Closed
Bug 856273
Opened 12 years ago
Closed 12 years ago
SimplePush: Registrations() should return endpoints of calling app only
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(firefox21 wontfix, firefox22 wontfix, firefox23 fixed, b2g18+ fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 wontfix)
RESOLVED
FIXED
B2G C4 (2jan on)
People
(Reporter: nsm, Assigned: nsm)
References
Details
Attachments
(1 file)
|
1.43 KB,
patch
|
khuey
:
review+
akeybl
:
approval-mozilla-b2g18+
|
Details | Diff | Splinter Review |
PushDB.getAllByManifestURL should actually filter by passed manifest URL
|
Assignee | |
Updated•12 years ago
|
Summary: SimplePush: Registrations() call should filter by application → SimplePush: Registrations() should return endpoints of calling app only
|
|
Assignee | |
Comment 1•12 years ago
|
||
Using mozGetAll() would get all the results.
Switch to using a cursor with the keyrange on the index set to the manifestURL, so that only the calling app's registrations are returned.
Attachment #731442 -
Flags: review?(khuey)
Attachment #731442 -
Flags: review?(khuey) → review+
|
|
Assignee | |
Comment 2•12 years ago
|
||
|
||
Comment 3•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → B2G C4 (2jan on)
|
|
Assignee | |
Updated•12 years ago
|
status-b2g18:
--- → affected
tracking-b2g18:
--- → ?
|
||
Updated•12 years ago
|
|
|
Assignee | |
Comment 4•12 years ago
|
||
Comment on attachment 731442 [details] [diff] [review]
patch
NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 822712
User impact if declined:
Major. Without this patch, any application can acquire all the registrations on the device and then spam the user with fake notifications which could DoS the phone.
Testing completed:
Yes
Risk to taking this patch (and alternatives if risky):
Low since Push is disabled by default.
String or UUID changes made by this patch:
None
Attachment #731442 -
Flags: approval-mozilla-b2g18?
|
||
Updated•12 years ago
|
Attachment #731442 -
Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
|
|
||
Comment 5•12 years ago
|
||
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-firefox21:
--- → wontfix
status-firefox22:
--- → wontfix
status-firefox23:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•