Backed out changeset e1b320fb4503 (bug 1914858) for causing xpcshell failures on test_filename_sanitize.js and test_DownloadPaths.js

uriloader/exthandler/nsExternalHelperAppService.cpp

@@ -733,7 +733,7 @@ nsresult nsExternalHelperAppService::DoContentContentProcessHelper(
 
   uint32_t reason = nsIHelperAppLauncherDialog::REASON_CANTHANDLE;
 
-  SanitizeFileName(fileName, VALIDATE_SANITIZE_ONLY);
+  SanitizeFileName(fileName, 0);
 
   RefPtr<nsExternalAppHandler> handler =
       new nsExternalAppHandler(nullptr, u""_ns, aContentContext, aWindowContext,
@@ -3335,12 +3335,14 @@ nsExternalHelperAppService::ValidateFileNameForSaving(
                       aMimeType.EqualsLiteral(BINARY_OCTET_STREAM) ||
                       aMimeType.EqualsLiteral("application/x-msdownload");
 
-  bool urlIsFile = !!aURI && aURI->SchemeIs("file");
-
   // We don't want to save hidden files starting with a dot, so remove any
   // leading periods. This is done first, so that the remainder will be
   // treated as the filename, and not an extension.
-  fileName.Trim(".", true, false);
+  // Also, Windows ignores terminating dots. So we have to as well, so
+  // that our security checks do "the right thing"
+  fileName.Trim(".");
+
+  bool urlIsFile = !!aURI && aURI->SchemeIs("file");
 
   // We get the mime service here even though we're the default implementation
   // of it, so it's possible to override only the mime service and not need to
@@ -3534,14 +3536,6 @@ void nsExternalHelperAppService::SanitizeFileName(nsAString& aFileName,
                                                   uint32_t aFlags) {
   nsAutoString fileName(aFileName);
 
-  // If VALIDATE_SANITIZE_ONLY is not set, then the trimming of leading dots
-  // was already done at the start of ValidateFileNameForSaving.
-  if (aFlags & VALIDATE_SANITIZE_ONLY) {
-    fileName.Trim(".", true, false);
-  }
-
-  MOZ_ASSERT(fileName.IsEmpty() || fileName.CharAt(0) != '.');
-
   // Replace known invalid characters.
   fileName.ReplaceChar(u"" KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS "%",
                        u'_');
@@ -3624,21 +3618,25 @@ void nsExternalHelperAppService::SanitizeFileName(nsAString& aFileName,
       }
     } else {
       lastWasWhitespace = false;
-
-      // Don't add any periods or vowel separators at the beginning
-      //  of the string.
       if (nextChar == '.' || nextChar == u'\u180e') {
+        // Don't add any periods or vowel separators at the beginning of the
+        // string. Note also that lastNonTrimmable is not adjusted in this
+        // case, because periods and vowel separators are included in the
+        // set of characters to trim at the end of the filename.
         if (outFileName.IsEmpty()) {
+          continue;
+        }
+      } else {
+        if (unicodeCategory == HB_UNICODE_GENERAL_CATEGORY_FORMAT) {
+          // Replace formatting characters with an underscore.
           nextChar = '_';
         }
-      } else if (unicodeCategory == HB_UNICODE_GENERAL_CATEGORY_FORMAT) {
-        // Replace formatting characters with an underscore.
-        nextChar = '_';
-      }
 
-      // Don't truncate surrogate pairs in the middle.
-      lastNonTrimmable = int32_t(outFileName.Length()) +
-                         (NS_IS_HIGH_SURROGATE(H_SURROGATE(nextChar)) ? 2 : 1);
+        // Don't truncate surrogate pairs in the middle.
+        lastNonTrimmable =
+            int32_t(outFileName.Length()) +
+            (NS_IS_HIGH_SURROGATE(H_SURROGATE(nextChar)) ? 2 : 1);
+      }
     }
 
     if (maxBytes) {
@@ -3722,14 +3720,6 @@ void nsExternalHelperAppService::SanitizeFileName(nsAString& aFileName,
     outFileName.Truncate(lastNonTrimmable);
   }
 
-  // Windows ignores terminating dots. Convert any trailing dots and
-  // vowel separators to underscores.
-  for (int32_t pos = outFileName.Length() - 1;
-       pos >= 0 && (outFileName[pos] == u'.' || outFileName[pos] == u'\u180e');
-       pos--) {
-    outFileName.Replace(pos, 1, '_');
-  }
-
   if (!(aFlags & VALIDATE_ALLOW_DIRECTORY_NAMES)) {
     nsAutoString extension;
     int32_t dotidx = outFileName.RFind(u".");

uriloader/exthandler/tests/mochitest/save_filenames.html

@@ -121,7 +121,7 @@
 
 <!-- unknown image type with no extension, but ending in many dots -->
 <img id="i31" src="http://localhost:8000/save_filename.sjs?type=otherimage&filename=extrapng..."
-     data-unknown="typeonly" data-nodrag="true" data-filename="extrapng___">
+     data-unknown="typeonly" data-nodrag="true" data-filename="extrapng">
 
 <!-- image type with no content-disposition filename specified -->
 <img id="i32" src="http://localhost:8000/save_filename.sjs?type=png" data-filename="save_filename.png">
@@ -235,7 +235,7 @@
 
 <!-- filename with leading and trailing periods -->
 <img id="i62" src="http://localhost:8000/save_filename.sjs?type=png&filename=..with..dots..png.."
-     data-filename="with..dots..png..png">
+     data-filename="with..dots..png">
 
 <!-- filename with non-ascii character -->
 <img id="i63" src="http://localhost:8000/base?type=png&filename=s%C3%B6meescapes.%C3%B7ng" data-filename="sömeescapes.png">
@@ -361,7 +361,7 @@
       data-filename="__ _&#x180e;&#x180e;_ spa ced.png__&#x180e;&#x180e;__">Link</a>
   <a id="download9" href="http://localhost:8000/base"
       download="  &nbsp;&#x180e;&#x180e;extraspace.png&#x180e;&#x180e;&nbsp;  "
-      data-filename="_&#x180e;extraspace.png__">Link</a>
+      data-filename="extraspace.png">Link</a>
 </span>
 
 <span id="links">

uriloader/exthandler/tests/unit/test_filename_sanitize.js

@@ -18,7 +18,7 @@ add_task(async function validate_filename_method() {
   Assert.equal(checkFilename("  whitespace.png  ", 0), "whitespace.png");
   Assert.equal(
     checkFilename(" .whitespaceanddots.png...", 0),
-    "_whitespaceanddots.png...png"
+    "whitespaceanddots.png"
   );
   Assert.equal(
     checkFilename("  \u00a0 \u00a0 extrawhitespace.png  \u00a0 \u00a0 ", 0),
@@ -36,7 +36,7 @@ add_task(async function validate_filename_method() {
 
   Assert.equal(
     checkFilename(" \u180e whit\u180ee.png \u180e", 0),
-    "_ whit\u180ee.png"
+    "whit\u180ee.png"
   );
   Assert.equal(checkFilename("簡単簡単簡単", 0), "簡単簡単簡単.png");
   Assert.equal(checkFilename(" happy\u061c\u2069.png", 0), "happy__.png");
@@ -367,7 +367,7 @@ add_task(async function validate_filename_method() {
       "text/unknown",
       0
     ),
-    "filename.local___",
+    "filename.local.download",
     "filename.lnk with vowel separators"
   );