CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/08/18 17:47:31
Modified files:
. : ChangeLog
server/vm : ASHandlers.cpp
Log message:
* server/vm/ASHandlers.cpp (CommonGetUrl): always check
for URL (security). Give precedence to loadVariable calls
even if target is _level#. Fixes load of uptoten.com.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.4033&r2=1.4034
http://cvs.savannah.gnu.org/viewcvs/gnash/server/vm/ASHandlers.cpp?cvsroot=gnash&r1=1.119&r2=1.120
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.4033
retrieving revision 1.4034
diff -u -b -r1.4033 -r1.4034
--- ChangeLog 18 Aug 2007 16:48:43 -0000 1.4033
+++ ChangeLog 18 Aug 2007 17:47:30 -0000 1.4034
@@ -1,5 +1,8 @@
2007-08-18 Sandro Santilli <[EMAIL PROTECTED]>
+ * server/vm/ASHandlers.cpp (CommonGetUrl): always check
+ for URL (security). Give precedence to loadVariable calls
+ even if target is _level#. Fixes load of uptoten.com.
* plugin/plugin.cpp: Use the environmental variable
GNASH_PLUGIN_DESCRIPTION for the plugin description
(when set).
Index: server/vm/ASHandlers.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/vm/ASHandlers.cpp,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -b -r1.119 -r1.120
--- server/vm/ASHandlers.cpp 10 Aug 2007 14:06:36 -0000 1.119
+++ server/vm/ASHandlers.cpp 18 Aug 2007 17:47:31 -0000 1.120
@@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
//
-/* $Id: ASHandlers.cpp,v 1.119 2007/08/10 14:06:36 strk Exp $ */
+/* $Id: ASHandlers.cpp,v 1.120 2007/08/18 17:47:31 strk Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -1818,18 +1818,21 @@
const URL& baseurl = get_base_url();
URL url(url_s, baseurl);
- log_msg(_("get url: target=%s, url=%s (%s), method=%x"),
target_string.c_str(),
- url.str().c_str(), url_c, method);
+ log_msg(_("get url: target=%s, url=%s (%s), method=%x (sendVars:%X,
loadTarget:%d, loadVariable:%d)"), target_string.c_str(),
+ url.str().c_str(), url_c, method, sendVarsMethod,
loadTargetFlag, loadVariableFlag);
- if ( target_string.compare(0, 6, "_level") == 0 &&
target_string.find_first_not_of("0123456789", 7) == string::npos )
+ if ( ! URLAccessManager::allow(url) )
{
- unsigned int levelno = atoi(target_string.c_str()+6);
- log_debug(_("Testing _level loading (level %u)"), levelno);
- VM::get().getRoot().loadLevel(levelno, url);
+ return;
}
- else if ( loadTargetFlag )
- {
+
character* target_ch = env.find_target(target);
+ sprite_instance* target_movie = target_ch ? target_ch->to_movie() : 0;
+
+ if ( loadVariableFlag )
+ {
+ log_msg(_("getURL2 loadVariable"));
+
if ( ! target_ch )
{
log_error(_("get url: target %s not found"),
@@ -1837,7 +1840,6 @@
return;
}
- sprite_instance* target_movie = target_ch->to_movie();
if ( ! target_movie )
{
log_error(_("get url: target %s is not a sprite"),
@@ -1845,23 +1847,14 @@
return;
}
- if ( loadVariableFlag )
- {
- log_msg(_("getURL2 loadVariable"));
-
- //log_unimpl("Unhandled GetUrl2 loadVariable flag.
loadTargetFlag=%d, target=%s (%s)", loadTargetFlag, target.typeOf(),
target.to_string(&env).c_str());
target_movie->loadVariables(url, sendVarsMethod);
- }
- else
- {
- log_msg(_("getURL2 target load"));
- // Check host security
- if ( ! URLAccessManager::allow(url) )
- {
return;
}
+ if ( loadTargetFlag )
+ {
+ log_msg(_("getURL2 target load"));
if ( sendVarsMethod )
{
@@ -1870,13 +1863,30 @@
sendVarsMethod);
}
- target_movie->loadMovie(url);
+ if ( ! target_ch )
+ {
+ if ( target_string.compare(0, 6, "_level") == 0 &&
target_string.find_first_not_of("0123456789", 7) == string::npos )
+ {
+ unsigned int levelno =
atoi(target_string.c_str()+6);
+ log_debug(_("Testing _level loading (level
%u)"), levelno);
+ VM::get().getRoot().loadLevel(levelno, url);
+ return;
}
+
+ log_error(_("get url: target %s not found"),
+ target_string.c_str());
+ return;
}
- else
- {
- if ( ! URLAccessManager::allow(url) )
+
+ if ( ! target_movie )
{
+ log_error(_("get url: target %s is not a sprite"),
+ target_string.c_str());
+ return;
+ }
+
+ target_movie->loadMovie(url);
+
return;
}
@@ -1889,18 +1899,23 @@
#ifndef __OS2__x
string command = "firefox -remote \"openurl(";
-#else
-static char browserExe[ 255 ] = "";
+#else // def __OS2__x
+ static char browserExe[ 255 ] = "";
- if ( browserExe[0] == 0 ) {
- PrfQueryProfileString( HINI_USER, (PSZ) "WPURLDEFAULTSETTINGS", (PSZ)
"DefaultBrowserExe", NULL,
+ if ( browserExe[0] == 0 )
+ {
+ PrfQueryProfileString( HINI_USER, (PSZ) "WPURLDEFAULTSETTINGS",
+ (PSZ) "DefaultBrowserExe", NULL,
(PVOID) browserExe, (LONG)sizeof(browserExe) );
}
+
string command = browserExe;
command += " -remote \"openurl(";
-#endif
+#endif // def __OS2__x
+
command += url.str();
-#if 0 // target testing
+
+#if 0 // target testing TODO: should we enable this by default?
if ( ! target_string.empty() )
{
command += ", " + target_string;
@@ -1909,7 +1924,7 @@
command += ")\"";
log_msg (_("Launching URL... %s"), command.c_str());
system(command.c_str());
- }
+
}
// Common code for SetTarget and SetTargetExpression. See:
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit
