NS_IMETHODIMP
SocketTransportShim::GetHost(nsACString & aHost)
{
return mWrapped->GetHost(aHost);
}
nsresult nsChromeRegistry::Canonify(nsCOMPtr<nsIURI>& aChromeURL) {
NS_NAMED_LITERAL_CSTRING(kSlash, "/");
nsresult rv;
nsAutoCString provider, path;
rv = GetProviderAndPath(aChromeURL, provider, path);
NS_ENSURE_SUCCESS(rv, rv);
if (path.IsEmpty()) {
nsAutoCString package;
rv = aChromeURL->GetHost(package);
NS_ENSURE_SUCCESS(rv, rv);
// we re-use the "path" local string to build a new URL path
path.Assign(kSlash + provider + kSlash + package);
if (provider.EqualsLiteral("content")) {
path.AppendLiteral(".xul");
} else if (provider.EqualsLiteral("locale")) {
path.AppendLiteral(".dtd");
} else if (provider.EqualsLiteral("skin")) {
path.AppendLiteral(".css");
} else {
return NS_ERROR_INVALID_ARG;
}
return NS_MutateURI(aChromeURL).SetPathQueryRef(path).Finalize(aChromeURL);
} else {
// prevent directory traversals ("..")
// path is already unescaped once, but uris can get unescaped twice
const char* pos = path.BeginReading();
const char* end = path.EndReading();
// Must start with [a-zA-Z0-9].
if (!('a' <= *pos && *pos <= 'z') && !('A' <= *pos && *pos <= 'Z') &&
!('0' <= *pos && *pos <= '9')) {
return NS_ERROR_DOM_BAD_URI;
}
while (pos < end) {
switch (*pos) {
case ':':
return NS_ERROR_DOM_BAD_URI;
case '.':
if (pos[1] == '.') return NS_ERROR_DOM_BAD_URI;
break;
case '%':
// chrome: URIs with double-escapes are trying to trick us.
// watch for %2e, and %25 in case someone triple unescapes
if (pos[1] == '2' &&
(pos[2] == 'e' || pos[2] == 'E' || pos[2] == '5'))
return NS_ERROR_DOM_BAD_URI;
break;
case '?':
case '#':
pos = end;
continue;
}
++pos;
}
}
return NS_OK;
}
