corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer

Browse Source 
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.

MozReview-Commit-ID: 3cK5HeyzjFE
This commit is contained in:
Valentin Gosu
2018-02-26 20:43:46 +01:00
parent d4f4bcfafd
commit b9160f5ce8
17 changed files with 79 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
browser/base/content/browser.js
View File

@@ -4673,10 +4673,12 @@ var XULBrowserWindow = {
this.asyncUpdateUI();
if (AppConstants.MOZ_CRASHREPORTER && aLocationURI) {
let uri = aLocationURI.clone();
let uri = aLocationURI;
try {
// If the current URI contains a username/password, remove it.
uri.userPass = "";
uri = aLocationURI.mutate()
.setUserPass("")
.finalize();
} catch (ex) { /* Ignore failures on about: URIs. */ }
try {

2
browser/modules/ContentLinkHandler.jsm
View File

@@ -92,7 +92,7 @@ function getLinkIconURI(aLink) {
let targetDoc = aLink.ownerDocument;
let uri = Services.io.newURI(aLink.href, targetDoc.characterSet);
try {
uri.userPass = "";
uri = uri.mutate().setUserPass("").finalize();
} catch (e) {
// some URIs are immutable
}

11
docshell/base/nsDefaultURIFixup.cpp
View File

@@ -17,12 +17,14 @@
#endif
#include "nsIURIFixup.h"
#include "nsIURIMutator.h"
#include "nsDefaultURIFixup.h"
#include "mozilla/Preferences.h"
#include "mozilla/dom/ContentChild.h"
#include "mozilla/ipc/IPCStreamUtils.h"
#include "mozilla/ipc/URIUtils.h"
#include "mozilla/Tokenizer.h"
#include "mozilla/Unused.h"
#include "nsIObserverService.h"
#include "nsXULAppAPI.h"
@@ -73,14 +75,15 @@ nsDefaultURIFixup::CreateExposableURI(nsIURI* aURI, nsIURI** aReturn)
nsresult rv = nsContentUtils::RemoveWyciwygScheme(aURI, getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
} else {
// clone the URI so zapping user:pass doesn't change the original
nsresult rv = aURI->Clone(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
// No need to clone the URI as NS_MutateURI does that for us.
uri = aURI;
}
// hide user:pass unless overridden by pref
if (Preferences::GetBool("browser.fixup.hide_user_pass", true)) {
uri->SetUserPass(EmptyCString());
Unused << NS_MutateURI(uri)
.SetUserPass(EmptyCString())
.Finalize(uri);
}
uri.forget(aReturn);

14
dom/security/nsCSPContext.cpp
View File

@@ -30,6 +30,7 @@
#include "nsIStringStream.h"
#include "nsISupportsPrimitives.h"
#include "nsIUploadChannel.h"
#include "nsIURIMutator.h"
#include "nsIScriptError.h"
#include "nsIWebNavigation.h"
#include "nsMimeTypes.h"
@@ -1455,12 +1456,17 @@ nsCSPContext::PermitsAncestry(nsIDocShell* aDocShell, bool* outPermitsAncestry)
if (currentURI) {
// delete the userpass from the URI.
rv = NS_MutateURI(currentURI)
.SetRef(EmptyCString())
.SetUserPass(EmptyCString())
.Finalize(uriClone);
// If setUserPass fails for some reason, just return a clone of the
// current URI
if (NS_FAILED(rv)) {
rv = currentURI->CloneIgnoringRef(getter_AddRefs(uriClone));
NS_ENSURE_SUCCESS(rv, rv);
// We don't care if this succeeds, just want to delete a userpass if
// there was one.
uriClone->SetUserPass(EmptyCString());
}
if (CSPCONTEXTLOGENABLED()) {
CSPCONTEXTLOG(("nsCSPContext::PermitsAncestry, found ancestor: %s",

6
dom/webbrowserpersist/WebBrowserPersistLocalDocument.cpp
View File

@@ -20,6 +20,7 @@
#include "mozilla/dom/NodeFilterBinding.h"
#include "mozilla/dom/TabParent.h"
#include "mozilla/dom/TreeWalker.h"
#include "mozilla/Unused.h"
#include "nsComponentManagerUtils.h"
#include "nsContentUtils.h"
#include "nsContentCID.h"
@@ -42,6 +43,7 @@
#include "nsISHEntry.h"
#include "nsISupportsPrimitives.h"
#include "nsITabParent.h"
#include "nsIURIMutator.h"
#include "nsIWebBrowserPersist.h"
#include "nsIWebNavigation.h"
#include "nsIWebPageDescriptor.h"
@@ -741,7 +743,9 @@ PersistNodeFixup::FixupAnchor(nsINode *aNode)
nsresult rv = NS_NewURI(getter_AddRefs(newURI), oldCValue,
mParent->GetCharacterSet(), relativeURI);
if (NS_SUCCEEDED(rv) && newURI) {
newURI->SetUserPass(EmptyCString());
Unused << NS_MutateURI(newURI)
.SetUserPass(EmptyCString())
.Finalize(newURI);
nsAutoCString uriSpec;
rv = newURI->GetSpec(uriSpec);
NS_ENSURE_SUCCESS(rv, rv);

4
dom/webbrowserpersist/nsWebBrowserPersist.cpp
View File

@@ -2582,7 +2582,9 @@ nsWebBrowserPersist::URIData::GetLocalURI(nsIURI *targetBaseURI, nsCString& aSpe
}
// remove username/password if present
fileAsURI->SetUserPass(EmptyCString());
Unused << NS_MutateURI(fileAsURI)
.SetUserPass(EmptyCString())
.Finalize(fileAsURI);
// reset node attribute
// Use relative or absolute links

14
dom/xhr/XMLHttpRequestMainThread.cpp
View File

@@ -40,6 +40,7 @@
#include "nsReadableUtils.h"
#include "nsIURI.h"
#include "nsIURIMutator.h"
#include "nsILoadGroup.h"
#include "nsNetUtil.h"
#include "nsStringStream.h"
@@ -1483,15 +1484,12 @@ XMLHttpRequestMainThread::Open(const nsACString& aMethod,
nsAutoCString host;
parsedURL->GetHost(host);
if (!host.IsEmpty()) {
nsAutoCString userpass;
if (!aUsername.IsVoid()) {
CopyUTF16toUTF8(aUsername, userpass);
if (!aUsername.IsVoid() || !aPassword.IsVoid()) {
Unused << NS_MutateURI(parsedURL)
.SetUsername(NS_ConvertUTF16toUTF8(aUsername))
.SetPassword(NS_ConvertUTF16toUTF8(aPassword))
.Finalize(parsedURL);
}
userpass.AppendLiteral(":");
if (!aPassword.IsVoid()) {
AppendUTF16toUTF8(aPassword, userpass);
}
parsedURL->SetUserPass(userpass);
}
// Step 9

6
mobile/android/components/SessionStore.js
View File

@@ -1231,10 +1231,12 @@ SessionStore.prototype = {
}
try {
let currentURI = aWindow.BrowserApp.selectedBrowser.currentURI.clone();
let currentURI = aWindow.BrowserApp.selectedBrowser.currentURI;
// if the current URI contains a username/password, remove it
try {
currentURI.userPass = "";
currentURI = currentURI.mutate()
.setUserPass("")
.finalize();
} catch (ex) { } // ignore failures on about: URIs
Services.appinfo.annotateCrashReport("URL", currentURI.spec);

7
netwerk/protocol/http/nsHttpChannel.cpp
View File

@@ -36,6 +36,7 @@
#include "nsNetCID.h"
#include "nsNetUtil.h"
#include "nsIURL.h"
#include "nsIURIMutator.h"
#include "nsIStreamTransportService.h"
#include "prnetdb.h"
#include "nsEscape.h"
@@ -1057,9 +1058,9 @@ nsHttpChannel::SetupTransaction()
if (!buf.IsEmpty() && ((strncmp(mSpec.get(), "http:", 5) == 0) ||
strncmp(mSpec.get(), "https:", 6) == 0)) {
nsCOMPtr<nsIURI> tempURI;
rv = mURI->Clone(getter_AddRefs(tempURI));
if (NS_FAILED(rv)) return rv;
rv = tempURI->SetUserPass(EmptyCString());
rv = NS_MutateURI(mURI)
.SetUserPass(EmptyCString())
.Finalize(tempURI);
if (NS_FAILED(rv)) return rv;
rv = tempURI->GetAsciiSpec(path);
if (NS_FAILED(rv)) return rv;

2
netwerk/test/unit/test_URIs.js
View File

@@ -524,7 +524,7 @@ function do_test_immutable(aTest) {
var URI = NetUtil.newURI(aTest.spec);
// All the non-readonly attributes on nsIURI.idl:
var propertiesToCheck = ["spec", "scheme", "userPass", "username", "password",
var propertiesToCheck = ["spec", "scheme", "username", "password",
"host", "port", "query", "ref"];
propertiesToCheck.forEach(function(aProperty) {

2
netwerk/test/unit/test_URIs2.js
View File

@@ -625,7 +625,7 @@ function do_test_immutable(aTest) {
var URI = NetUtil.newURI(aTest.spec);
// All the non-readonly attributes on nsIURI.idl:
var propertiesToCheck = ["scheme", "userPass", "username", "password",
var propertiesToCheck = ["scheme", "username", "password",
"host", "port", "query", "ref"];
propertiesToCheck.forEach(function(aProperty) {

9
netwerk/test/unit/test_standardurl.js
View File

@@ -301,7 +301,7 @@ add_test(function test_hugeStringThrows()
let url = stringToURL("http://test:test@example.com");
let hugeString = new Array(maxLen + 1).fill("a").join("");
let properties = ["scheme", "userPass", "username",
let properties = ["scheme", "username",
"password", "host", "ref",
"query"];
for (let prop of properties) {
@@ -314,6 +314,7 @@ add_test(function test_hugeStringThrows()
{ method: "setSpec", qi: Ci.nsIURIMutator },
{ method: "setFilePath", qi: Ci.nsIURIMutator },
{ method: "setHostPort", qi: Ci.nsIURIMutator },
{ method: "setUserPass", qi: Ci.nsIURIMutator },
{ method: "setPathQueryRef", qi: Ci.nsIURIMutator },
{ method: "setFileName", qi: Ci.nsIURLMutator },
{ method: "setFileExtension", qi: Ci.nsIURLMutator },
@@ -505,13 +506,13 @@ add_test(function test_emptyPassword() {
Assert.equal(url.spec, "http://a:pp@example.com/");
url.password = "";
Assert.equal(url.spec, "http://a@example.com/");
url.userPass = "xxx:";
url = url.mutate().setUserPass("xxx:").finalize();
Assert.equal(url.spec, "http://xxx@example.com/");
url.password = "zzzz";
Assert.equal(url.spec, "http://xxx:zzzz@example.com/");
url.userPass = "xxxxx:yyyyyy";
url = url.mutate().setUserPass("xxxxx:yyyyyy").finalize();
Assert.equal(url.spec, "http://xxxxx:yyyyyy@example.com/");
url.userPass = "z:";
url = url.mutate().setUserPass("z:").finalize();
Assert.equal(url.spec, "http://z@example.com/");
url.password = "ppppppppppp";
Assert.equal(url.spec, "http://z:ppppppppppp@example.com/");

4
toolkit/components/search/nsSearchService.js
View File

@@ -4208,7 +4208,9 @@ SearchService.prototype = {
if (sendSubmissionURL) {
let uri = engine._getURLOfType("text/html")
.getSubmission("", engine, "searchbar").uri;
uri.userPass = ""; // Avoid reporting a username or password.
uri = uri.mutate()
.setUserPass("") // Avoid reporting a username or password.
.finalize();
result.submissionURL = uri.spec;
}
}

23
toolkit/components/url-classifier/nsUrlClassifierUtils.cpp
View File

@@ -6,6 +6,7 @@
#include "nsEscape.h"
#include "nsString.h"
#include "nsIURI.h"
#include "nsIURIMutator.h"
#include "nsIURL.h"
#include "nsUrlClassifierUtils.h"
#include "nsTArray.h"
@@ -479,21 +480,17 @@ GetSpecWithoutSensitiveData(nsIURI* aUri, nsACString &aSpec)
return NS_ERROR_INVALID_ARG;
}
nsCOMPtr<nsIURI> clone;
// Clone to make the uri mutable
nsresult rv = aUri->CloneIgnoringRef(getter_AddRefs(clone));
nsCOMPtr<nsIURL> url(do_QueryInterface(clone));
nsresult rv;
nsCOMPtr<nsIURL> url(do_QueryInterface(aUri));
if (url) {
rv = url->SetQuery(EmptyCString());
nsCOMPtr<nsIURI> clone;
rv = NS_MutateURI(url)
.SetQuery(EmptyCString())
.SetRef(EmptyCString())
.SetUserPass(EmptyCString())
.Finalize(clone);
NS_ENSURE_SUCCESS(rv, rv);
rv = url->SetRef(EmptyCString());
NS_ENSURE_SUCCESS(rv, rv);
rv = url->SetUserPass(EmptyCString());
NS_ENSURE_SUCCESS(rv, rv);
rv = url->GetAsciiSpec(aSpec);
rv = clone->GetAsciiSpec(aSpec);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;

10
toolkit/content/browser-child.js
View File

@@ -187,10 +187,12 @@ var WebProgressListener = {
: null;
if (AppConstants.MOZ_CRASHREPORTER && CrashReporter.enabled) {
let uri = aLocationURI.clone();
let uri = aLocationURI;
try {
// If the current URI contains a username/password, remove it.
uri.userPass = "";
uri = uri.mutate()
.setUserPass("")
.finalize();
} catch (ex) { /* Ignore failures on about: URIs. */ }
CrashReporter.annotateCrashReport("URL", uri.spec);
}
@@ -340,7 +342,9 @@ var WebNavigation = {
try {
let url = Services.io.newURI(uri);
// If the current URI contains a username/password, remove it.
url.userPass = "";
url = url.mutate()
.setUserPass("")
.finalize();
annotation = url.spec;
} catch (ex) { /* Ignore failures to parse and failures
on about: URIs. */ }

4
toolkit/modules/PageMetadata.jsm
View File

@@ -288,7 +288,9 @@ var PageMetadata = {
return null;
}
uri.userPass = "";
uri = uri.mutate()
.setUserPass("")
.finalize();
return uri.spec;
},

6
toolkit/mozapps/downloads/nsHelperAppDlg.js
View File

@@ -592,9 +592,11 @@ nsUnknownContentTypeDialog.prototype = {
if (!pathString) {
// wasn't a fileURL
var tmpurl = url.clone(); // don't want to change the real url
var tmpurl = url; // don't want to change the real url
try {
tmpurl.userPass = "";
tmpurl = tmpurl.mutate()
.setUserPass("")
.finalize();
} catch (ex) {}
pathString = tmpurl.prePath;
}