Fix bug 653926. r=jst a=LegNeato CAMINO_2_1_MINIBRANCH
authorBlake Kaplan <mrbkap@gmail.com>
Fri, 28 Oct 2011 13:47:46 -0700
branchCAMINO_2_1_MINIBRANCH
changeset 35224 eb499b0c7d8cd70aacfb81384b013e6afa836805
parent 35223 f111c39a68f61488fbfa858f44207935293d2329
child 35225 ed32cbc749af541110036a40294fccaab3079464
push id1998
push useralqahira@ardisson.org
push dateThu, 03 Nov 2011 02:27:52 +0000
reviewersjst, LegNeato
bugs653926
milestone1.9.2.23
Fix bug 653926. r=jst a=LegNeato
js/src/xpconnect/loader/Makefile.in
js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
--- a/js/src/xpconnect/loader/Makefile.in
+++ b/js/src/xpconnect/loader/Makefile.in
@@ -49,15 +49,17 @@ LIBXUL_LIBRARY = 1
 REQUIRES	= xpcom \
 		  string \
 		  xpconnect \
 		  js \
 		  caps \
 		  necko \
 		  $(NULL)
 
+LOCAL_INCLUDES	+= -I$(srcdir)/../src
+
 CPPSRCS		= mozJSComponentLoader.cpp mozJSSubScriptLoader.cpp
 
 EXTRA_JS_MODULES = XPCOMUtils.jsm ISO8601DateUtils.jsm
 
 include $(topsrcdir)/config/rules.mk
 
 DEFINES		+= -DJSFILE -DJS_THREADSAFE
--- a/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
+++ b/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
@@ -40,16 +40,17 @@
  * ***** END LICENSE BLOCK ***** */
 
 #if !defined(XPCONNECT_STANDALONE) && !defined(NO_SUBSCRIPT_LOADER)
 
 #include "mozJSSubScriptLoader.h"
 
 #include "nsIServiceManager.h"
 #include "nsIXPConnect.h"
+#include "XPCWrapper.h"
 
 #include "nsIURI.h"
 #include "nsIIOService.h"
 #include "nsIChannel.h"
 #include "nsIInputStream.h"
 #include "nsNetCID.h"
 #include "nsDependentString.h"
 #include "nsAutoPtr.h"
@@ -150,16 +151,21 @@ mozJSSubScriptLoader::LoadSubScript (con
     JSObject *target_obj = nsnull;
     ok = JS_ConvertArguments (cx, argc, argv, "s / o", &url, &target_obj);
     if (!ok)
     {
         /* let the exception raised by JS_ConvertArguments show through */
         return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = mSystemPrincipal;
+    JSObject *result_obj = target_obj;
+
+    target_obj = target_obj ? XPCWrapper::Unwrap(cx, target_obj) : nsnull;
+
     if (!target_obj)
     {
         /* if the user didn't provide an object to eval onto, find the global
          * object by walking the parent chain of the calling object */
 
 #ifdef DEBUG_rginda
         JSObject *got_glob = JS_GetGlobalObject (cx);
         fprintf (stderr, "JS_GetGlobalObject says glob is %p.\n", got_glob);
@@ -185,17 +191,17 @@ mozJSSubScriptLoader::LoadSubScript (con
 #ifdef DEBUG_rginda
             fprintf (stderr, ", %p", maybe_glob);
 #endif
             target_obj = maybe_glob;
             maybe_glob = JS_GetParent (cx, maybe_glob);
         }
 #ifdef DEBUG_rginda
         fprintf (stderr, "\n");
-#endif  
+#endif
     }
 
     // Innerize the target_obj so that we compile the loaded script in the
     // correct (inner) scope.
     JSClass *target_class = JS_GET_CLASS(cx, target_obj);
     if (target_class->flags & JSCLASS_IS_EXTENDED)
     {
         JSExtendedClass *extended = (JSExtendedClass*)target_class;
@@ -204,16 +210,27 @@ mozJSSubScriptLoader::LoadSubScript (con
             target_obj = extended->innerObject(cx, target_obj);
             if (!target_obj) return NS_ERROR_FAILURE;
 #ifdef DEBUG_rginda
             fprintf (stderr, "Final global: %p\n", target_obj);
 #endif
         }
     }
 
+    if (result_obj &&
+        target_obj != JS_GetGlobalForObject(cx, result_obj)) {
+        nsCOMPtr<nsIScriptSecurityManager> secman =
+            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+        if (!secman)
+            return NS_ERROR_FAILURE;
+
+        rv = secman->GetObjectPrincipal(cx, target_obj, getter_AddRefs(principal));
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+
     /* load up the url.  From here on, failures are reflected as ``custom''
      * js exceptions */
     PRInt32   len = -1;
     PRUint32  readcount = 0;  // Total amount of data read
     PRUint32  lastReadCount = 0;  // Amount of data read in last Read() call
     nsAutoArrayPtr<char> buf;
     
     JSString        *errmsg;
@@ -327,17 +344,17 @@ mozJSSubScriptLoader::LoadSubScript (con
     {
         errmsg = JS_NewStringCopyZ (cx, LOAD_ERROR_READUNDERFLOW);
         goto return_exception;
     }
 
     /* we can't hold onto jsPrincipals as a module var because the
      * JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
      * destructor */
-    rv = mSystemPrincipal->GetJSPrincipals(cx, &jsPrincipals);
+    rv = principal->GetJSPrincipals(cx, &jsPrincipals);
     if (NS_FAILED(rv) || !jsPrincipals) {
         errmsg = JS_NewStringCopyZ (cx, LOAD_ERROR_NOPRINCIPALS);
         goto return_exception;
     }
 
     /* set our own error reporter so we can report any bad things as catchable
      * exceptions, including the source/line number */
     er = JS_SetErrorReporter (cx, mozJSLoaderErrorReporter);