Closed
Bug 1329401
Opened 7 years ago
Closed 7 years ago
Rollup updates for FeedConverter.js sync with Firefox as at 20161231
Categories
(SeaMonkey :: Feed Discovery and Preview, defect)
Tracking
(seamonkey2.46 wontfix, seamonkey2.47 wontfix, seamonkey2.48 fixed, seamonkey2.49esr fixed, seamonkey2.50 fixed)
RESOLVED
FIXED
seamonkey2.50
People
(Reporter: philip.chee, Assigned: philip.chee)
References
Details
User Story
[sg bugs] Bug 1277685 - Nested feed: URIs should only allow http/https as inner URIs https://hg.mozilla.org/mozilla-central/rev/2974a3e83592 Bug 1277698 - Consider making feed: DANGEROUS_TO_LOAD https://hg.mozilla.org/mozilla-central/rev/f48fbe411650 [normal bugs] Bug 1233899 - fix the feeds converter to use default user context origin attributes https://hg.mozilla.org/mozilla-central/rev/8e052220dd9e Bug 1165272 - unify Get*CodebasePrincipal with createCodebasePrincipal in nsIScriptSecurityManager https://hg.mozilla.org/mozilla-central/rev/5a29e8bc51ca [minor tweaks] Bug 1314918 - Fix most of the remaining no-unused-vars issues. Bug 1199239, remove cpow usage from bookmark this page.
Attachments
(1 file)
5.39 KB,
patch
|
iannbugzilla
:
review+
frg
:
feedback+
iannbugzilla
:
approval-comm-aurora+
iannbugzilla
:
approval-comm-beta+
|
Details | Diff | Splinter Review |
Port the following bugs from Firefox: [sg bugs] Bug 1277685 - Nested feed: URIs should only allow http/https as inner URIs https://hg.mozilla.org/mozilla-central/rev/2974a3e83592 Bug 1277698 - Consider making feed: DANGEROUS_TO_LOAD https://hg.mozilla.org/mozilla-central/rev/f48fbe411650 [normal bugs] Bug 1233899 - fix the feeds converter to use default user context origin attributes https://hg.mozilla.org/mozilla-central/rev/8e052220dd9e Bug 1165272 - unify Get*CodebasePrincipal with createCodebasePrincipal in nsIScriptSecurityManager https://hg.mozilla.org/mozilla-central/rev/5a29e8bc51ca [minor tweaks] Bug 1314918 - Fix most of the remaining no-unused-vars issues. Bug 1199239, remove cpow usage from bookmark this page.
Assignee | ||
Comment 1•7 years ago
|
||
> chromeChannel.owner = Services.scriptSecurityManager > - .getNoAppCodebasePrincipal(chromeURI); > + .createCodebasePrincipal(chromeURI, > + loadInfo.originAttributes); Bug 1165272 - Part 2: Replace getNoAppCodebasePrincipal with createCodebasePrincipal. Bug 1233899 - Fix the feeds converter to use default user context origin attributes > GenericProtocolHandler.prototype = { > get protocolFlags() { > - return this._http.protocolFlags; > + var httpPref = "browser.feeds.feeds_like_http" > + if (Services.prefs.getPrefType(httpPref) == Services.prefs.PREF_BOOL && > + Services.prefs.getBoolPref(httpPref)) { > + return this._http.protocolFlags; > + } > + > + return this._http.URI_DANGEROUS_TO_LOAD | > + this._http.ALLOWS_PROXY | > + this._http.ALLOWS_PROXY_HTTP; Bug 1277698 - Consider making feed: DANGEROUS_TO_LOAD > - var netutil = Components.classes["@mozilla.org/network/util;1"] > - .getService(Components.interfaces.nsINetUtil); > - if (netutil.URIChainHasFlags(inner, > - Components.interfaces.nsIProtocolHandler.URI_INHERITS_SECURITY_CONTEXT)) > + > + if (! /^https?/.test(inner.scheme)) > throw Components.results.NS_ERROR_MALFORMED_URI; .... > - var uri = netutil.newSimpleNestedURI(inner); > + var uri = Services.io.QueryInterface(Components.interfaces.nsINetUtil) > + .newSimpleNestedURI(inner); Bug 1277685 - Nested feed: URIs should only allow http/https as inner URIs > - var noSniff = httpChannel.getResponseHeader("X-Moz-Is-Feed"); > + // Note: this throws if the header is not set. > + httpChannel.getResponseHeader("X-Moz-Is-Feed"); Bug 1314918 - Fix most of the remaining no-unused-vars issues. > case "bookmarks": > var topWindow = Services.wm.getMostRecentWindow("navigator:browser"); > topWindow.PlacesCommandHook.addLiveBookmark(spec, title, subtitle); > - topWindow.PlacesCommandHook.addLiveBookmark(spec, title, subtitle); > + topWindow.PlacesCommandHook.addLiveBookmark(spec, title, subtitle) > + .catch(Components.utils.reportError); Bug 1199239, remove cpow usage from bookmark this page.
Attachment #8824655 -
Flags: review?(iann_bugzilla)
Assignee | ||
Comment 2•7 years ago
|
||
Comment on attachment 8824655 [details] [diff] [review] Patch v1.0 Fixes. My build environment is broken so I can't test. FRG: could you take this patch for a spin round the block? Thanks.
Attachment #8824655 -
Flags: feedback?(frgrahl)
Comment 3•7 years ago
|
||
Comment on attachment 8824655 [details] [diff] [review] Patch v1.0 Fixes. Works. I put it on top of bug 1329186. Tested with two feeds and source code changes look sane. The patch is bitrotted. Needs one change.
Attachment #8824655 -
Flags: feedback?(frgrahl) → feedback+
Assignee | ||
Comment 4•7 years ago
|
||
Thanks!
> The patch is bitrotted. Needs one change.
If r+ I will push an unbitrotted patch ;)
Comment on attachment 8824655 [details] [diff] [review] Patch v1.0 Fixes. r/a=me for unbitrotted patch
Attachment #8824655 -
Flags: review?(iann_bugzilla) → review+
Assignee | ||
Comment 6•7 years ago
|
||
http://hg.mozilla.org/comm-central/rev/d1e921152a8fd1c4d87580a5f6e7682f96058d6f
status-seamonkey2.46:
--- → verified
status-seamonkey2.47:
--- → wontfix
status-seamonkey2.48:
--- → affected
status-seamonkey2.49esr:
--- → affected
status-seamonkey2.50:
--- → fixed
tracking-seamonkey2.48:
--- → ?
tracking-seamonkey2.49esr:
--- → ?
Target Milestone: --- → seamonkey2.50
Assignee | ||
Comment 7•7 years ago
|
||
Comment on attachment 8824655 [details] [diff] [review] Patch v1.0 Fixes. [Approval Request Comment] Regression caused by (bug #): N/A User impact if declined: Missing security fixes Bug 1277685 and Bug 1277698 which landed on Firefox 50. The other patches landed on Firefox 50 or earlier except Bug 1314918 which is just fixing nits. Testing completed (on m-c, etc.): comm-central and Firefox 50 Risk to taking this patch (and alternatives if risky): Low risk. Has been baked in mozilla-central since Firefox 50. String changes made by this patch: none
Attachment #8824655 -
Flags: approval-comm-beta?
Attachment #8824655 -
Flags: approval-comm-aurora?
Attachment #8824655 -
Flags: approval-comm-beta?
Attachment #8824655 -
Flags: approval-comm-beta+
Attachment #8824655 -
Flags: approval-comm-aurora?
Attachment #8824655 -
Flags: approval-comm-aurora+
Assignee | ||
Comment 8•7 years ago
|
||
Pushed to comm-aurora: (SeaMonkey 2.49) http://hg.mozilla.org/releases/comm-beta/rev/7e4b5f38cfe14f65c92af09b71c2e4ee2082f8e2 Pushed to comm-beta: (SeaMonkey 2.48) http://hg.mozilla.org/releases/comm-release/rev/1a420d3ee2c640a9688e75ddafd858c6551611e0
Status: ASSIGNED → UNCONFIRMED
Ever confirmed: false
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
tracking-seamonkey2.48:
? → ---
tracking-seamonkey2.49esr:
? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•