archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/ext/ftp/cobjsafe.cpp

180 lines
5.2 KiB
Raw Normal View History

Add source files
4 years ago
  1. #include "priv.h"
  2. #include "comcat.h"
  3. #include <hliface.h>
  4. #include <imm.h>
  5. #include <mshtml.h>
  6. #include "cobjsafe.h"
  8. // a default isafetyobject that we generally would use... marks
  9. // deals with IDispatch
  12. HRESULT CObjectSafety::GetInterfaceSafetyOptions(REFIID riid, DWORD *pdwSupportedOptions, DWORD *pdwEnabledOptions)
  13. {
  14. if (IsEqualIID(riid, IID_IDispatch))
  15. {
  16. *pdwEnabledOptions = _dwSafetyOptions;
  17. }
  18. else
  19. {
  20. ::DefaultGetSafetyOptions(riid, pdwSupportedOptions, pdwEnabledOptions);
  21. }
  23. return S_OK;
  24. }
  27. HRESULT CObjectSafety::SetInterfaceSafetyOptions(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions)
  28. {
  29. if (dwOptionSetMask & ~(INTERFACESAFE_FOR_UNTRUSTED_CALLER |
  30. INTERFACESAFE_FOR_UNTRUSTED_DATA))
  31. {
  32. return E_INVALIDARG;
  33. }
  35. if (IsEqualIID(riid, IID_IDispatch))
  36. {
  37. _dwSafetyOptions = (_dwSafetyOptions & ~dwOptionSetMask) |
  38. (dwEnabledOptions & dwOptionSetMask);
  39. return S_OK;
  40. }
  41. else
  42. {
  43. return ::DefaultSetSafetyOptions(riid, dwOptionSetMask, dwEnabledOptions);
  44. }
  45. }
  49. // *** IObjectSafety
  50. //
  51. // A couple static functions called by sitemap (and webbrowser).
  52. // These are static so anyone else in this dll who has an OC
  53. // that's always safe can just call them.
  54. //
  55. // These functions say we are safe for these three interfaces we implement
  56. // IID_IDispatch
  57. // IID_IPersistStream
  58. // IID_IPersistPropertyBag
  59. //
  60. // The WebBrowser OC handles IDispatch differently.
  61. //
  62. HRESULT DefaultGetSafetyOptions(REFIID riid, DWORD *pdwSupportedOptions, DWORD *pdwEnabledOptions)
  63. {
  64. *pdwSupportedOptions = 0;
  65. *pdwEnabledOptions = 0;
  67. if (IsEqualIID(riid, IID_IDispatch) ||
  68. IsEqualIID(riid, IID_IPersistStream) ||
  69. IsEqualIID(riid, IID_IPersistStreamInit) ||
  70. IsEqualIID(riid, IID_IPersistPropertyBag) ||
  71. IsEqualIID(riid, IID_IPersistHistory))
  72. {
  73. *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
  74. *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
  75. }
  77. return S_OK;
  78. }
  80. HRESULT DefaultSetSafetyOptions(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions)
  81. {
  82. if (dwOptionSetMask & ~(INTERFACESAFE_FOR_UNTRUSTED_CALLER |
  83. INTERFACESAFE_FOR_UNTRUSTED_DATA))
  84. {
  85. return E_INVALIDARG;
  86. }
  88. if (IsEqualIID(riid, IID_IDispatch) ||
  89. IsEqualIID(riid, IID_IPersistStream) ||
  90. IsEqualIID(riid, IID_IPersistStreamInit) ||
  91. IsEqualIID(riid, IID_IPersistHistory) ||
  92. IsEqualIID(riid, IID_IPersistPropertyBag))
  93. {
  94. return S_OK;
  95. }
  97. return E_FAIL;
  98. }
  101. // When CWebBrowserOC is in the safe for scripting mode, we can't give out
  102. // anyone else's IDispatch that is not also safe for scripting.
  103. // This function encapsulates the basic functionality needed by both
  104. // MakeSafeScripting and MakeSafeForInitializing (which we don't use)
  105. BOOL MakeSafeFor(
  106. IUnknown *punk, // object to test for safety
  107. REFCATID catid, // category of safety
  108. REFIID riid, // interface on which safety is desired
  109. DWORD dwXSetMask, // options to set
  110. DWORD dwXOptions // options to make safe for
  111. // (either INTERFACESAFE_FOR_UNTRUSTED_CALLER or
  112. // INTERFACESAFE_FOR_UNTRUSTED_DATA)
  113. )
  114. {
  115. HRESULT hres;
  117. // first try IObjectSafety
  118. IObjectSafety *posafe;
  119. if (SUCCEEDED(punk->QueryInterface(IID_IObjectSafety, (LPVOID*) &posafe)))
  120. {
  121. hres = posafe->SetInterfaceSafetyOptions(riid, dwXSetMask, dwXOptions);
  122. posafe->Release();
  124. if (SUCCEEDED(hres))
  125. return TRUE;
  126. }
  128. // check the registry for "safe for scripting" component category
  130. // we need the classid -- get it thru IPersist
  131. CLSID clsid;
  132. IPersist *ppersist;
  133. hres = punk->QueryInterface(IID_IPersist, (LPVOID*) &ppersist);
  134. if (SUCCEEDED(hres))
  135. {
  136. hres = ppersist->GetClassID(&clsid);
  137. ppersist->Release();
  138. }
  139. if (FAILED(hres))
  140. {
  141. TraceMsg(TF_ALWAYS, "shv MakeSafeForScripting - object doesn't have IPersist!");
  142. return FALSE;
  143. }
  145. // Create the category manager
  146. ICatInformation *pcatinfo;
  147. hres = CoCreateInstance(CLSID_StdComponentCategoriesMgr,
  148. NULL, CLSCTX_INPROC_SERVER,
  149. IID_ICatInformation, (LPVOID*) &pcatinfo);
  150. if (FAILED(hres))
  151. return FALSE;
  153. // Ask if the object belongs to the specified category
  154. CATID rgcatid[1];
  155. rgcatid[0] = catid;
  157. hres = pcatinfo->IsClassOfCategories(clsid, 1, rgcatid, 0, NULL);
  158. pcatinfo->Release();
  160. return (hres==S_OK) ? TRUE : FALSE;;
  161. }
  163. HRESULT MakeSafeForScripting(IUnknown** ppDisp)
  164. {
  165. HRESULT hres = S_OK;
  167. if (!MakeSafeFor(*ppDisp, CATID_SafeForScripting, IID_IDispatch,
  168. INTERFACESAFE_FOR_UNTRUSTED_CALLER,
  169. INTERFACESAFE_FOR_UNTRUSTED_CALLER))
  170. {
  171. TraceMsg(TF_ALWAYS, "shv MakeSafeForScripting - IDispatch not safe");
  173. (*ppDisp)->Release();
  174. *ppDisp = NULL;
  175. hres = E_FAIL;
  176. }
  178. return hres;
  179. }