rpm/MozillaFirefox
SHA256
1
0
Fork 0
forked from pool/MozillaFirefox
Code Pull Requests Activity
1788cb48d7
MozillaFirefox/gecko-lockdown.patch

342 lines
14 KiB
Diff
Raw Blame History

diff --git a/mozilla/extensions/cookie/nsCookiePermission.cpp b/mozilla/extensions/cookie/nsCookiePermission.cpp
index 0f8a64f..985d27a 100644
--- a/mozilla/extensions/cookie/nsCookiePermission.cpp
+++ b/mozilla/extensions/cookie/nsCookiePermission.cpp
@@ -85,6 +85,7 @@ static const char kCookiesPrefsMigrated[] = "network.cookie.prefsMigrated";
// obsolete pref names for migration
static const char kCookiesLifetimeEnabled[] = "network.cookie.lifetime.enabled";
static const char kCookiesLifetimeBehavior[] = "network.cookie.lifetime.behavior";
+static const char kCookiesHonorExceptions[] = "network.cookie.honorExceptions";
static const char kCookiesAskPermission[] = "network.cookie.warnAboutCookies";
static const char kPermissionType[] = "cookie";
@@ -123,6 +124,7 @@ nsCookiePermission::Init()
prefBranch->AddObserver(kCookiesLifetimePolicy, this, PR_FALSE);
prefBranch->AddObserver(kCookiesLifetimeDays, this, PR_FALSE);
prefBranch->AddObserver(kCookiesAlwaysAcceptSession, this, PR_FALSE);
+ prefBranch->AddObserver(kCookiesHonorExceptions, this, PR_FALSE);
#ifdef MOZ_MAIL_NEWS
prefBranch->AddObserver(kCookiesDisabledForMailNews, this, PR_FALSE);
#endif
@@ -179,6 +181,10 @@ nsCookiePermission::PrefChanged(nsIPrefBranch *aPrefBranch,
if (PREF_CHANGED(kCookiesAlwaysAcceptSession) &&
NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesAlwaysAcceptSession, &val)))
mCookiesAlwaysAcceptSession = val;
+
+ if (PREF_CHANGED(kCookiesHonorExceptions) &&
+ NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesHonorExceptions, &val)))
+ mCookiesHonorExceptions = val;
#ifdef MOZ_MAIL_NEWS
if (PREF_CHANGED(kCookiesDisabledForMailNews) &&
@@ -244,6 +250,11 @@ nsCookiePermission::CanAccess(nsIURI *aURI,
#endif // MOZ_MAIL_NEWS
// finally, check with permission manager...
+ if (!mCookiesHonorExceptions) {
+ *aResult = ACCESS_DEFAULT;
+ return NS_OK;
+ }
+
nsresult rv = mPermMgr->TestPermission(aURI, kPermissionType, (PRUint32 *) aResult);
if (NS_SUCCEEDED(rv)) {
switch (*aResult) {
diff --git a/mozilla/extensions/cookie/nsCookiePermission.h b/mozilla/extensions/cookie/nsCookiePermission.h
index 2be46ba..753b731 100644
--- a/mozilla/extensions/cookie/nsCookiePermission.h
+++ b/mozilla/extensions/cookie/nsCookiePermission.h
@@ -57,10 +57,11 @@ public:
nsCookiePermission()
: mCookiesLifetimeSec(LL_MAXINT)
, mCookiesLifetimePolicy(0) // ACCEPT_NORMALLY
- , mCookiesAlwaysAcceptSession(PR_FALSE)
+ , mCookiesAlwaysAcceptSession(PR_FALSE),
#ifdef MOZ_MAIL_NEWS
- , mCookiesDisabledForMailNews(PR_TRUE)
+ , mCookiesDisabledForMailNews(PR_TRUE),
#endif
+ mCookiesHonorExceptions(PR_TRUE)
{}
virtual ~nsCookiePermission() {}
@@ -76,7 +77,7 @@ private:
#ifdef MOZ_MAIL_NEWS
PRPackedBool mCookiesDisabledForMailNews;
#endif
-
+ PRPackedBool mCookiesHonorExceptions;
};
// {EF565D0A-AB9A-4A13-9160-0644CDFD859A}
diff --git a/mozilla/extensions/permissions/nsContentBlocker.cpp b/mozilla/extensions/permissions/nsContentBlocker.cpp
index d9b5ad4..c7a0e28 100644
--- a/mozilla/extensions/permissions/nsContentBlocker.cpp
+++ b/mozilla/extensions/permissions/nsContentBlocker.cpp
@@ -76,6 +76,7 @@ NS_IMPL_ISUPPORTS3(nsContentBlocker,
nsContentBlocker::nsContentBlocker()
{
memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES);
+ memset(mHonorExceptions, PR_TRUE, NUMBER_OF_TYPES);
}
nsresult
@@ -92,6 +93,11 @@ nsContentBlocker::Init()
rv = prefService->GetBranch("permissions.default.", getter_AddRefs(prefBranch));
NS_ENSURE_SUCCESS(rv, rv);
+ nsCOMPtr<nsIPrefBranch> honorExceptionsPrefBranch;
+ rv = prefService->GetBranch("permissions.honorExceptions.",
+ getter_AddRefs(honorExceptionsPrefBranch));
+ NS_ENSURE_SUCCESS(rv, rv);
+
// Migrate old image blocker pref
nsCOMPtr<nsIPrefBranch> oldPrefBranch;
oldPrefBranch = do_QueryInterface(prefService);
@@ -121,8 +127,15 @@ nsContentBlocker::Init()
mPrefBranchInternal = do_QueryInterface(prefBranch, &rv);
NS_ENSURE_SUCCESS(rv, rv);
+ mHonorExceptionsPrefBranchInternal =
+ do_QueryInterface(honorExceptionsPrefBranch, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
rv = mPrefBranchInternal->AddObserver("", this, PR_TRUE);
- PrefChanged(prefBranch, nsnull);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = mHonorExceptionsPrefBranchInternal->AddObserver("", this, PR_TRUE);
+ PrefChanged(nsnull);
return rv;
}
@@ -131,19 +144,22 @@ nsContentBlocker::Init()
#define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default))
void
-nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch,
- const char *aPref)
+nsContentBlocker::PrefChanged(const char *aPref)
{
- PRInt32 val;
-
-#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P))
-
- for(PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) {
- if (PREF_CHANGED(kTypeString[i]) &&
- NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val)))
- mBehaviorPref[i] = LIMIT(val, 1, 3, 1);
+ for (PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) {
+ if (!aPref || !strcmp(kTypeString[i], aPref)) {
+ PRInt32 val;
+ PRBool b;
+ if (mPrefBranchInternal &&
+ NS_SUCCEEDED(mPrefBranchInternal->GetIntPref(kTypeString[i], &val))) {
+ mBehaviorPref[i] = LIMIT(val, 1, 3, 1);
+ }
+ if (mHonorExceptionsPrefBranchInternal &&
+ NS_SUCCEEDED(mHonorExceptionsPrefBranchInternal->GetBoolPref(kTypeString[i], &b))) {
+ mHonorExceptions[i] = b;
+ }
+ }
}
-
}
// nsIContentPolicy Implementation
@@ -268,11 +284,13 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI,
// default prefs.
// Don't forget the aContentType ranges from 1..8, while the
// array is indexed 0..7
- PRUint32 permission;
- nsresult rv = mPermissionManager->TestPermission(aCurrentURI,
- kTypeString[aContentType - 1],
- &permission);
- NS_ENSURE_SUCCESS(rv, rv);
+ PRUint32 permission = 0;
+ if (mHonorExceptions[aContentType - 1]) {
+ nsresult rv = mPermissionManager->TestPermission(aCurrentURI,
+ kTypeString[aContentType - 1],
+ &permission);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
// If there is nothing on the list, use the default.
if (!permission) {
@@ -298,7 +316,7 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI,
return NS_OK;
PRBool trustedSource = PR_FALSE;
- rv = aFirstURI->SchemeIs("chrome", &trustedSource);
+ nsresult rv = aFirstURI->SchemeIs("chrome", &trustedSource);
NS_ENSURE_SUCCESS(rv,rv);
if (!trustedSource) {
rv = aFirstURI->SchemeIs("resource", &trustedSource);
@@ -363,8 +381,6 @@ nsContentBlocker::Observe(nsISupports *aSubject,
{
NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic),
"unexpected topic - we only deal with pref changes!");
-
- if (mPrefBranchInternal)
- PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get());
+ PrefChanged(NS_LossyConvertUTF16toASCII(aData).get());
return NS_OK;
}
diff --git a/mozilla/extensions/permissions/nsContentBlocker.h b/mozilla/extensions/permissions/nsContentBlocker.h
index d48eeb5..07779ff 100644
--- a/mozilla/extensions/permissions/nsContentBlocker.h
+++ b/mozilla/extensions/permissions/nsContentBlocker.h
@@ -66,7 +66,7 @@ public:
private:
~nsContentBlocker() {}
- void PrefChanged(nsIPrefBranch *, const char *);
+ void PrefChanged(const char *);
nsresult TestPermission(nsIURI *aCurrentURI,
nsIURI *aFirstURI,
PRInt32 aContentType,
@@ -75,7 +75,9 @@ private:
nsCOMPtr<nsIPermissionManager> mPermissionManager;
nsCOMPtr<nsIPrefBranch2> mPrefBranchInternal;
+ nsCOMPtr<nsIPrefBranch2> mHonorExceptionsPrefBranchInternal;
PRUint8 mBehaviorPref[NUMBER_OF_TYPES];
+ PRPackedBool mHonorExceptions[NUMBER_OF_TYPES];
};
#define NS_CONTENTBLOCKER_CID \
diff --git a/mozilla/modules/libpref/src/init/all.js b/mozilla/modules/libpref/src/init/all.js
index cd27953..f200124 100644
--- a/mozilla/modules/libpref/src/init/all.js
+++ b/mozilla/modules/libpref/src/init/all.js
@@ -785,6 +785,7 @@ pref("network.ntlm.send-lm-response", false);
pref("network.hosts.nntp_server", "news.mozilla.org");
pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign
+pref("permissions.honorExceptions.image", true);
#ifndef XP_MACOSX
#ifdef XP_UNIX
@@ -812,6 +813,7 @@ pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
pref("network.proxy.failover_timeout", 1800); // 30 minutes
pref("network.online", true); //online/offline
pref("network.cookie.cookieBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
+pref("network.cookie.honorExceptions", true);
pref("network.cookie.disableCookieForMailNews", true); // disable all cookies for mail
pref("network.cookie.lifetimePolicy", 0); // accept normally, 1-askBeforeAccepting, 2-acceptForSession,3-acceptForNDays
pref("network.cookie.alwaysAcceptSessionCookies", false);
diff --git a/mozilla/netwerk/base/src/nsIOService.cpp b/mozilla/netwerk/base/src/nsIOService.cpp
index 0329c10..c0e49ca 100644
--- a/mozilla/netwerk/base/src/nsIOService.cpp
+++ b/mozilla/netwerk/base/src/nsIOService.cpp
@@ -379,6 +379,16 @@ nsIOService::GetProtocolHandler(const char* scheme, nsIProtocolHandler* *result)
nsCOMPtr<nsIPrefBranch2> prefBranch;
GetPrefBranch(getter_AddRefs(prefBranch));
if (prefBranch) {
+ nsCAutoString protocolBlockedPref("network.protocol-handler.blocked.");
+ protocolBlockedPref += scheme;
+ PRBool blockedProtocol = PR_FALSE;
+ rv = prefBranch->GetBoolPref(protocolBlockedPref.get(), &blockedProtocol);
+ if (NS_FAILED(rv)) {
+ rv = prefBranch->GetBoolPref("network.protocol-handler.blocked-default", &blockedProtocol);
+ }
+ if (NS_SUCCEEDED(rv) && blockedProtocol)
+ return NS_ERROR_UNKNOWN_PROTOCOL;
+
nsCAutoString externalProtocolPref("network.protocol-handler.external.");
externalProtocolPref += scheme;
rv = prefBranch->GetBoolPref(externalProtocolPref.get(), &externalProtocol);
diff --git a/mozilla/widget/src/gtk2/nsWindow.cpp b/mozilla/widget/src/gtk2/nsWindow.cpp
index 9e0d187..b628f20 100644
--- a/mozilla/widget/src/gtk2/nsWindow.cpp
+++ b/mozilla/widget/src/gtk2/nsWindow.cpp
@@ -75,6 +75,7 @@
#include "nsIServiceManager.h"
#include "nsIStringBundle.h"
#include "nsGfxCIID.h"
+#include "nsIPrefService.h"
#ifdef ACCESSIBILITY
#include "nsIAccessibleRole.h"
@@ -86,7 +87,6 @@
static PRBool sAccessibilityChecked = PR_FALSE;
/* static */
PRBool nsWindow::sAccessibilityEnabled = PR_FALSE;
-static const char sSysPrefService [] = "@mozilla.org/system-preference-service;1";
static const char sAccEnv [] = "GNOME_ACCESSIBILITY";
static const char sAccessibilityKey [] = "config.use_system_prefs.accessibility";
#endif
@@ -3383,18 +3383,18 @@ nsWindow::NativeCreate(nsIWidget *aParent,
sAccessibilityEnabled = atoi(envValue);
LOG(("Accessibility Env %s=%s\n", sAccEnv, envValue));
}
- //check gconf-2 setting
+ //check preference setting
else {
- nsCOMPtr<nsIPrefBranch> sysPrefService =
- do_GetService(sSysPrefService, &rv);
- if (NS_SUCCEEDED(rv) && sysPrefService) {
-
- // do the work to get gconf setting.
- // will be done soon later.
- sysPrefService->GetBoolPref(sAccessibilityKey,
+ nsCOMPtr<nsIPrefService> prefService =
+ do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
+ if (NS_SUCCEEDED(rv) && prefService) {
+ nsCOMPtr<nsIPrefBranch> prefBranch;
+ rv = prefService->GetBranch(nsnull, getter_AddRefs(prefBranch));
+ if (NS_SUCCEEDED(rv) && prefBranch) {
+ prefBranch->GetBoolPref(sAccessibilityKey,
&sAccessibilityEnabled);
+ }
}
-
}
}
if (sAccessibilityEnabled) {
diff --git a/mozilla/xpinstall/src/nsXPInstallManager.cpp b/mozilla/xpinstall/src/nsXPInstallManager.cpp
index 35a2e82..6765c8e 100644
--- a/mozilla/xpinstall/src/nsXPInstallManager.cpp
+++ b/mozilla/xpinstall/src/nsXPInstallManager.cpp
@@ -290,6 +290,7 @@ nsXPInstallManager::InitManagerInternal()
//-----------------------------------------------------
// Get permission to install
//-----------------------------------------------------
+ nsCOMPtr<nsIPrefBranch> pref(do_GetService(NS_PREFSERVICE_CONTRACTID));
#ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI
if ( mChromeType == CHROME_SKIN )
@@ -299,17 +300,26 @@ nsXPInstallManager::InitManagerInternal()
// skins get a simpler/friendlier dialog
// XXX currently not embeddable
- OKtoInstall = ConfirmChromeInstall( mParentWindow, packageList );
+ PRBool themesDisabled = PR_FALSE;
+ if (pref)
+ pref->GetBoolPref("config.lockdown.disable_themes", &themesDisabled);
+ OKtoInstall = !themesDisabled &&
+ ConfirmChromeInstall( mParentWindow, packageList );
}
else
{
#endif
- rv = dlgSvc->ConfirmInstall( mParentWindow,
- packageList,
- numStrings,
- &OKtoInstall );
- if (NS_FAILED(rv))
- OKtoInstall = PR_FALSE;
+ PRBool extensionsDisabled = PR_FALSE;
+ if (pref)
+ pref->GetBoolPref("config.lockdown.disable_extensions", &extensionsDisabled);
+ if (!extensionsDisabled) {
+ rv = dlgSvc->ConfirmInstall( mParentWindow,
+ packageList,
+ numStrings,
+ &OKtoInstall );
+ if (NS_FAILED(rv))
+ OKtoInstall = PR_FALSE;
+ }
#ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI
}
#endif
View Git Blame Copy Permalink