WebCore:
authorkmccullough@apple.com <kmccullough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Dec 2007 20:01:02 +0000 (20:01 +0000)
committerkmccullough@apple.com <kmccullough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Dec 2007 20:01:02 +0000 (20:01 +0000)
        Reviewed by Darin.

        - <rdar://5621435>
        - Security Fix. Instead of having it off by default, WebKit now must
        explicitly turn off local-resource restriction when needed for backwards
        compatibility reasons.

        * loader/FrameLoader.cpp:

WebKit/mac:

        Reviewed by Darin.

        - <rdar://5621435>
        - Security Fix. Instead of having it off by default, WebKit now must
        explicitly turn off local-resource restriction when needed for backwards
        coimpatibility reasons.

        * WebView/WebView.mm:
        (-[WebView _commonInitializationWithFrameName:groupName:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@28446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/loader/FrameLoader.cpp
WebKit/mac/ChangeLog
WebKit/mac/WebView/WebView.mm

index 88a6adc0d903574021ba580baea4d751a6a2fd45..425cf96b6117ed0b600b4f0a91abdf4de9ea4372 100644 (file)
@@ -1,3 +1,14 @@
+2007-12-04  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - <rdar://5621435>
+        - Security Fix. Instead of having it off by default, WebKit now must
+        explicitly turn off local-resource restriction when needed for backwards
+        compatibility reasons.
+
+        * loader/FrameLoader.cpp:
+
 2007-12-05  Adam Roben  <aroben@apple.com>
 
         Set the menu item identifier for all menu items
 2007-12-05  Adam Roben  <aroben@apple.com>
 
         Set the menu item identifier for all menu items
index a99ccbaa8340a1993e83c9ef6b7c6f6779e2f082..9987621c78ce38b39bb7945e6de30e86f8ab8f38 100644 (file)
@@ -177,7 +177,7 @@ struct ScheduledRedirection {
 };
 
 static double storedTimeOfLastCompletedLoad;
 };
 
 static double storedTimeOfLastCompletedLoad;
-static bool m_restrictAccessToLocal = false;
+static bool m_restrictAccessToLocal = true;
 
 static bool getString(JSValue* result, String& string)
 {
 
 static bool getString(JSValue* result, String& string)
 {
index 7eabdc195c6f9977d31f6be2a114f0c9ce52f451..127baceeff5a3d24549f8ffef3e8027f5d0b3776 100644 (file)
@@ -1,3 +1,15 @@
+2007-12-04  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - <rdar://5621435>
+        - Security Fix. Instead of having it off by default, WebKit now must
+        explicitly turn off local-resource restriction when needed for backwards
+        coimpatibility reasons.
+
+        * WebView/WebView.mm:
+        (-[WebView _commonInitializationWithFrameName:groupName:]):
+
 2007-12-05  Brady Eidson  <beidson@apple.com>
 
         Reviewed by Kevin Deckers rubberstamp
 2007-12-05  Brady Eidson  <beidson@apple.com>
 
         Reviewed by Kevin Deckers rubberstamp
index 00b0686cdf8eec603a1b305e8e17a475acf49999..5da9ded56027267db2ed132ecaf6a7d6f6aa174f 100644 (file)
@@ -1836,8 +1836,8 @@ WebFrameLoadDelegateImplementationCache* WebViewGetFrameLoadDelegateImplementati
     // Post a notification so the WebCore settings update.
     [[self preferences] _postPreferencesChangesNotification];
 
     // Post a notification so the WebCore settings update.
     [[self preferences] _postPreferencesChangesNotification];
 
-    if (WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_LOCAL_RESOURCE_SECURITY_RESTRICTION))
-        FrameLoader::setRestrictAccessToLocal(true);
+    if (!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_LOCAL_RESOURCE_SECURITY_RESTRICTION))
+        FrameLoader::setRestrictAccessToLocal(false);
 }
 
 - (id)initWithFrame:(NSRect)f
 }
 
 - (id)initWithFrame:(NSRect)f