www

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | Submodules | README | LICENSE
commit d3a69be9970035befda4547c06ea48804f138129
parent fc0f541ad877f763f74a96cf13c0a41f000862db
Author: Simon Kornblith <simon@simonster.com>
Date:   Fri, 10 Oct 2014 18:28:37 -0400

Fix translation under Firefox 33

Our strategy: put arguments into a property of the function, and then
get them out unwrapped. This avoids security checks on arguments passed
to the function.

Diffstat:

Mchrome/content/zotero/xpcom/translation/translate.js | 16++++++++++++----


Mchrome/content/zotero/xpcom/translation/translate_firefox.js | 43+++++++++++++++++++++++++------------------


Minstall.rdf | 4++--


Mupdate.rdf | 4++--


4 files changed, 41 insertions(+), 26 deletions(-)

diff --git a/chrome/content/zotero/xpcom/translation/translate.js b/chrome/content/zotero/xpcom/translation/translate.js
@@ -385,9 +385,17 @@ Zotero.Translate.Sandbox = {
 					if(sandbox) return sandbox;
 				}
 			};
-			
-			// TODO security is not super-tight here, as someone could pass something into arg
-			// that gets evaluated in the wrong scope in Fx < 4. We should wrap this.
+
+			if(Zotero.isFx && Zotero.platformMajorVersion >= 33) {
+				for(var i in safeTranslator) {
+					if (typeof(safeTranslator[i]) === "function") {
+						let func = safeTranslator[i];
+						safeTranslator[i] = translate._sandboxManager._makeContentForwarder(function() {
+							func.apply(safeTranslator, this.args.wrappedJSObject);
+						});
+					}
+				}
+			}
 			
 			return safeTranslator;
 		},
@@ -434,7 +442,7 @@ Zotero.Translate.Sandbox = {
 		 */
 		"selectItems":function(translate, items, callback) {
 			function transferObject(obj) {
-				return Zotero.isFx ? translate._sandboxManager.sandbox.JSON.parse(JSON.stringify(obj)) : obj;
+				return Zotero.isFx ? translate._sandboxManager._copyObject(obj) : obj;
 			}
 			
 			if(Zotero.Utilities.isEmpty(items)) {
diff --git a/chrome/content/zotero/xpcom/translation/translate_firefox.js b/chrome/content/zotero/xpcom/translation/translate_firefox.js
@@ -425,6 +425,9 @@ Zotero.Translate.SandboxManager = function(sandboxLocation) {
 	};
 	this.sandbox.XMLSerializer.__exposedProps__ = {"prototype":"r"};
 	this.sandbox.XMLSerializer.prototype = {"__exposedProps__":{"serializeToString":"r"}};
+
+	var expr = "(function(x) { return function() { this.args = arguments; return x.apply(this); }.bind({}); })";
+	this._makeContentForwarder = Components.utils.evalInSandbox(expr, this.sandbox);
 }
 
 Zotero.Translate.SandboxManager.prototype = {
@@ -447,26 +450,36 @@ Zotero.Translate.SandboxManager.prototype = {
 	"importObject":function(object, passAsFirstArgument, attachTo) {
 		if(!attachTo) attachTo = this.sandbox.Zotero;
 		if(attachTo.wrappedJSObject) attachTo = attachTo.wrappedJSObject;
-		var newExposedProps = false,
-			sandbox = this.sandbox,
-			me = this;
-		if(!object.__exposedProps__) newExposedProps = {};
-		for(var key in (newExposedProps ? object : object.__exposedProps__)) {
+		var sandbox = this.sandbox, me = this;
+		for(var key in (object.__exposedProps__ ? object.__exposedProps__ : object)) {
 			let localKey = key;
-			if(newExposedProps) newExposedProps[localKey] = "r";
 			
 			var type = typeof object[localKey];
 			var isFunction = type === "function";
 			var isObject = typeof object[localKey] === "object";
 			if(isFunction || isObject) {
 				if(isFunction) {
-					attachTo[localKey] = function() {
-						var args = Array.prototype.slice.apply(arguments);
-						if(passAsFirstArgument) args.unshift(passAsFirstArgument);
-						return me._copyObject(object[localKey].apply(object, args));
-					};
+					if (Zotero.platformMajorVersion >= 33) {
+						attachTo[localKey] = this._makeContentForwarder(function() {
+							var args = Array.prototype.slice.apply(this.args.wrappedJSObject);
+							for(var i = 0; i<args.length; i++) {
+								// Make sure we keep XPCNativeWrappers
+								if(args[i] instanceof Components.interfaces.nsISupports) {
+									args[i] = new XPCNativeWrapper(args[i]);
+								}
+							}
+							if(passAsFirstArgument) args.unshift(passAsFirstArgument);
+							return me._copyObject(object[localKey].apply(object, args));
+						});
+					} else {
+						attachTo[localKey] = function() {
+							var args = Array.prototype.slice.apply(arguments);
+							if(passAsFirstArgument) args.unshift(passAsFirstArgument);
+							return me._copyObject(object[localKey].apply(object, args));
+						};
+					}
 				} else {
-					attachTo[localKey] = {};
+					attachTo[localKey] = new sandbox.Object();
 				}
 				
 				// attach members
@@ -477,12 +490,6 @@ Zotero.Translate.SandboxManager.prototype = {
 				attachTo[localKey] = object[localKey];
 			}
 		}
-		
-		if(newExposedProps) {
-			attachTo.__exposedProps__ = newExposedProps;
-		} else {
-			attachTo.__exposedProps__ = object.__exposedProps__;
-		}
 	},
 
 	"_canCopy":function(obj) {
diff --git a/install.rdf b/install.rdf
@@ -24,8 +24,8 @@
     <em:targetApplication>
       <Description>
         <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
-        <em:minVersion>24.0</em:minVersion>
-        <em:maxVersion>32.*</em:maxVersion>
+        <em:minVersion>31.0</em:minVersion>
+        <em:maxVersion>33.*</em:maxVersion>
       </Description>
     </em:targetApplication>
     
diff --git a/update.rdf b/update.rdf
@@ -11,8 +11,8 @@
           <targetApplication>
             <RDF:Description>
               <id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</id>
-              <minVersion>24.0</minVersion>
-              <maxVersion>32.*</maxVersion>
+              <minVersion>31.0</minVersion>
+              <maxVersion>33.*</maxVersion>
               <updateLink>http://download.zotero.org/extension/zotero.xpi</updateLink>
               <updateHash>sha1:</updateHash>
             </RDF:Description>