wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 821671 - Check alarm API parameters in the parent (part 3, Alarm API). r=sicking

Browse Source
This commit is contained in:
Gene Lian 2012-12-22 19:47:23 +08:00
parent 6673f04f25
commit aaec3a9556
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dom/alarm/AlarmService.jsm
View File

@ -83,19 +83,23 @@ this.AlarmService = {
receiveMessage: function receiveMessage(aMessage) {
debug("receiveMessage(): " + aMessage.name);
let json = aMessage.json;
// To prevent hacked child processes from sending commands to parent
// to schedule alarms, we need to check their installed permissions.
// To prevent the hacked child process from sending commands to parent
// to schedule alarms, we need to check its permission and manifest URL.
if (["AlarmsManager:GetAll", "AlarmsManager:Add", "AlarmsManager:Remove"]
.indexOf(aMessage.name) != -1) {
if (!aMessage.target.assertPermission("alarms")) {
debug("Got message from a child process with no 'alarms' permission.");
return null;
}
if (!aMessage.target.assertContainApp(json.manifestURL)) {
debug("Got message from a child process containing illegal manifest URL.");
return null;
}
}
let mm = aMessage.target.QueryInterface(Ci.nsIMessageSender);
let json = aMessage.json;
switch (aMessage.name) {
case "AlarmsManager:GetAll":
this._db.getAll(