Bug 902375 - Strict file origin policy - handle case where the target is the parent directory of the source. r=bz, a=bajaj
authorJohn Schoenick <jschoenick@mozilla.com>
Wed, 07 Aug 2013 14:35:20 -0700
changeset 148424 2434984154563ee84b9a57c3973faa9d29072af8
parent 148423 19d4d4a860515ca0b1b62058864dcf73dd1cab0a
child 148425 3e6f26fe39b48da54f5f5d221c4737f7ae3591eb
push id2797
push userryanvm@gmail.com
push dateFri, 23 Aug 2013 16:48:13 +0000
treeherdermozilla-beta@243498415456 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, bajaj
bugs902375
milestone24.0
Bug 902375 - Strict file origin policy - handle case where the target is the parent directory of the source. r=bz, a=bajaj
netwerk/base/public/nsNetUtil.h
--- a/netwerk/base/public/nsNetUtil.h
+++ b/netwerk/base/public/nsNetUtil.h
@@ -1927,29 +1927,36 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *a
   }
 
   //
   // If the file to be loaded is in a subdirectory of the source
   // (or same-dir if source is not a directory) then it will
   // inherit its source principal and be scriptable by that source.
   //
   bool sourceIsDir;
-  bool contained = false;
+  bool allowed = false;
   nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
   if (NS_SUCCEEDED(rv) && sourceIsDir) {
-    rv = sourceFile->Contains(targetFile, true, &contained);
+    rv = sourceFile->Contains(targetFile, true, &allowed);
   } else {
     nsCOMPtr<nsIFile> sourceParent;
     rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
     if (NS_SUCCEEDED(rv) && sourceParent) {
-      rv = sourceParent->Contains(targetFile, true, &contained);
+      rv = sourceParent->Equals(targetFile, &allowed);
+      if (NS_FAILED(rv) || !allowed) {
+        rv = sourceParent->Contains(targetFile, true, &allowed);
+      } else {
+        MOZ_ASSERT(aAllowDirectoryTarget,
+                   "sourceFile->Parent == targetFile, but targetFile "
+                   "should've been disallowed if it is a directory");
+      }
     }
   }
 
-  if (NS_SUCCEEDED(rv) && contained) {
+  if (NS_SUCCEEDED(rv) && allowed) {
     return true;
   }
 
   return false;
 }
 
 inline bool
 NS_IsInternalSameURIRedirect(nsIChannel *aOldChannel,