Closed Bug 1470295 Opened 6 years ago Closed 6 years ago

Allow Save-as links to FTP files on HTTP pages.

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla62
Tracking Flags:
Tracking Status
firefox61 + verified
firefox62 --- verified
firefox63 --- verified

People

(Reporter: evilpie, Assigned: evilpie)

References

Details

(Keywords: regression, Whiteboard: [domsecurity-active])

Attachments

(3 files)

Allow save-as download of FTP files on HTTP pages. r?
904 bytes, patch
ckerschb
: review+
Details | Diff | Splinter Review
Patch to uplift
915 bytes, patch
RyanVM
: approval-mozilla-release+
Details | Diff | Splinter Review
testcase.html
109 bytes, text/html
Details
Attachment #8986918 - Flags: review?(ckerschb)
Comment on attachment 8986918 [details] [diff] [review] Allow save-as download of FTP files on HTTP pages. r? Review of attachment 8986918 [details] [diff] [review]: ----------------------------------------------------------------- Thanks, r=me ::: dom/security/nsContentSecurityManager.cpp @@ +182,5 @@ > > + // Allow save-as download of FTP files on HTTP pages. > + if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) { > + return NS_OK; > + } Maybe bundle that check with the TYPE_DOC check, something like: // Allow top-level FTP documents and // save-as download of FTP files on HTTP pages. if (type == nsIContentPolicy::TYPE_DOCUMENT || type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) { return NS_OK; }
Attachment #8986918 - Flags: review?(ckerschb) → review+
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/54b5db87eb7e Allow save-as download of FTP files on HTTP pages. r=ckerschb
https://hg.mozilla.org/mozilla-central/rev/54b5db87eb7e
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox62: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Attached patch Patch to upliftSplinter Review
Approval Request Comment [Feature/Bug causing the regression]: bug bug 1404744 [User impact if declined]: From an HTML page, right clicking on a FTP link 'Save Link as' doesn't work [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: 1) Create HTML page with a link to an FTP file 2) Right click link and click 'Save Link As...' 3) File should download [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Allows some limited old behavior [String changes made/needed]: None
Attachment #8987341 - Flags: approval-mozilla-release?
Flags: qe-verify+
I could not reproduce the issue using an HTML page with an FTP link created by me or using the link provided in bug 1469536 comment 19 with Nightly 62.0a1 (2018-06-21) or using the latest Nightly 62.0a1(2018-06-26). Xu Zhen, could you please confirm the fix on the latest Nightly?
Flags: needinfo?(xuzhen)
Tested with 62.0b3 and 63.0a1(209180627), the save-as function was working. And I found another regression: visiting undisplayable file on FTP server makes Firefox hang. Click ftp://ftp.mirror.nl/pub/Museum/atari/files/stnet110.tos , Firefox 62b/63a will hang and consume 100% CPU. Haven't tested with 61.
Flags: needinfo?(xuzhen)
Based on comment 7 I'm marking this bug as Verified fixed. Xu Zhen, thanks for the report, I can confirm the issue described in comment 7 and I will file another bug for this.
Status: RESOLVED → VERIFIED
status-firefox62: fixedverified
status-firefox63: --- → verified
(In reply to roxana.leitan@softvision.ro from comment #8) > Based on comment 7 I'm marking this bug as Verified fixed. > > Xu Zhen, thanks for the report, I can confirm the issue described in comment > 7 and I will file another bug for this. Which bug number is this? This is quite a serious issue.
(In reply to Tom Schuster [:evilpie] from comment #9) > Which bug number is this? This is quite a serious issue. bug 1471594 / bug 1467102
Thank you Jan! Did we decide not to uplift this bug?
[Tracking Requested - why for this release]: See comment 5 + comment 11.
status-firefox61: --- → affected
tracking-firefox61: --- → ?
Comment on attachment 8987341 [details] [diff] [review] Patch to uplift Approved for 61.0.1.
Attachment #8987341 - Flags: approval-mozilla-release? → approval-mozilla-release+
Attached file testcase.html
I was able to reproduce this bug using the attached testcase on an affected Nightly build 62.0a1 (2018-06-21). I can confirm that the bug is no longer reproducible on 61.0.1 (20180704003137) under the following OSes: Windows 10 x64, macOS 10.12 and Ubuntu 16.04 x64.
status-firefox61: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: