213921 - [FIX]Backwards assumptions in helper app service could be security issues

Status: RESOLVED FIXED

(Core Graveyard :: File Handling, defect, P1)

Description

[Boris Zbarsky [:bzbarsky]]

The assumptions are:

1)  Do not prompt unless the datasource says we should (this should be "prompt
    unless the datasource says we should not")
2)  If the action is unknown, that means we want to launch a helper app (this
    should be "if the action is unknown, save to disk")

Comment 1

[Boris Zbarsky [:bzbarsky]]

Attachment: Patch

Comment 2

[Christian :Biesinger (don't email me, ping me on IRC)]

Comment on attachment 128522 [details] [diff] [review]
Patch

+  NS_NAMED_LITERAL_STRING(trueString, "true" );
+  NS_NAMED_LITERAL_STRING(falseString, "false" );

could you remove the space before the )

r=biesi with that

Comment 3

[Darin Fisher]

Comment on attachment 128522 [details] [diff] [review]
Patch

>Index: uriloader/exthandler/nsExternalHelperAppService.cpp

>+  if (stringValue && falseString.Equals(stringValue))
>     aMIMEInfo->SetAlwaysAskBeforeHandling(PR_FALSE);
>+  else
>+    aMIMEInfo->SetAlwaysAskBeforeHandling(PR_TRUE);

maybe make the conditional expression an argument to the function so we
don't generate code for two function calls?

    aMIMEInfo->SetAlwaysAskBeforeHandling(!stringValue ||
					  !falseString.Equals(stringValue)));

sr=darin either way

Comment 4

[Boris Zbarsky [:bzbarsky]]

Fixed, with darin's suggestion added.

Comment 5

[Christopher Aillon (sabbatical, not receiving bugmail)]

Attachment: Backport for 1.4

This patch sort of slipped in during the 1.5 time frame, but I think I'd like
this for the 1.4 branch.  Here's a   Not much changed, but I'd just like a
sanity check, Boris.