Last Comment Bug 549349 - file drop URIs only accidentally work
: file drop URIs only accidentally work
Status: RESOLVED FIXED
: verified1.9.0.19, verified1.9.1, verified1.9.2
Product: Core
Classification: Components
Component: Drag and Drop (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla1.9.3a3
Assigned To: :Gavin Sharp [email: gavin@gavinsharp.com]
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-01 10:26 PST by :Gavin Sharp [email: gavin@gavinsharp.com]
Modified: 2010-03-22 17:31 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.2-fixed
.9-fixed


Attachments
patch (2.46 KB, patch)
2010-03-01 10:28 PST, :Gavin Sharp [email: gavin@gavinsharp.com]
dtownsend: review+
mbeltzner: approval1.9.2.2+
mbeltzner: approval1.9.1.9+
mbeltzner: approval1.9.0.19+
Details | Diff | Review

Description :Gavin Sharp [email: gavin@gavinsharp.com] 2010-03-01 10:26:25 PST
The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Comment 2 :Gavin Sharp [email: gavin@gavinsharp.com] 2010-03-01 10:28:39 PST
Created attachment 429551 [details] [diff] [review]
patch
Comment 3 :Gavin Sharp [email: gavin@gavinsharp.com] 2010-03-01 10:33:04 PST
https://hg.mozilla.org/mozilla-central/rev/66b74d46682e
Comment 4 :Gavin Sharp [email: gavin@gavinsharp.com] 2010-03-04 09:14:41 PST
Comment on attachment 429551 [details] [diff] [review]
patch

Wouldn't hurt to get this on branches too.
Comment 5 Mike Beltzner [:beltzner, not reading bugmail] 2010-03-04 15:09:52 PST
Comment on attachment 429551 [details] [diff] [review]
patch

a=beltzner for 1.9.2.2, 1.9.1.9. 1.9.0.19
Comment 6 :Gavin Sharp [email: gavin@gavinsharp.com] 2010-03-08 10:31:52 PST
1.9.2: https://hg.mozilla.org/releases/mozilla-1.9.2/rev/82fa604cdf23
1.9.1: https://hg.mozilla.org/releases/mozilla-1.9.1/rev/ff4a52b1c2a4
1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 	1.11
Comment 7 Tony Chung [:tchung] 2010-03-22 16:52:58 PDT
How can qa verify this?  also, are there unit tests?
Comment 8 Tony Chung [:tchung] 2010-03-22 17:31:23 PDT
Patch was fixed in another bug that has been marked verified on verified1.9.0.19, verified1.9.1, verified1.9.2.   resolving here also.

Note You need to log in before you can comment on or make changes to this bug.