bool CSPDirectiveList::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
if (url.protocolIsAbout())
return true;
return reportingStatus == ContentSecurityPolicy::SendReport ?
checkSourceAndReportViolation(operativeDirective(m_objectSrc.get()), url, ContentSecurityPolicy::ObjectSrc) :
checkSource(operativeDirective(m_objectSrc.get()), url);
}
bool CSPDirectiveList::allowChildFrameFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
if (url.protocolIsAbout())
return true;
// 'frame-src' is the only directive which overrides something other than the default sources.
// It overrides 'child-src', which overrides the default sources. So, we do this nested set
// of calls to 'operativeDirective()' to grab 'frame-src' if it exists, 'child-src' if it
// doesn't, and 'defaut-src' if neither are available.
SourceListDirective* whichDirective = operativeDirective(m_frameSrc.get(), operativeDirective(m_childSrc.get()));
return reportingStatus == ContentSecurityPolicy::SendReport ?
checkSourceAndReportViolation(whichDirective, url, ContentSecurityPolicy::FrameSrc) :
checkSource(whichDirective, url);
}
bool CSPDirectiveList::checkSourceAndReportViolation(SourceListDirective* directive, const KURL& url, const String& effectiveDirective) const
{
if (checkSource(directive, url))
return true;
String prefix;
if (ContentSecurityPolicy::BaseURI == effectiveDirective)
prefix = "Refused to set the document's base URI to '";
else if (ContentSecurityPolicy::ChildSrc == effectiveDirective)
prefix = "Refused to create a child context containing '";
else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective)
prefix = "Refused to connect to '";
else if (ContentSecurityPolicy::FontSrc == effectiveDirective)
prefix = "Refused to load the font '";
else if (ContentSecurityPolicy::FormAction == effectiveDirective)
prefix = "Refused to send form data to '";
else if (ContentSecurityPolicy::FrameSrc == effectiveDirective)
prefix = "Refused to frame '";
else if (ContentSecurityPolicy::ImgSrc == effectiveDirective)
prefix = "Refused to load the image '";
else if (ContentSecurityPolicy::MediaSrc == effectiveDirective)
prefix = "Refused to load media from '";
else if (ContentSecurityPolicy::ManifestSrc == effectiveDirective)
prefix = "Refused to load manifest from '";
else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective)
prefix = "Refused to load plugin data from '";
else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective)
prefix = "Refused to load the script '";
else if (ContentSecurityPolicy::StyleSrc == effectiveDirective)
prefix = "Refused to load the stylesheet '";
String suffix = String();
if (directive == m_defaultSrc)
suffix = " Note that '" + effectiveDirective + "' was not explicitly set, so 'default-src' is used as a fallback.";
reportViolation(directive->text(), effectiveDirective, prefix + url.elidedString() + "' because it violates the following Content Security Policy directive: \"" + directive->text() + "\"." + suffix + "\n", url);
return denyIfEnforcingPolicy();
}
bool CSPDirectiveList::allowChildContextFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return reportingStatus == ContentSecurityPolicy::SendReport ?
checkSourceAndReportViolation(operativeDirective(m_childSrc.get()), url, ContentSecurityPolicy::ChildSrc) :
checkSource(operativeDirective(m_childSrc.get()), url);
}
bool CSPDirectiveList::allowBaseURI(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return reportingStatus == ContentSecurityPolicy::SendReport ?
checkSourceAndReportViolation(m_baseURI.get(), url, ContentSecurityPolicy::BaseURI) :
checkSource(m_baseURI.get(), url);
}
void LongTimeAction::successAction() {
checkSource();
checkTarget();
if (_actionrunning) {
_actionrunning = false;
if (_at == ACTION_CRAFT) {
if (_source.Type == LUA_DIALOG) {
_owner->executeCraftingDialogCraftingComplete(_source.dialog);
return;
}
} else if (_script) {
if ((_at == ACTION_USE)) {
//a itemscript
if (_source.Type == LUA_ITEM) {
boost::shared_ptr<LuaItemScript>itScript = boost::dynamic_pointer_cast<LuaItemScript>(_script);
if (_target.Type == LUA_ITEM || _target.Type == LUA_NONE) {
itScript->UseItem(_owner, _source.item, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
}
}
//a tilescript
else if (_source.Type == LUA_FIELD) {
boost::shared_ptr<LuaTileScript>tiScript = boost::dynamic_pointer_cast<LuaTileScript>(_script);
if (_target.Type == LUA_NONE) {
tiScript->useTile(_owner, _source.pos, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
}
}
//a character
else if (_source.Type == LUA_CHARACTER) {
//a monster
if (_sourceCharType == Character::monster) {
boost::shared_ptr<LuaMonsterScript>monScript = boost::dynamic_pointer_cast<LuaMonsterScript>(_script);
if (_target.Type == LUA_NONE) {
monScript->useMonster(_source.character,_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
}
}
//a npc
else if (_sourceCharType == Character::npc) {
boost::shared_ptr<LuaNPCScript>npcScript = boost::dynamic_pointer_cast<LuaNPCScript>(_script);
if (_target.Type == LUA_NONE) {
npcScript->useNPC(_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
}
}
}
} else if ((_at == ACTION_MAGIC)) {
boost::shared_ptr<LuaMagicScript>mgScript = boost::dynamic_pointer_cast<LuaMagicScript>(_script);
if (_target.Type == LUA_NONE) {
mgScript->CastMagic(_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
} else if (_target.Type == LUA_FIELD) {
mgScript->CastMagicOnField(_owner,_target.pos, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
} else if (_target.Type == LUA_CHARACTER) {
mgScript->CastMagicOnCharacter(_owner,_target.character, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
//Todo add ki handling here
} else if (_target.Type == LUA_ITEM) {
mgScript->CastMagicOnItem(_owner,_target.item, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
}
}
}
}
if (!_actionrunning) {
_script.reset();
delete _redoaniTimer;
_redoaniTimer = NULL;
delete _redosoundTimer;
_redosoundTimer = NULL;
delete _timetowaitTimer;
_timetowaitTimer = NULL;
_ani = 0;
_sound = 0;
}
}
bool LongTimeAction::actionDisturbed(Character *disturber) {
checkSource();
checkTarget();
if (_actionrunning) {
if (_at == ACTION_CRAFT) {
if (_source.Type == LUA_DIALOG) {
_actionrunning = false;
_owner->executeCraftingDialogCraftingAborted(_source.dialog);
}
} else if (_script) {
bool disturbed = false;
if ((_at == ACTION_USE)) {
if (_source.Type == LUA_ITEM) {
boost::shared_ptr<LuaItemScript>itemScript = boost::dynamic_pointer_cast<LuaItemScript>(_script);
if (itemScript->existsEntrypoint("actionDisturbed")) {
disturbed = itemScript->actionDisturbed(_owner, disturber);
}
} else if (_source.Type == LUA_FIELD) {
boost::shared_ptr<LuaTileScript>tileScript = boost::dynamic_pointer_cast<LuaTileScript>(_script);
if (tileScript->existsEntrypoint("actionDisturbed")) {
disturbed = tileScript->actionDisturbed(_owner, disturber);
}
} else if (_source.Type == LUA_CHARACTER) {
if (_sourceCharType == Character::monster) {
boost::shared_ptr<LuaMonsterScript>monsterScript = boost::dynamic_pointer_cast<LuaMonsterScript>(_script);
if (monsterScript->existsEntrypoint("actionDisturbed")) {
disturbed = monsterScript->actionDisturbed(_owner, disturber);
}
} else if (_sourceCharType == Character::npc) {
boost::shared_ptr<LuaNPCScript>npcScript = boost::dynamic_pointer_cast<LuaNPCScript>(_script);
if (npcScript->existsEntrypoint("actionDisturbed")) {
disturbed = npcScript->actionDisturbed(_owner, disturber);
}
}
}
} else if ((_at == ACTION_MAGIC)) {
boost::shared_ptr<LuaMagicScript>magicScript = boost::dynamic_pointer_cast<LuaMagicScript>(_script);
if (magicScript->existsEntrypoint("actionDisturbed")) {
disturbed = magicScript->actionDisturbed(_owner, disturber);
}
}
if (disturbed) {
abortAction();
return true;
} else {
return false;
}
} else {
_actionrunning = false;
}
}
return false;
}
bool CSPDirectiveList::allowFormAction(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return reportingStatus == ContentSecurityPolicy::SendReport ? checkSourceAndReportViolation(m_formAction.get(), url, ContentSecurityPolicy::FormAction, redirectStatus) : checkSource(m_formAction.get(), url, redirectStatus);
}
bool CSPDirectiveList::allowConnectToSource(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return reportingStatus == ContentSecurityPolicy::SendReport ? checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, ContentSecurityPolicy::ConnectSrc, redirectStatus) : checkSource(operativeDirective(m_connectSrc.get()), url, redirectStatus);
}