[Pkg-mozext-commits] [greasemonkey] 19/45: Do not install scripts from Sync without download URLs.
David Prévot
taffit at moszumanska.debian.org
Mon Nov 3 20:59:20 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository greasemonkey.
commit cb9010f5fdb43fbe3b8421def8f7d8af3572e2e4
Author: Anthony Lieuallen <arantius at gmail.com>
Date: Thu Oct 2 11:31:53 2014 -0400
Do not install scripts from Sync without download URLs.
(They shouldn't be there in the first place. But, in case.)
Fixes #2014
---
modules/sync.js | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/modules/sync.js b/modules/sync.js
index 7455bc5..f02896e 100644
--- a/modules/sync.js
+++ b/modules/sync.js
@@ -86,6 +86,17 @@ ScriptStore.prototype = {
/// Incoming Sync record, create local version.
create: function(aRecord) {
if (aRecord.cleartext.installed) {
+ var url = aRecord.cleartext.downloadURL;
+ if (!url) {
+ dump('Ignoring incoming sync record with empty downloadURL!\n');
+ return;
+ }
+ if (!GM_util.uriFromUrl(url)) {
+ dump('Ignoring incoming sync record with bad downloadURL:\b'
+ + url + '\n');
+ return;
+ }
+
var rs = new RemoteScript(aRecord.cleartext.downloadURL);
rs.setSilent();
rs.download(GM_util.hitch(this, function(aSuccess, aType) {
@@ -258,4 +269,4 @@ function setScriptValuesFromSyncRecord(aScript, aRecord) {
}
-SyncServiceObserver.init()
+SyncServiceObserver.init();
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/greasemonkey.git
More information about the Pkg-mozext-commits
mailing list