Search
j0ke.net Open Build Service
>
Projects
>
mozilla
>
MozillaFirefox
> gecko-lockdown.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File gecko-lockdown.patch of Package MozillaFirefox
Index: extensions/cookie/nsCookiePermission.cpp ================================================================================ --- extensions/cookie/nsCookiePermission.cpp +++ extensions/cookie/nsCookiePermission.cpp @@ -83,6 +83,7 @@ // obsolete pref names for migration static const char kCookiesLifetimeEnabled[] = "network.cookie.lifetime.enabled"; static const char kCookiesLifetimeBehavior[] = "network.cookie.lifetime.behavior"; +static const char kCookiesHonorExceptions[] = "network.cookie.honorExceptions"; static const char kCookiesAskPermission[] = "network.cookie.warnAboutCookies"; static const char kPermissionType[] = "cookie"; @@ -126,6 +127,7 @@ prefBranch->AddObserver(kCookiesLifetimePolicy, this, PR_FALSE); prefBranch->AddObserver(kCookiesLifetimeDays, this, PR_FALSE); prefBranch->AddObserver(kCookiesAlwaysAcceptSession, this, PR_FALSE); + prefBranch->AddObserver(kCookiesHonorExceptions, this, PR_FALSE); #ifdef MOZ_MAIL_NEWS prefBranch->AddObserver(kCookiesDisabledForMailNews, this, PR_FALSE); #endif @@ -182,6 +184,10 @@ if (PREF_CHANGED(kCookiesAlwaysAcceptSession) && NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesAlwaysAcceptSession, &val))) mCookiesAlwaysAcceptSession = val; + + if (PREF_CHANGED(kCookiesHonorExceptions) && + NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesHonorExceptions, &val))) + mCookiesHonorExceptions = val; #ifdef MOZ_MAIL_NEWS if (PREF_CHANGED(kCookiesDisabledForMailNews) && @@ -249,6 +255,11 @@ #endif // MOZ_MAIL_NEWS // finally, check with permission manager... + if (!mCookiesHonorExceptions) { + *aResult = ACCESS_DEFAULT; + return NS_OK; + } + nsresult rv = mPermMgr->TestPermission(aURI, kPermissionType, (PRUint32 *) aResult); if (NS_SUCCEEDED(rv)) { switch (*aResult) { --- extensions/cookie/nsCookiePermission.h +++ extensions/cookie/nsCookiePermission.h @@ -58,10 +58,11 @@ nsCookiePermission() : mCookiesLifetimeSec(LL_MAXINT) , mCookiesLifetimePolicy(0) // ACCEPT_NORMALLY - , mCookiesAlwaysAcceptSession(PR_FALSE) + , mCookiesAlwaysAcceptSession(PR_FALSE), #ifdef MOZ_MAIL_NEWS - , mCookiesDisabledForMailNews(PR_TRUE) + , mCookiesDisabledForMailNews(PR_TRUE), #endif + mCookiesHonorExceptions(PR_TRUE) {} virtual ~nsCookiePermission() {} @@ -77,7 +78,7 @@ #ifdef MOZ_MAIL_NEWS PRPackedBool mCookiesDisabledForMailNews; #endif - + PRPackedBool mCookiesHonorExceptions; }; // {CE002B28-92B7-4701-8621-CC925866FB87} --- extensions/permissions/nsContentBlocker.cpp +++ extensions/permissions/nsContentBlocker.cpp @@ -74,6 +74,7 @@ nsContentBlocker::nsContentBlocker() { memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES); + memset(mHonorExceptions, PR_TRUE, NUMBER_OF_TYPES); } nsresult @@ -90,6 +91,11 @@ rv = prefService->GetBranch("permissions.default.", getter_AddRefs(prefBranch)); NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIPrefBranch> honorExceptionsPrefBranch; + rv = prefService->GetBranch("permissions.honorExceptions.", + getter_AddRefs(honorExceptionsPrefBranch)); + NS_ENSURE_SUCCESS(rv, rv); + // Migrate old image blocker pref nsCOMPtr<nsIPrefBranch> oldPrefBranch; oldPrefBranch = do_QueryInterface(prefService); @@ -119,8 +125,15 @@ mPrefBranchInternal = do_QueryInterface(prefBranch, &rv); NS_ENSURE_SUCCESS(rv, rv); + mHonorExceptionsPrefBranchInternal = + do_QueryInterface(honorExceptionsPrefBranch, &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = mPrefBranchInternal->AddObserver("", this, PR_TRUE); - PrefChanged(prefBranch, nsnull); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mHonorExceptionsPrefBranchInternal->AddObserver("", this, PR_TRUE); + PrefChanged(nsnull); return rv; } @@ -129,19 +142,22 @@ #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default)) void -nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch, - const char *aPref) +nsContentBlocker::PrefChanged(const char *aPref) { - PRInt32 val; - -#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P)) - - for(PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { - if (PREF_CHANGED(kTypeString[i]) && - NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val))) - mBehaviorPref[i] = LIMIT(val, 1, 3, 1); + for (PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { + if (!aPref || !strcmp(kTypeString[i], aPref)) { + PRInt32 val; + PRBool b; + if (mPrefBranchInternal && + NS_SUCCEEDED(mPrefBranchInternal->GetIntPref(kTypeString[i], &val))) { + mBehaviorPref[i] = LIMIT(val, 1, 3, 1); + } + if (mHonorExceptionsPrefBranchInternal && + NS_SUCCEEDED(mHonorExceptionsPrefBranchInternal->GetBoolPref(kTypeString[i], &b))) { + mHonorExceptions[i] = b; + } + } } - } // nsIContentPolicy Implementation @@ -234,11 +250,13 @@ // default prefs. // Don't forget the aContentType ranges from 1..8, while the // array is indexed 0..7 - PRUint32 permission; - nsresult rv = mPermissionManager->TestPermission(aCurrentURI, - kTypeString[aContentType - 1], - &permission); - NS_ENSURE_SUCCESS(rv, rv); + PRUint32 permission = 0; + if (mHonorExceptions[aContentType - 1]) { + nsresult rv = mPermissionManager->TestPermission(aCurrentURI, + kTypeString[aContentType - 1], + &permission); + NS_ENSURE_SUCCESS(rv, rv); + } // If there is nothing on the list, use the default. if (!permission) { @@ -264,7 +282,7 @@ return NS_OK; PRBool trustedSource = PR_FALSE; - rv = aFirstURI->SchemeIs("chrome", &trustedSource); + nsresult rv = aFirstURI->SchemeIs("chrome", &trustedSource); NS_ENSURE_SUCCESS(rv,rv); if (!trustedSource) { rv = aFirstURI->SchemeIs("resource", &trustedSource); @@ -329,8 +347,6 @@ { NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic), "unexpected topic - we only deal with pref changes!"); - - if (mPrefBranchInternal) - PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get()); + PrefChanged(NS_LossyConvertUTF16toASCII(aData).get()); return NS_OK; } --- extensions/permissions/nsContentBlocker.h +++ extensions/permissions/nsContentBlocker.h @@ -66,7 +66,7 @@ private: ~nsContentBlocker() {} - void PrefChanged(nsIPrefBranch *, const char *); + void PrefChanged(const char *); nsresult TestPermission(nsIURI *aCurrentURI, nsIURI *aFirstURI, PRInt32 aContentType, @@ -75,7 +75,9 @@ nsCOMPtr<nsIPermissionManager> mPermissionManager; nsCOMPtr<nsIPrefBranch2> mPrefBranchInternal; + nsCOMPtr<nsIPrefBranch2> mHonorExceptionsPrefBranchInternal; PRUint8 mBehaviorPref[NUMBER_OF_TYPES]; + PRPackedBool mHonorExceptions[NUMBER_OF_TYPES]; }; #define NS_CONTENTBLOCKER_CID \ --- modules/libpref/src/init/all.js +++ modules/libpref/src/init/all.js @@ -716,6 +716,7 @@ pref("network.hosts.nntp_server", "news.mozilla.org"); pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign +pref("permissions.honorExceptions.image", true); pref("network.image.warnAboutImages", false); pref("network.proxy.type", 0); pref("network.proxy.ftp", ""); @@ -734,6 +735,7 @@ pref("network.proxy.failover_timeout", 1800); // 30 minutes pref("network.online", true); //online/offline pref("network.cookie.cookieBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p +pref("network.cookie.honorExceptions", true); pref("network.cookie.disableCookieForMailNews", true); // disable all cookies for mail pref("network.cookie.lifetimePolicy", 0); // accept normally, 1-askBeforeAccepting, 2-acceptForSession,3-acceptForNDays pref("network.cookie.alwaysAcceptSessionCookies", false); --- netwerk/base/src/nsIOService.cpp +++ netwerk/base/src/nsIOService.cpp @@ -371,6 +371,16 @@ nsCOMPtr<nsIPrefBranch2> prefBranch; GetPrefBranch(getter_AddRefs(prefBranch)); if (prefBranch) { + nsCAutoString protocolBlockedPref("network.protocol-handler.blocked."); + protocolBlockedPref += scheme; + PRBool blockedProtocol = PR_FALSE; + rv = prefBranch->GetBoolPref(protocolBlockedPref.get(), &blockedProtocol); + if (NS_FAILED(rv)) { + rv = prefBranch->GetBoolPref("network.protocol-handler.blocked-default", &blockedProtocol); + } + if (NS_SUCCEEDED(rv) && blockedProtocol) + return NS_ERROR_UNKNOWN_PROTOCOL; + nsCAutoString externalProtocolPref("network.protocol-handler.external."); externalProtocolPref += scheme; rv = prefBranch->GetBoolPref(externalProtocolPref.get(), &externalProtocol); --- widget/src/gtk2/nsWindow.cpp +++ widget/src/gtk2/nsWindow.cpp @@ -64,6 +64,7 @@ #include "nsIPrefBranch.h" #include "nsIServiceManager.h" #include "nsGfxCIID.h" +#include "nsIPrefService.h" #ifdef ACCESSIBILITY #include "nsPIAccessNode.h" @@ -73,7 +74,6 @@ #include "stdlib.h" static PRBool sAccessibilityChecked = PR_FALSE; static PRBool sAccessibilityEnabled = PR_FALSE; -static const char sSysPrefService [] = "@mozilla.org/system-preference-service;1"; static const char sAccEnv [] = "GNOME_ACCESSIBILITY"; static const char sAccessibilityKey [] = "config.use_system_prefs.accessibility"; #endif @@ -2644,18 +2644,18 @@ sAccessibilityEnabled = atoi(envValue); LOG(("Accessibility Env %s=%s\n", sAccEnv, envValue)); } - //check gconf-2 setting + //check preference setting else { - nsCOMPtr<nsIPrefBranch> sysPrefService = - do_GetService(sSysPrefService, &rv); - if (NS_SUCCEEDED(rv) && sysPrefService) { - - // do the work to get gconf setting. - // will be done soon later. - sysPrefService->GetBoolPref(sAccessibilityKey, + nsCOMPtr<nsIPrefService> prefService = + do_GetService(NS_PREFSERVICE_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv) && prefService) { + nsCOMPtr<nsIPrefBranch> prefBranch; + rv = prefService->GetBranch(nsnull, getter_AddRefs(prefBranch)); + if (NS_SUCCEEDED(rv) && prefBranch) { + prefBranch->GetBoolPref(sAccessibilityKey, &sAccessibilityEnabled); + } } - } } if (sAccessibilityEnabled) { --- xpinstall/src/nsXPInstallManager.cpp +++ xpinstall/src/nsXPInstallManager.cpp @@ -285,6 +285,7 @@ //----------------------------------------------------- // Get permission to install //----------------------------------------------------- + nsCOMPtr<nsIPrefBranch> pref(do_GetService(NS_PREFSERVICE_CONTRACTID)); #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI if ( mChromeType == CHROME_SKIN ) @@ -294,7 +295,11 @@ // skins get a simpler/friendlier dialog // XXX currently not embeddable - OKtoInstall = ConfirmChromeInstall( mParentWindow, packageList ); + PRBool themesDisabled = PR_FALSE; + if (pref) + pref->GetBoolPref("config.lockdown.disable_themes", &themesDisabled); + OKtoInstall = !themesDisabled && + ConfirmChromeInstall( mParentWindow, packageList ); } else { @@ -304,12 +304,17 @@ nsXPInstallManager::InitManagerInternal( else { #endif - rv = dlgSvc->ConfirmInstall( mParentWindow, - packageList, - numStrings, - &OKtoInstall ); - if (NS_FAILED(rv)) - OKtoInstall = PR_FALSE; + PRBool extensionsDisabled = PR_FALSE; + if (pref) + pref->GetBoolPref("config.lockdown.disable_extensions", &extensionsDisabled); + if (!extensionsDisabled) { + rv = dlgSvc->ConfirmInstall( mParentWindow, + packageList, + numStrings, + &OKtoInstall ); + if (NS_FAILED(rv)) + OKtoInstall = PR_FALSE; + } #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI } #endif