ma1 pushed to branch base-browser-128.9.0esr-14.5-1 at The Tor Project / Applications / Tor Browser
Commits: 0d535706 by Ray Kraesig at 2025-04-07T23:54:35+02:00 Bug 1950056 - extend use of FOS_NODEREFERENCELINKS r=Gijs,win-reviewers,gstoll In the modern era of user-customizable Quick Access sidebars on every file dialog, navigating via `.lnk` files is rather less useful than it was twenty years ago. Disable link-following in file-open dialogs by default, to prevent any of the usual security issues involving symlink smuggling. Allow overriding this behavior via a pref, for users who don't care. (File-save dialogs have a more nuanced guard against that sort of thing; this patch doesn't affect that.) Differential Revision: https://phabricator.services.mozilla.com/D239833 - - - - - 2 changed files: - modules/libpref/init/StaticPrefList.yaml - widget/windows/nsFilePicker.cpp Changes: ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -16899,6 +16899,17 @@ value: 0 mirror: always +# Whether to follow `.lnk` (etc.) shortcuts in the Windows file-open dialog. +# +# Valid values: +# * 0: never +# * 1: always +# * 2: auto +- name: widget.windows.follow_shortcuts_on_file_open + type: RelaxedAtomicInt32 + value: 2 + mirror: always + # The number of messages of each type to keep for display in # about:windows-messages - name: widget.windows.messages_to_log ===================================== widget/windows/nsFilePicker.cpp ===================================== @@ -614,19 +614,29 @@ nsFilePicker::ShowFilePicker(const nsString& aInitialDir) { // mode specific switch (mMode) { + case modeOpenMultiple: + fos |= FOS_ALLOWMULTISELECT; + [[fallthrough]]; + case modeOpen: fos |= FOS_FILEMUSTEXIST; - break; - - case modeOpenMultiple: - fos |= FOS_FILEMUSTEXIST | FOS_ALLOWMULTISELECT; + switch (mozilla::StaticPrefs:: + widget_windows_follow_shortcuts_on_file_open()) { + case 1: + break; + default: + fos |= FOS_NODEREFERENCELINKS; + } break; case modeSave: fos |= FOS_NOREADONLYRETURN; - // Don't follow shortcuts when saving a shortcut, this can be used - // to trick users (bug 271732) - if (IsDefaultPathLink()) fos |= FOS_NODEREFERENCELINKS; + // Don't follow shortcuts when saving a shortcut; this can be used to + // trick users (bug 271732). _Do_ follow shortcuts when not saving a + // shortcut (bug 283730). + if (IsDefaultPathLink()) { + fos |= FOS_NODEREFERENCELINKS; + } break; case modeGetFolder: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0d53570664d9a4fbeaf6287ef65f7946afb8aea1 -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0d53570664d9a4fbeaf6287ef65f7946afb8aea1 You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________ tbb-commits mailing list -- [email protected] To unsubscribe send an email to [email protected]
