mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 1369771 - Confirm launch of executables other than .exe on Windows r=Paolo
MozReview-Commit-ID: 2TbLbdMc3d3 --HG-- extra : rebase_source : 9380ca04af2d9a9dbf1bedba558231897ed9ff4f
This commit is contained in:
parent
8905fffed3
commit
f69d99cef4
@ -41,6 +41,8 @@ XPCOMUtils.defineLazyModuleGetter(this, "NetUtil",
|
||||
"resource://gre/modules/NetUtil.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "PluralForm",
|
||||
"resource://gre/modules/PluralForm.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "AppConstants",
|
||||
"resource://gre/modules/AppConstants.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "AppMenuNotifications",
|
||||
"resource://gre/modules/AppMenuNotifications.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "CustomizableUI",
|
||||
@ -426,8 +428,12 @@ this.DownloadsCommon = {
|
||||
throw new Error("aOwnerWindow must be a dom-window object");
|
||||
}
|
||||
|
||||
let isWindowsExe = AppConstants.platform == "win" &&
|
||||
aFile.leafName.toLowerCase().endsWith(".exe");
|
||||
|
||||
let promiseShouldLaunch;
|
||||
if (aFile.isExecutable()) {
|
||||
// Don't prompt on Windows for .exe since there will be a native prompt.
|
||||
if (aFile.isExecutable() && !isWindowsExe) {
|
||||
// We get a prompter for the provided window here, even though anchoring
|
||||
// to the most recently active window should work as well.
|
||||
promiseShouldLaunch =
|
||||
|
@ -28,6 +28,8 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "AsyncShutdown",
|
||||
"resource://gre/modules/AsyncShutdown.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "AppConstants",
|
||||
"resource://gre/modules/AppConstants.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask",
|
||||
"resource://gre/modules/DeferredTask.jsm");
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "Downloads",
|
||||
@ -635,20 +637,6 @@ this.DownloadIntegration = {
|
||||
async launchDownload(aDownload) {
|
||||
let file = new FileUtils.File(aDownload.target.path);
|
||||
|
||||
#ifndef XP_WIN
|
||||
// Ask for confirmation if the file is executable, except on Windows where
|
||||
// the operating system will show the prompt based on the security zone.
|
||||
// We do this here, instead of letting the caller handle the prompt
|
||||
// separately in the user interface layer, for two reasons. The first is
|
||||
// because of its security nature, so that add-ons cannot forget to do
|
||||
// this check. The second is that the system-level security prompt would
|
||||
// be displayed at launch time in any case.
|
||||
if (file.isExecutable() &&
|
||||
!(await this.confirmLaunchExecutable(file.path))) {
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
// In case of a double extension, like ".tar.gz", we only
|
||||
// consider the last one, because the MIME service cannot
|
||||
// handle multiple extensions.
|
||||
@ -658,6 +646,21 @@ this.DownloadIntegration = {
|
||||
fileExtension = match[1];
|
||||
}
|
||||
|
||||
let isWindowsExe = AppConstants.platform == "win" &&
|
||||
fileExtension.toLowerCase() == "exe";
|
||||
|
||||
// Ask for confirmation if the file is executable, except for .exe on
|
||||
// Windows where the operating system will show the prompt based on the
|
||||
// security zone. We do this here, instead of letting the caller handle
|
||||
// the prompt separately in the user interface layer, for two reasons. The
|
||||
// first is because of its security nature, so that add-ons cannot forget
|
||||
// to do this check. The second is that the system-level security prompt
|
||||
// would be displayed at launch time in any case.
|
||||
if (file.isExecutable() && !isWindowsExe &&
|
||||
!(await this.confirmLaunchExecutable(file.path))) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// The MIME service might throw if contentType == "" and it can't find
|
||||
// a MIME type for the given extension, so we'll treat this case as
|
||||
|
Loading…
Reference in New Issue
Block a user