Пример #1
0
bool CSPDirectiveList::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    if (url.protocolIsAbout())
        return true;
    return reportingStatus == ContentSecurityPolicy::SendReport ?
        checkSourceAndReportViolation(operativeDirective(m_objectSrc.get()), url, ContentSecurityPolicy::ObjectSrc) :
        checkSource(operativeDirective(m_objectSrc.get()), url);
}
Пример #2
0
bool CSPDirectiveList::allowChildFrameFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    if (url.protocolIsAbout())
        return true;

    // 'frame-src' is the only directive which overrides something other than the default sources.
    // It overrides 'child-src', which overrides the default sources. So, we do this nested set
    // of calls to 'operativeDirective()' to grab 'frame-src' if it exists, 'child-src' if it
    // doesn't, and 'defaut-src' if neither are available.
    SourceListDirective* whichDirective = operativeDirective(m_frameSrc.get(), operativeDirective(m_childSrc.get()));

    return reportingStatus == ContentSecurityPolicy::SendReport ?
        checkSourceAndReportViolation(whichDirective, url, ContentSecurityPolicy::FrameSrc) :
        checkSource(whichDirective, url);
}
Пример #3
0
bool CSPDirectiveList::checkSourceAndReportViolation(SourceListDirective* directive, const KURL& url, const String& effectiveDirective) const
{
    if (checkSource(directive, url))
        return true;

    String prefix;
    if (ContentSecurityPolicy::BaseURI == effectiveDirective)
        prefix = "Refused to set the document's base URI to '";
    else if (ContentSecurityPolicy::ChildSrc == effectiveDirective)
        prefix = "Refused to create a child context containing '";
    else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective)
        prefix = "Refused to connect to '";
    else if (ContentSecurityPolicy::FontSrc == effectiveDirective)
        prefix = "Refused to load the font '";
    else if (ContentSecurityPolicy::FormAction == effectiveDirective)
        prefix = "Refused to send form data to '";
    else if (ContentSecurityPolicy::FrameSrc == effectiveDirective)
        prefix = "Refused to frame '";
    else if (ContentSecurityPolicy::ImgSrc == effectiveDirective)
        prefix = "Refused to load the image '";
    else if (ContentSecurityPolicy::MediaSrc == effectiveDirective)
        prefix = "Refused to load media from '";
    else if (ContentSecurityPolicy::ManifestSrc == effectiveDirective)
        prefix = "Refused to load manifest from '";
    else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective)
        prefix = "Refused to load plugin data from '";
    else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective)
        prefix = "Refused to load the script '";
    else if (ContentSecurityPolicy::StyleSrc == effectiveDirective)
        prefix = "Refused to load the stylesheet '";

    String suffix = String();
    if (directive == m_defaultSrc)
        suffix = " Note that '" + effectiveDirective + "' was not explicitly set, so 'default-src' is used as a fallback.";

    reportViolation(directive->text(), effectiveDirective, prefix + url.elidedString() + "' because it violates the following Content Security Policy directive: \"" + directive->text() + "\"." + suffix + "\n", url);
    return denyIfEnforcingPolicy();
}
Пример #4
0
bool CSPDirectiveList::allowChildContextFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    return reportingStatus == ContentSecurityPolicy::SendReport ?
        checkSourceAndReportViolation(operativeDirective(m_childSrc.get()), url, ContentSecurityPolicy::ChildSrc) :
        checkSource(operativeDirective(m_childSrc.get()), url);
}
Пример #5
0
bool CSPDirectiveList::allowBaseURI(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    return reportingStatus == ContentSecurityPolicy::SendReport ?
        checkSourceAndReportViolation(m_baseURI.get(), url, ContentSecurityPolicy::BaseURI) :
        checkSource(m_baseURI.get(), url);
}
Пример #6
0
void LongTimeAction::successAction() {
    checkSource();
    checkTarget();

    if (_actionrunning) {
        _actionrunning = false;

        if (_at == ACTION_CRAFT) {
            if (_source.Type == LUA_DIALOG) {
                _owner->executeCraftingDialogCraftingComplete(_source.dialog);
                return;
            }
        } else if (_script) {
            if ((_at == ACTION_USE)) {
                //a itemscript
                if (_source.Type == LUA_ITEM) {
                    boost::shared_ptr<LuaItemScript>itScript = boost::dynamic_pointer_cast<LuaItemScript>(_script);

                    if (_target.Type == LUA_ITEM || _target.Type == LUA_NONE) {
                        itScript->UseItem(_owner, _source.item, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                    }
                }
                //a tilescript
                else if (_source.Type == LUA_FIELD) {
                    boost::shared_ptr<LuaTileScript>tiScript = boost::dynamic_pointer_cast<LuaTileScript>(_script);

                    if (_target.Type == LUA_NONE) {
                        tiScript->useTile(_owner, _source.pos, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                    }
                }
                //a character
                else if (_source.Type == LUA_CHARACTER) {
                    //a monster
                    if (_sourceCharType == Character::monster) {
                        boost::shared_ptr<LuaMonsterScript>monScript = boost::dynamic_pointer_cast<LuaMonsterScript>(_script);

                        if (_target.Type == LUA_NONE) {
                            monScript->useMonster(_source.character,_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                        }
                    }
                    //a npc
                    else if (_sourceCharType == Character::npc) {
                        boost::shared_ptr<LuaNPCScript>npcScript = boost::dynamic_pointer_cast<LuaNPCScript>(_script);

                        if (_target.Type == LUA_NONE) {
                            npcScript->useNPC(_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                        }
                    }
                }
            } else if ((_at == ACTION_MAGIC)) {
                boost::shared_ptr<LuaMagicScript>mgScript = boost::dynamic_pointer_cast<LuaMagicScript>(_script);

                if (_target.Type == LUA_NONE) {
                    mgScript->CastMagic(_owner, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                } else if (_target.Type == LUA_FIELD) {
                    mgScript->CastMagicOnField(_owner,_target.pos, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                } else if (_target.Type == LUA_CHARACTER) {
                    mgScript->CastMagicOnCharacter(_owner,_target.character, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                    //Todo add ki handling here
                } else if (_target.Type == LUA_ITEM) {
                    mgScript->CastMagicOnItem(_owner,_target.item, static_cast<unsigned char>(LTS_ACTIONSUCCESSFULL));
                }

            }
        }
    }

    if (!_actionrunning) {
        _script.reset();
        delete _redoaniTimer;
        _redoaniTimer = NULL;
        delete _redosoundTimer;
        _redosoundTimer = NULL;
        delete _timetowaitTimer;
        _timetowaitTimer = NULL;
        _ani = 0;
        _sound = 0;
    }

}
Пример #7
0
bool LongTimeAction::actionDisturbed(Character *disturber) {
    checkSource();
    checkTarget();

    if (_actionrunning) {
        if (_at == ACTION_CRAFT) {
            if (_source.Type == LUA_DIALOG) {
                _actionrunning = false;
                _owner->executeCraftingDialogCraftingAborted(_source.dialog);
            }
        } else if (_script) {
            bool disturbed = false;

            if ((_at == ACTION_USE)) {
                if (_source.Type == LUA_ITEM) {
                    boost::shared_ptr<LuaItemScript>itemScript = boost::dynamic_pointer_cast<LuaItemScript>(_script);

                    if (itemScript->existsEntrypoint("actionDisturbed")) {
                        disturbed = itemScript->actionDisturbed(_owner, disturber);
                    }
                } else if (_source.Type == LUA_FIELD) {
                    boost::shared_ptr<LuaTileScript>tileScript = boost::dynamic_pointer_cast<LuaTileScript>(_script);

                    if (tileScript->existsEntrypoint("actionDisturbed")) {
                        disturbed = tileScript->actionDisturbed(_owner, disturber);
                    }
                } else if (_source.Type == LUA_CHARACTER) {
                    if (_sourceCharType == Character::monster) {
                        boost::shared_ptr<LuaMonsterScript>monsterScript = boost::dynamic_pointer_cast<LuaMonsterScript>(_script);

                        if (monsterScript->existsEntrypoint("actionDisturbed")) {
                            disturbed = monsterScript->actionDisturbed(_owner, disturber);
                        }
                    } else if (_sourceCharType == Character::npc) {
                        boost::shared_ptr<LuaNPCScript>npcScript = boost::dynamic_pointer_cast<LuaNPCScript>(_script);

                        if (npcScript->existsEntrypoint("actionDisturbed")) {
                            disturbed = npcScript->actionDisturbed(_owner, disturber);
                        }
                    }
                }
            } else if ((_at == ACTION_MAGIC)) {
                boost::shared_ptr<LuaMagicScript>magicScript = boost::dynamic_pointer_cast<LuaMagicScript>(_script);

                if (magicScript->existsEntrypoint("actionDisturbed")) {
                    disturbed = magicScript->actionDisturbed(_owner, disturber);
                }
            }

            if (disturbed) {
                abortAction();
                return true;
            } else {
                return false;
            }
        } else {
            _actionrunning = false;
        }
    }

    return false;
}
bool CSPDirectiveList::allowFormAction(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    return reportingStatus == ContentSecurityPolicy::SendReport ? checkSourceAndReportViolation(m_formAction.get(), url, ContentSecurityPolicy::FormAction, redirectStatus) : checkSource(m_formAction.get(), url, redirectStatus);
}
bool CSPDirectiveList::allowConnectToSource(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
    return reportingStatus == ContentSecurityPolicy::SendReport ? checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, ContentSecurityPolicy::ConnectSrc, redirectStatus) : checkSource(operativeDirective(m_connectSrc.get()), url, redirectStatus);
}