From e232355f79632031d6db844d330eb92379882970 Mon Sep 17 00:00:00 2001 From: "dveditz%cruzio.com" Date: Tue, 25 Jul 2006 01:04:33 +0000 Subject: [PATCH] Bug 343473: UniversalXPConnect privs should allow access to chrome DOM nodes (regression from bug 340107). r=bzbarsky, sr=sicking, a=mconnor --- content/base/src/nsContentUtils.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index abd8c82a5c64..8ed8a8efc93f 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -747,17 +747,20 @@ nsContentUtils::CanCallerAccess(nsIDOMNode *aNode) nsCOMPtr node = do_QueryInterface(aNode); NS_ENSURE_TRUE(node, PR_FALSE); + nsresult rv; + PRBool enabled = PR_FALSE; nsIPrincipal* nodePrincipal = node->NodePrincipal(); if (nodePrincipal == systemPrincipal) { - // we already know subjectPrincipal isn't the systemPrincipal so if - // the object principal is they cannot match. Bail out now to + // we know subjectPrincipal != systemPrincipal so we can only + // access the object if UniversalXPConnect is enabled. We can // avoid wasting time in CheckSameOriginPrincipal - return PR_FALSE; + rv = sSecurityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled); + return NS_SUCCEEDED(rv) && enabled; } - nsresult rv = sSecurityManager-> - CheckSameOriginPrincipal(subjectPrincipal, nodePrincipal); + rv = sSecurityManager->CheckSameOriginPrincipal(subjectPrincipal, + nodePrincipal); if (NS_SUCCEEDED(rv)) { return PR_TRUE; } @@ -765,11 +768,8 @@ nsContentUtils::CanCallerAccess(nsIDOMNode *aNode) // see if the caller has otherwise been given the ability to touch // input args to DOM methods - PRBool enabled = PR_FALSE; - rv = sSecurityManager->IsCapabilityEnabled("UniversalBrowserRead", - &enabled); - NS_ENSURE_SUCCESS(rv, PR_FALSE); - return enabled; + rv = sSecurityManager->IsCapabilityEnabled("UniversalBrowserRead", &enabled); + return NS_SUCCEEDED(rv) && enabled; } //static