Loading content/base/public/nsContentUtils.h +2 −3 Original line number Diff line number Diff line Loading @@ -232,10 +232,9 @@ public: static bool IsCallerTrustedForWrite(); /** * Check whether a caller is trusted to have aCapability. This also * checks for UniversalXPConnect in addition to aCapability. * Check whether a caller has UniversalXPConnect. */ static bool IsCallerTrustedForCapability(const char* aCapability); static bool CallerHasUniversalXPConnect(); static bool IsImageSrcSetDisabled(); Loading content/base/src/nsContentUtils.cpp +6 −20 Original line number Diff line number Diff line Loading @@ -1148,16 +1148,9 @@ nsContentUtils::Shutdown() // static bool nsContentUtils::IsCallerTrustedForCapability(const char* aCapability) nsContentUtils::CallerHasUniversalXPConnect() { // The secman really should handle UniversalXPConnect case, since that // should include UniversalBrowserRead... doesn't right now, though. bool hasCap; if (NS_FAILED(sSecurityManager->IsCapabilityEnabled(aCapability, &hasCap))) return false; if (hasCap) return true; if (NS_FAILED(sSecurityManager->IsCapabilityEnabled("UniversalXPConnect", &hasCap))) return false; Loading Loading @@ -1228,15 +1221,8 @@ nsContentUtils::CanCallerAccess(nsIPrincipal* aSubjectPrincipal, } // The subject doesn't subsume aPrincipal. Allow access only if the subject // has either "UniversalXPConnect" (if aPrincipal is system principal) or // "UniversalBrowserRead" (in all other cases). bool isSystem; rv = sSecurityManager->IsSystemPrincipal(aPrincipal, &isSystem); isSystem = NS_FAILED(rv) || isSystem; const char* capability = NS_FAILED(rv) || isSystem ? "UniversalXPConnect" : "UniversalBrowserRead"; return IsCallerTrustedForCapability(capability); // has UniversalXPConnect. return CallerHasUniversalXPConnect(); } // static Loading Loading @@ -1469,13 +1455,13 @@ nsContentUtils::IsCallerChrome() bool nsContentUtils::IsCallerTrustedForRead() { return IsCallerTrustedForCapability("UniversalBrowserRead"); return CallerHasUniversalXPConnect(); } bool nsContentUtils::IsCallerTrustedForWrite() { return IsCallerTrustedForCapability("UniversalBrowserWrite"); return CallerHasUniversalXPConnect(); } bool Loading content/base/src/nsDOMFile.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -165,12 +165,12 @@ nsDOMFileBase::GetMozFullPath(nsAString &aFileName) { NS_ASSERTION(mIsFile, "Should only be called on files"); // It is unsafe to call IsCallerTrustedForCapability on a non-main thread. If // It is unsafe to call CallerHasUniversalXPConnect on a non-main thread. If // you hit the following assertion you need to figure out some other way to // determine privileges and call GetMozFullPathInternal. NS_ASSERTION(NS_IsMainThread(), "Wrong thread!"); if (nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) { if (nsContentUtils::CallerHasUniversalXPConnect()) { return GetMozFullPathInternal(aFileName); } aFileName.Truncate(); Loading content/base/src/nsXMLHttpRequest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -2749,10 +2749,10 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header, } // Prevent modification to certain HTTP headers (see bug 302263), unless // the executing script has UniversalBrowserWrite permission. // the executing script has UniversalXPConnect. bool privileged; rv = IsCapabilityEnabled("UniversalBrowserWrite", &privileged); rv = IsCapabilityEnabled("UniversalXPConnect", &privileged); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; Loading content/events/public/nsEventDispatcher.h +1 −1 Original line number Diff line number Diff line Loading @@ -255,7 +255,7 @@ public: * Dispatches an event. * If aDOMEvent is not nsnull, it is used for dispatching * (aEvent can then be nsnull) and (if aDOMEvent is not |trusted| already), * the |trusted| flag is set based on the UniversalBrowserWrite capability. * the |trusted| flag is set based on the UniversalXPConnect capability. * Otherwise this works like nsEventDispatcher::Dispatch. * @note Use this method when dispatching nsIDOMEvent. */ Loading Loading
content/base/public/nsContentUtils.h +2 −3 Original line number Diff line number Diff line Loading @@ -232,10 +232,9 @@ public: static bool IsCallerTrustedForWrite(); /** * Check whether a caller is trusted to have aCapability. This also * checks for UniversalXPConnect in addition to aCapability. * Check whether a caller has UniversalXPConnect. */ static bool IsCallerTrustedForCapability(const char* aCapability); static bool CallerHasUniversalXPConnect(); static bool IsImageSrcSetDisabled(); Loading
content/base/src/nsContentUtils.cpp +6 −20 Original line number Diff line number Diff line Loading @@ -1148,16 +1148,9 @@ nsContentUtils::Shutdown() // static bool nsContentUtils::IsCallerTrustedForCapability(const char* aCapability) nsContentUtils::CallerHasUniversalXPConnect() { // The secman really should handle UniversalXPConnect case, since that // should include UniversalBrowserRead... doesn't right now, though. bool hasCap; if (NS_FAILED(sSecurityManager->IsCapabilityEnabled(aCapability, &hasCap))) return false; if (hasCap) return true; if (NS_FAILED(sSecurityManager->IsCapabilityEnabled("UniversalXPConnect", &hasCap))) return false; Loading Loading @@ -1228,15 +1221,8 @@ nsContentUtils::CanCallerAccess(nsIPrincipal* aSubjectPrincipal, } // The subject doesn't subsume aPrincipal. Allow access only if the subject // has either "UniversalXPConnect" (if aPrincipal is system principal) or // "UniversalBrowserRead" (in all other cases). bool isSystem; rv = sSecurityManager->IsSystemPrincipal(aPrincipal, &isSystem); isSystem = NS_FAILED(rv) || isSystem; const char* capability = NS_FAILED(rv) || isSystem ? "UniversalXPConnect" : "UniversalBrowserRead"; return IsCallerTrustedForCapability(capability); // has UniversalXPConnect. return CallerHasUniversalXPConnect(); } // static Loading Loading @@ -1469,13 +1455,13 @@ nsContentUtils::IsCallerChrome() bool nsContentUtils::IsCallerTrustedForRead() { return IsCallerTrustedForCapability("UniversalBrowserRead"); return CallerHasUniversalXPConnect(); } bool nsContentUtils::IsCallerTrustedForWrite() { return IsCallerTrustedForCapability("UniversalBrowserWrite"); return CallerHasUniversalXPConnect(); } bool Loading
content/base/src/nsDOMFile.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -165,12 +165,12 @@ nsDOMFileBase::GetMozFullPath(nsAString &aFileName) { NS_ASSERTION(mIsFile, "Should only be called on files"); // It is unsafe to call IsCallerTrustedForCapability on a non-main thread. If // It is unsafe to call CallerHasUniversalXPConnect on a non-main thread. If // you hit the following assertion you need to figure out some other way to // determine privileges and call GetMozFullPathInternal. NS_ASSERTION(NS_IsMainThread(), "Wrong thread!"); if (nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) { if (nsContentUtils::CallerHasUniversalXPConnect()) { return GetMozFullPathInternal(aFileName); } aFileName.Truncate(); Loading
content/base/src/nsXMLHttpRequest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -2749,10 +2749,10 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header, } // Prevent modification to certain HTTP headers (see bug 302263), unless // the executing script has UniversalBrowserWrite permission. // the executing script has UniversalXPConnect. bool privileged; rv = IsCapabilityEnabled("UniversalBrowserWrite", &privileged); rv = IsCapabilityEnabled("UniversalXPConnect", &privileged); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; Loading
content/events/public/nsEventDispatcher.h +1 −1 Original line number Diff line number Diff line Loading @@ -255,7 +255,7 @@ public: * Dispatches an event. * If aDOMEvent is not nsnull, it is used for dispatching * (aEvent can then be nsnull) and (if aDOMEvent is not |trusted| already), * the |trusted| flag is set based on the UniversalBrowserWrite capability. * the |trusted| flag is set based on the UniversalXPConnect capability. * Otherwise this works like nsEventDispatcher::Dispatch. * @note Use this method when dispatching nsIDOMEvent. */ Loading
