CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/11/12 23:17:21
Modified files:
. : ChangeLog
server : StreamProvider.cpp sprite_instance.cpp
Log message:
* server/StreamProvider.cpp (getStream): check security
for post streams too.
* server/sprite_instance.cpp (loadVariables):
Don't abort on not-found url. Don't check security
here as it will be checked by LoadVariablesThread.
Fixes sheepy.swf.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.4838&r2=1.4839
http://cvs.savannah.gnu.org/viewcvs/gnash/server/StreamProvider.cpp?cvsroot=gnash&r1=1.22&r2=1.23
http://cvs.savannah.gnu.org/viewcvs/gnash/server/sprite_instance.cpp?cvsroot=gnash&r1=1.381&r2=1.382
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.4838
retrieving revision 1.4839
diff -u -b -r1.4838 -r1.4839
--- ChangeLog 12 Nov 2007 19:24:28 -0000 1.4838
+++ ChangeLog 12 Nov 2007 23:17:21 -0000 1.4839
@@ -1,3 +1,12 @@
+2007-11-13 Sandro Santilli <[EMAIL PROTECTED]>
+
+ * server/StreamProvider.cpp (getStream): check security
+ for post streams too.
+ * server/sprite_instance.cpp (loadVariables):
+ Don't abort on not-found url. Don't check security
+ here as it will be checked by LoadVariablesThread.
+ Fixes sheepy.swf.
+
2007-11-12 Udo Giacomozzi <[EMAIL PROTECTED]>
* server/parser/shape_character_def.cpp: point_test_local bugfix:
Index: server/StreamProvider.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/StreamProvider.cpp,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -b -r1.22 -r1.23
--- server/StreamProvider.cpp 29 Oct 2007 21:07:33 -0000 1.22
+++ server/StreamProvider.cpp 12 Nov 2007 23:17:21 -0000 1.23
@@ -120,6 +120,7 @@
}
else
{
+ if ( ! URLAccessManager::allow(url) ) return NULL;
FILE *newin = fopen(path.c_str(), "rb");
if (!newin) {
return NULL;
Index: server/sprite_instance.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/sprite_instance.cpp,v
retrieving revision 1.381
retrieving revision 1.382
diff -u -b -r1.381 -r1.382
--- server/sprite_instance.cpp 11 Nov 2007 18:01:12 -0000 1.381
+++ server/sprite_instance.cpp 12 Nov 2007 23:17:21 -0000 1.382
@@ -3611,18 +3611,24 @@
sprite_instance::loadVariables(const URL& url, short sendVarsMethod)
{
// Check host security
- if ( ! URLAccessManager::allow(url) )
- {
- return;
- }
+ // will be done by LoadVariablesThread (down by getStream, that is)
+ //if ( ! URLAccessManager::allow(url) ) return;
if ( sendVarsMethod )
{
log_unimpl(_("MovieClip.loadVariables() with GET/POST won't
append vars for now"));
}
+ try
+ {
_loadVariableRequests.push_back(new LoadVariablesThread(url));
_loadVariableRequests.back()->process();
+ }
+ catch (NetworkException& ex)
+ {
+ log_error(_("Could not load variables from %s"),
url.str().c_str());
+ }
+
//log_msg(_(SIZET_FMT " loadVariables requests pending"),
_loadVariableRequests.size());
}
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit
