From f5fd0729b6303933c1c67171eec1701fa4d8c55e Mon Sep 17 00:00:00 2001
From: Rick Pasetto <rick@lindenlab.com>
Date: Fri, 8 Jan 2010 12:18:21 -0800
Subject: FIX EXT-4052: don't bounce back if url does not pass whitelist

http://codereview.lindenlab.com/265005/show
---
 indra/newview/llviewermedia.h |  2 ++
 indra/newview/llvovolume.cpp  | 16 +++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/indra/newview/llviewermedia.h b/indra/newview/llviewermedia.h
index 5e4dd8ff30..ad08846f7e 100644
--- a/indra/newview/llviewermedia.h
+++ b/indra/newview/llviewermedia.h
@@ -202,6 +202,7 @@ public:
 	bool isMediaPaused();
 	bool hasMedia() const;
 	bool isMediaFailed() const { return mMediaSourceFailed; };
+	void setMediaFailed(bool val) { mMediaSourceFailed = val; }
 	void resetPreviousMediaState();
 	
 	void setDisabled(bool disabled);
@@ -311,6 +312,7 @@ public:
 	void setNavState(EMediaNavState state);
 	
 	void cancelMimeTypeProbe();
+		
 public:
 	// a single media url with some data and an impl.
 	LLPluginClassMedia* mMediaSource;
diff --git a/indra/newview/llvovolume.cpp b/indra/newview/llvovolume.cpp
index 55609621b3..310a4803f8 100644
--- a/indra/newview/llvovolume.cpp
+++ b/indra/newview/llvovolume.cpp
@@ -1852,12 +1852,22 @@ void LLVOVolume::mediaNavigateBounceBack(U8 texture_index)
 	if (mep && impl)
 	{
         std::string url = mep->getCurrentURL();
-        if (url.empty())
+		// If the url we're trying to "bounce back" to is either empty or not
+		// allowed by the whitelist, try the home url.  If *that* doesn't work,
+		// go to about:blank
+        if (url.empty() || !mep->checkCandidateUrl(url))
         {
             url = mep->getHomeURL();
         }
-        if (! url.empty())
-        {
+        if (url.empty() || !mep->checkCandidateUrl(url))
+		{
+			// The url to navigate back to is not good, and we have nowhere else
+			// to go.
+			LL_WARNS("MediaOnAPrim") << "FAILED to bounce back URL \"" << url << "\" -- unloading impl" << LL_ENDL;
+			impl->setMediaFailed(true);
+		}
+		else {
+			// Okay, navigate now
             LL_INFOS("MediaOnAPrim") << "bouncing back to URL: " << url << LL_ENDL;
             impl->navigateTo(url, "", false, true);
         }
-- 
cgit v1.2.3