diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2017-10-06 20:12:54 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-08 11:58:23 +0100 |
commit | b62fce0dc0c77a5788c331db32b3996e4020e2a5 (patch) | |
tree | 8cb1a4758b16d9caae55f525b73f5fca3824b4f7 /toolkit/components | |
parent | bfa65f5d5f4fc1a1330acc91945d0587ddf65104 (diff) | |
download | UXP-b62fce0dc0c77a5788c331db32b3996e4020e2a5.tar UXP-b62fce0dc0c77a5788c331db32b3996e4020e2a5.tar.gz UXP-b62fce0dc0c77a5788c331db32b3996e4020e2a5.tar.lz UXP-b62fce0dc0c77a5788c331db32b3996e4020e2a5.tar.xz UXP-b62fce0dc0c77a5788c331db32b3996e4020e2a5.zip |
Confirm launch of executables other than .exe on Windows
Diffstat (limited to 'toolkit/components')
-rw-r--r-- | toolkit/components/jsdownloads/src/DownloadIntegration.jsm | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/toolkit/components/jsdownloads/src/DownloadIntegration.jsm b/toolkit/components/jsdownloads/src/DownloadIntegration.jsm index 5fed9212a..1d289c24d 100644 --- a/toolkit/components/jsdownloads/src/DownloadIntegration.jsm +++ b/toolkit/components/jsdownloads/src/DownloadIntegration.jsm @@ -28,6 +28,8 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "AsyncShutdown", "resource://gre/modules/AsyncShutdown.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "AppConstants", + "resource://gre/modules/AppConstants.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask", "resource://gre/modules/DeferredTask.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "Downloads", @@ -675,20 +677,6 @@ this.DownloadIntegration = { launchDownload: Task.async(function* (aDownload) { let file = new FileUtils.File(aDownload.target.path); -#ifndef XP_WIN - // Ask for confirmation if the file is executable, except on Windows where - // the operating system will show the prompt based on the security zone. - // We do this here, instead of letting the caller handle the prompt - // separately in the user interface layer, for two reasons. The first is - // because of its security nature, so that add-ons cannot forget to do - // this check. The second is that the system-level security prompt would - // be displayed at launch time in any case. - if (file.isExecutable() && - !(yield this.confirmLaunchExecutable(file.path))) { - return; - } -#endif - // In case of a double extension, like ".tar.gz", we only // consider the last one, because the MIME service cannot // handle multiple extensions. @@ -698,6 +686,21 @@ this.DownloadIntegration = { fileExtension = match[1]; } + let isWindowsExe = AppConstants.platform == "win" && + fileExtension.toLowerCase() == "exe"; + + // Ask for confirmation if the file is executable, except for .exe on + // Windows where the operating system will show the prompt based on the + // security zone. We do this here, instead of letting the caller handle + // the prompt separately in the user interface layer, for two reasons. The + // first is because of its security nature, so that add-ons cannot forget + // to do this check. The second is that the system-level security prompt + // would be displayed at launch time in any case. + if (file.isExecutable() && !isWindowsExe && + !(await this.confirmLaunchExecutable(file.path))) { + return; + } + try { // The MIME service might throw if contentType == "" and it can't find // a MIME type for the given extension, so we'll treat this case as |