Closed Bug 494805 Opened 16 years ago Closed 16 years ago

CacheStoragePermissions() broken for session/localStorage

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(Keywords: fixed1.9.1)

Attachments

(1 file)

wip1
6.46 KB, patch
Details | Diff | Splinter Review 
CacheStoragePermissions calls CanAccess of the storage as a security check. I have just found out that nsDOMStorage2 (sessionStorage and localStorage implementation) calls an old nsDOMStorage::CanAccess that only checks domain and NOT the whole principal.

We have to change CacheStoragePermissions to call the correct method somehow, nsDOMStorage2 is wrapping nsDOMStorage.
Flags: blocking1.9.1?
Attached patch wip1Splinter Review 

    
    

    
  
How does this bug relate to bug 494810 and bug 494799, if at all?

    
    

    
  
Doesn't block, would take patch with tests.
Flags: wanted1.9.1.x?
Flags: blocking1.9.1?
Flags: blocking1.9.1-

    
    

    
  
This got fixed for 1.9.1 by the fix for bug 495112.
Keywords: fixed1.9.1
Blocks: 495337

    
    

    
  
Fixed on trunk by the fix for bug 495112. Bug 495337 filed as a followup.

http://hg.mozilla.org/mozilla-central/rev/363750f510ec
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Flags: wanted1.9.1.x?
Group: core-security
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: