Closed
Bug 1470295
Opened 6 years ago
Closed 6 years ago
Allow Save-as links to FTP files on HTTP pages.
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
VERIFIED
FIXED
mozilla62
People
(Reporter: evilpie, Assigned: evilpie)
References
Details
(Keywords: regression, Whiteboard: [domsecurity-active])
Attachments
(3 files)
904 bytes,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
915 bytes,
patch
|
RyanVM
:
approval-mozilla-release+
|
Details | Diff | Splinter Review |
109 bytes,
text/html
|
Details |
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Attachment #8986918 -
Flags: review?(ckerschb)
Comment 2•6 years ago
|
||
Comment on attachment 8986918 [details] [diff] [review] Allow save-as download of FTP files on HTTP pages. r? Review of attachment 8986918 [details] [diff] [review]: ----------------------------------------------------------------- Thanks, r=me ::: dom/security/nsContentSecurityManager.cpp @@ +182,5 @@ > > + // Allow save-as download of FTP files on HTTP pages. > + if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) { > + return NS_OK; > + } Maybe bundle that check with the TYPE_DOC check, something like: // Allow top-level FTP documents and // save-as download of FTP files on HTTP pages. if (type == nsIContentPolicy::TYPE_DOCUMENT || type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) { return NS_OK; }
Attachment #8986918 -
Flags: review?(ckerschb) → review+
Updated•6 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/54b5db87eb7e Allow save-as download of FTP files on HTTP pages. r=ckerschb
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/54b5db87eb7e
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Assignee | ||
Comment 5•6 years ago
|
||
Approval Request Comment [Feature/Bug causing the regression]: bug bug 1404744 [User impact if declined]: From an HTML page, right clicking on a FTP link 'Save Link as' doesn't work [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: 1) Create HTML page with a link to an FTP file 2) Right click link and click 'Save Link As...' 3) File should download [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Allows some limited old behavior [String changes made/needed]: None
Attachment #8987341 -
Flags: approval-mozilla-release?
Updated•6 years ago
|
Keywords: regression
Updated•6 years ago
|
Flags: qe-verify+
I could not reproduce the issue using an HTML page with an FTP link created by me or using the link provided in bug 1469536 comment 19 with Nightly 62.0a1 (2018-06-21) or using the latest Nightly 62.0a1(2018-06-26). Xu Zhen, could you please confirm the fix on the latest Nightly?
Flags: needinfo?(xuzhen)
Tested with 62.0b3 and 63.0a1(209180627), the save-as function was working. And I found another regression: visiting undisplayable file on FTP server makes Firefox hang. Click ftp://ftp.mirror.nl/pub/Museum/atari/files/stnet110.tos , Firefox 62b/63a will hang and consume 100% CPU. Haven't tested with 61.
Flags: needinfo?(xuzhen)
Based on comment 7 I'm marking this bug as Verified fixed. Xu Zhen, thanks for the report, I can confirm the issue described in comment 7 and I will file another bug for this.
Assignee | ||
Comment 9•6 years ago
|
||
(In reply to roxana.leitan@softvision.ro from comment #8) > Based on comment 7 I'm marking this bug as Verified fixed. > > Xu Zhen, thanks for the report, I can confirm the issue described in comment > 7 and I will file another bug for this. Which bug number is this? This is quite a serious issue.
Comment 10•6 years ago
|
||
(In reply to Tom Schuster [:evilpie] from comment #9) > Which bug number is this? This is quite a serious issue. bug 1471594 / bug 1467102
Assignee | ||
Comment 11•6 years ago
|
||
Thank you Jan! Did we decide not to uplift this bug?
Comment 12•6 years ago
|
||
[Tracking Requested - why for this release]: See comment 5 + comment 11.
status-firefox61:
--- → affected
tracking-firefox61:
--- → ?
Comment 13•6 years ago
|
||
Comment on attachment 8987341 [details] [diff] [review] Patch to uplift Approved for 61.0.1.
Attachment #8987341 -
Flags: approval-mozilla-release? → approval-mozilla-release+
Updated•6 years ago
|
Comment 14•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-release/rev/2f2e89cae162
Comment 15•6 years ago
|
||
testcase |
Comment 16•6 years ago
|
||
I was able to reproduce this bug using the attached testcase on an affected Nightly build 62.0a1 (2018-06-21). I can confirm that the bug is no longer reproducible on 61.0.1 (20180704003137) under the following OSes: Windows 10 x64, macOS 10.12 and Ubuntu 16.04 x64.
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•