diff options
author | Mnikolenko ProductEngine <mnikolenko@productengine.com> | 2013-10-22 12:47:16 +0300 |
---|---|---|
committer | Mnikolenko ProductEngine <mnikolenko@productengine.com> | 2013-10-22 12:47:16 +0300 |
commit | 28339afa157956d6ae4e68d0f8ce4eee6a254cfe (patch) | |
tree | d176514abec3322c339753dac231c617259a11a3 /indra | |
parent | 62a0ba3db4685e5572b05d4921e2fe9974af2ba7 (diff) |
MAINT-535 'trust model' is added for secondlife:// URLs in wiki style links. Chat history is marked as untrusted source now.
Diffstat (limited to 'indra')
-rwxr-xr-x | indra/llui/llscrolllistctrl.cpp | 2 | ||||
-rwxr-xr-x | indra/llui/lltextbase.cpp | 4 | ||||
-rwxr-xr-x | indra/llui/lltextbase.h | 5 | ||||
-rwxr-xr-x | indra/llui/llurlaction.cpp | 6 | ||||
-rwxr-xr-x | indra/llui/llurlaction.h | 4 | ||||
-rwxr-xr-x | indra/newview/llchathistory.cpp | 1 | ||||
-rwxr-xr-x | indra/newview/llurldispatcher.cpp | 6 | ||||
-rwxr-xr-x | indra/newview/llurldispatcher.h | 2 | ||||
-rwxr-xr-x | indra/newview/llurldispatcherlistener.cpp | 2 |
9 files changed, 19 insertions, 13 deletions
diff --git a/indra/llui/llscrolllistctrl.cpp b/indra/llui/llscrolllistctrl.cpp index 6e03f604a2..594e1e150b 100755 --- a/indra/llui/llscrolllistctrl.cpp +++ b/indra/llui/llscrolllistctrl.cpp @@ -1855,7 +1855,7 @@ void LLScrollListCtrl::showNameDetails(std::string id, bool is_group) // open the resident's details or the group details std::string sltype = is_group ? "group" : "agent"; std::string slurl = "secondlife:///app/" + sltype + "/" + id + "/about"; - LLUrlAction::clickAction(slurl); + LLUrlAction::clickAction(slurl, true); } void LLScrollListCtrl::copyNameToClipboard(std::string id, bool is_group) diff --git a/indra/llui/lltextbase.cpp b/indra/llui/lltextbase.cpp index 5ec4cf4fe5..4144a42fd6 100755 --- a/indra/llui/lltextbase.cpp +++ b/indra/llui/lltextbase.cpp @@ -167,6 +167,7 @@ LLTextBase::Params::Params() max_text_length("max_length", 255), font_shadow("font_shadow"), wrap("wrap"), + trusted_content("trusted_content", true), use_ellipses("use_ellipses", false), parse_urls("parse_urls", false), parse_highlights("parse_highlights", false) @@ -211,6 +212,7 @@ LLTextBase::LLTextBase(const LLTextBase::Params &p) mLineSpacingPixels(p.line_spacing.pixels), mClip(p.clip), mClipPartial(p.clip_partial && !p.allow_scroll), + mTrustedContent(p.trusted_content), mTrackEnd( p.track_end ), mScrollIndex(-1), mSelectionStart( 0 ), @@ -3164,7 +3166,7 @@ BOOL LLNormalTextSegment::handleMouseUp(S32 x, S32 y, MASK mask) // Only process the click if it's actually in this segment, not to the right of the end-of-line. if(mEditor.getSegmentAtLocalPos(x, y, false) == this) { - LLUrlAction::clickAction(getStyle()->getLinkHREF()); + LLUrlAction::clickAction(getStyle()->getLinkHREF(), mEditor.isContentTrusted()); return TRUE; } } diff --git a/indra/llui/lltextbase.h b/indra/llui/lltextbase.h index a74e97cac8..3603f55c3f 100755 --- a/indra/llui/lltextbase.h +++ b/indra/llui/lltextbase.h @@ -291,7 +291,8 @@ public: parse_urls, parse_highlights, clip, - clip_partial; + clip_partial, + trusted_content; Optional<S32> v_pad, h_pad; @@ -361,6 +362,7 @@ public: bool getWordWrap() { return mWordWrap; } bool getUseEllipses() { return mUseEllipses; } bool truncate(); // returns true of truncation occurred + bool isContentTrusted() {return mTrustedContent;} // TODO: move into LLTextSegment? void createUrlContextMenu(S32 x, S32 y, const std::string &url); // create a popup context menu for the given Url @@ -634,6 +636,7 @@ protected: bool mBGVisible; // render background? bool mClip; // clip text to widget rect bool mClipPartial; // false if we show lines that are partially inside bounding rect + bool mTrustedContent; // if false, does not allow to execute SURL links from this editor bool mPlainText; // didn't use Image or Icon segments bool mAutoIndent; S32 mMaxTextByteLength; // Maximum length mText is allowed to be in bytes diff --git a/indra/llui/llurlaction.cpp b/indra/llui/llurlaction.cpp index 23e574cb74..12537d9dd1 100755 --- a/indra/llui/llurlaction.cpp +++ b/indra/llui/llurlaction.cpp @@ -87,14 +87,14 @@ void LLUrlAction::executeSLURL(std::string url) { if (sExecuteSLURLCallback) { - sExecuteSLURLCallback(url); + sExecuteSLURLCallback(url ,true); } } -void LLUrlAction::clickAction(std::string url) +void LLUrlAction::clickAction(std::string url, bool trusted_content) { // Try to handle as SLURL first, then http Url - if ( (sExecuteSLURLCallback) && !sExecuteSLURLCallback(url) ) + if ( (sExecuteSLURLCallback) && !sExecuteSLURLCallback(url, trusted_content) ) { if (sOpenURLCallback) { diff --git a/indra/llui/llurlaction.h b/indra/llui/llurlaction.h index e731376b95..5f3626490c 100755 --- a/indra/llui/llurlaction.h +++ b/indra/llui/llurlaction.h @@ -66,7 +66,7 @@ public: static void showLocationOnMap(std::string url); /// perform the appropriate action for left-clicking on a Url - static void clickAction(std::string url); + static void clickAction(std::string url, bool trusted_content); /// copy the label for a Url to the clipboard static void copyLabelToClipboard(std::string url); @@ -86,7 +86,7 @@ public: /// specify the callbacks to enable this class's functionality typedef boost::function<void (const std::string&)> url_callback_t; - typedef boost::function<bool(const std::string& url)> execute_url_callback_t; + typedef boost::function<bool(const std::string& url, bool trusted_content)> execute_url_callback_t; static void setOpenURLCallback(url_callback_t cb); static void setOpenURLInternalCallback(url_callback_t cb); diff --git a/indra/newview/llchathistory.cpp b/indra/newview/llchathistory.cpp index 6c881b5717..69aeec3975 100755 --- a/indra/newview/llchathistory.cpp +++ b/indra/newview/llchathistory.cpp @@ -725,6 +725,7 @@ LLChatHistory::LLChatHistory(const LLChatHistory::Params& p) editor_params.follows.flags = FOLLOWS_ALL; editor_params.enabled = false; // read only editor_params.show_context_menu = "true"; + editor_params.trusted_content = false; mEditor = LLUICtrlFactory::create<LLTextEditor>(editor_params, this); mEditor->setIsFriendCallback(LLAvatarActions::isFriend); } diff --git a/indra/newview/llurldispatcher.cpp b/indra/newview/llurldispatcher.cpp index 00b15a5f26..0c34db39b5 100755 --- a/indra/newview/llurldispatcher.cpp +++ b/indra/newview/llurldispatcher.cpp @@ -307,7 +307,7 @@ bool LLURLDispatcher::dispatchRightClick(const std::string& slurl) } // static -bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl) +bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl, bool trusted_content) { // *NOTE: Text editors are considered sources of trusted URLs // in order to make avatar profile links in chat history work. @@ -315,9 +315,9 @@ bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl) // receiving resident will see it and must affirmatively // click on it. // *TODO: Make this trust model more refined. JC - const bool trusted_browser = true; + LLMediaCtrl* web = NULL; - return LLURLDispatcherImpl::dispatch(LLSLURL(slurl), "clicked", web, trusted_browser); + return LLURLDispatcherImpl::dispatch(LLSLURL(slurl), "clicked", web, trusted_content); } diff --git a/indra/newview/llurldispatcher.h b/indra/newview/llurldispatcher.h index 6309a97af5..9b05260af1 100755 --- a/indra/newview/llurldispatcher.h +++ b/indra/newview/llurldispatcher.h @@ -53,7 +53,7 @@ public: static bool dispatchRightClick(const std::string& slurl); - static bool dispatchFromTextEditor(const std::string& slurl); + static bool dispatchFromTextEditor(const std::string& slurl, bool trusted_content); }; #endif diff --git a/indra/newview/llurldispatcherlistener.cpp b/indra/newview/llurldispatcherlistener.cpp index c7b9afafef..7545f3a9b3 100755 --- a/indra/newview/llurldispatcherlistener.cpp +++ b/indra/newview/llurldispatcherlistener.cpp @@ -71,5 +71,5 @@ void LLURLDispatcherListener::dispatchRightClick(const LLSD& params) const void LLURLDispatcherListener::dispatchFromTextEditor(const LLSD& params) const { - LLURLDispatcher::dispatchFromTextEditor(params["url"]); + LLURLDispatcher::dispatchFromTextEditor(params["url"], false); } |