchParams != paramBuffer)
-    delete [] dispatchParams;
-
-  return result;
-}
-
-extern "C" int SharedStub(PRUint64,PRUint64,PRUint64,PRUint64,
- PRUint64,PRUint64,PRUint64,PRUint64,PRUint64);
-
-/* Variable a0-a7 were put there so we can have access to the 8 input
-   registers on Stubxyz entry */
-
-#define STUB_ENTRY(n) \
-nsresult nsXPTCStubBase::Stub##n(PRUint64 a1, \
-PRUint64 a2,PRUint64 a3,PRUint64 a4,PRUint64 a5,PRUint64 a6,PRUint64 a7) \
-{ uint64_t a0 = (uint64_t) this; \
- return SharedStub(a0,a1,a2,a3,a4,a5,a6,a7,(PRUint64) n); \
-}
-
-#define SENTINEL_ENTRY(n) \
-nsresult nsXPTCStubBase::Sentinel##n() \
-{ \
-    NS_ASSERTION(0,"nsXPTCStubBase::Sentinel called"); \
-    return NS_ERROR_NOT_IMPLEMENTED; \
-}
-
-#include "xptcstubsdef.inc"
-

mozilla/xpfe/appshell/src/nsInternetConfigService.cpp

@@ -279,7 +279,7 @@ nsresult nsInternetConfigService::FillMIMEInfoForICEntry(ICMapEntry& entry, nsIM
     
     // convert entry.extension which is a Str255 
     // don't forget to remove the '.' in front of the file extension....
-    nsCAutoString temp((char *)&entry.extension[2], (int)entry.extension[0]-1);
+    nsCAutoString temp((char *)&entry.extension[2], entry.extension[0] > 0 ? (int)entry.extension[0]-1 : 0);
     info->AppendExtension(temp);
     info->SetMacType(entry.fileType);
     info->SetMacCreator(entry.fileCreator);

mozilla/xpfe/components/shistory/public/nsISHistoryInternal.idl

@@ -56,4 +56,11 @@ interface nsISHistoryInternal: nsISupports
    */
    attribute nsIDocShell rootDocShell;
 
+    /**
+     * Replace the nsISHEntry at a particular index
+     * @param aIndex - The index at which the entry shoud be replaced
+     * @param aReplaceEntry - The replacement entry for the index.
+     */
+     void replaceEntry(in long aIndex, in nsISHEntry aReplaceEntry);
+
 };

mozilla/xpfe/components/shistory/src/nsSHistory.cpp

@@ -405,6 +405,31 @@ nsSHistory::RemoveSHistoryListener(nsISHistoryListener * aListener)
   return NS_OK;
 }
 
+
+/* Replace an entry in the History list at a particular index.
+ * Do not update index or count.
+ */
+NS_IMETHODIMP
+nsSHistory::ReplaceEntry(PRInt32 aIndex, nsISHEntry * aReplaceEntry)
+{
+  NS_ENSURE_ARG(aReplaceEntry);
+  nsresult rv;
+  nsCOMPtr<nsISHTransaction> currentTxn;
+
+  if (!mListRoot) // Session History is not initialised.
+    return NS_ERROR_FAILURE;
+
+  rv = GetTransactionAtIndex(aIndex, getter_AddRefs(currentTxn));
+
+  if(currentTxn)
+  {
+    // Set the replacement entry in the transaction
+    rv = currentTxn->SetSHEntry(aReplaceEntry);
+    rv = currentTxn->SetPersist(PR_TRUE);
+  }
+  return rv;
+}
+
 //*****************************************************************************
 //    nsSHistory: nsIWebNavigation
 //*****************************************************************************