mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1032 lines
20 KiB
1032 lines
20 KiB
|
|
#ifndef _TAPI_OBJECT_WITH_SITE_H_
|
|
#define _TAPI_OBJECT_WITH_SITE_H_
|
|
|
|
|
|
/*++
|
|
|
|
Copyright (c) 1999 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ObjectWithSite.h
|
|
|
|
Abstract:
|
|
|
|
The implementation of IObjectWithSite interface that allows
|
|
for per-page persistent data to be stored in registry or as
|
|
a cookie.
|
|
|
|
--*/
|
|
|
|
|
|
#include <Mshtml.h>
|
|
#include <Wininet.h>
|
|
|
|
|
|
//
|
|
// this url is used to construct the URL for cookies -- a security measure
|
|
// so a script applet cannot drop a cookie with the same name and data
|
|
// and fool us into thinking it is our cookie
|
|
//
|
|
|
|
static const TCHAR gszHardCodedURL[] = _T("http://www.microsoft.com/");
|
|
|
|
//
|
|
// the expiration date is needed to make the cookie persistent
|
|
//
|
|
|
|
static const TCHAR gszCookieData[] =
|
|
_T("6; expires = Sat, 12-Sep-2099 00:00:00 GMT");
|
|
|
|
|
|
|
|
//
|
|
// dummy suffix to be appended to the url string
|
|
//
|
|
|
|
static const TCHAR gszURLSuffix[] =
|
|
_T("/url");
|
|
|
|
class CObjectWithSite : public IObjectWithSite
|
|
{
|
|
|
|
public:
|
|
|
|
//
|
|
// current validation level. used to determine whether the page is safe,
|
|
// unsafe, or whether information from the user is needed
|
|
//
|
|
|
|
enum EnValidation { VALIDATED_SAFE, VALIDATED_SAFE_PERMANENT, VALIDATED_UNSAFE, UNVALIDATED };
|
|
|
|
|
|
public:
|
|
|
|
|
|
//
|
|
// store type
|
|
//
|
|
|
|
enum EnMechanism { COOKIES, REGISTRY };
|
|
|
|
|
|
CObjectWithSite(TCHAR const *pszStorageName)
|
|
:m_pszURL(NULL),
|
|
m_dwSecurityZone(URLZONE_UNTRUSTED),
|
|
m_pUnkSite(NULL),
|
|
m_pszStorageName(NULL)
|
|
{
|
|
SetStorageName(pszStorageName);
|
|
}
|
|
|
|
|
|
~CObjectWithSite()
|
|
{
|
|
|
|
if (m_pszURL)
|
|
{
|
|
delete m_pszURL;
|
|
|
|
m_pszURL = NULL;
|
|
}
|
|
|
|
|
|
if (m_pUnkSite)
|
|
{
|
|
m_pUnkSite->Release();
|
|
|
|
m_pUnkSite = NULL;
|
|
}
|
|
|
|
|
|
if (m_pszStorageName)
|
|
{
|
|
|
|
delete m_pszStorageName;
|
|
|
|
m_pszStorageName = NULL;
|
|
|
|
}
|
|
}
|
|
|
|
////////////////////////////
|
|
//
|
|
// IObjectWithSite methods
|
|
|
|
|
|
STDMETHOD(SetSite)(IUnknown *pUnkSite)
|
|
{
|
|
|
|
|
|
if ((NULL != pUnkSite) && IsBadCodePtr((FARPROC)pUnkSite))
|
|
{
|
|
return E_POINTER;
|
|
}
|
|
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
//
|
|
// we are moving away from a page. this is the new page, as far as
|
|
// validation logic is concerned, so invalidate the current page
|
|
//
|
|
|
|
if (NULL == pUnkSite)
|
|
{
|
|
Validate(UNVALIDATED);
|
|
}
|
|
|
|
//
|
|
// Get URL and zone information for this site
|
|
//
|
|
|
|
//
|
|
// Note: we could delay this until we are actually asked for
|
|
// zone or URL, but this should not be a performance bottlneck
|
|
// in our case, so do this now to keep the code simple.
|
|
|
|
StoreURLAndZone(pUnkSite);
|
|
|
|
|
|
//
|
|
// replace the current site pointer with the new one
|
|
//
|
|
|
|
if (m_pUnkSite)
|
|
{
|
|
m_pUnkSite->Release();
|
|
}
|
|
|
|
|
|
m_pUnkSite = pUnkSite;
|
|
|
|
if (m_pUnkSite)
|
|
{
|
|
m_pUnkSite->AddRef();
|
|
}
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
|
|
STDMETHOD(GetSite)(REFIID riid, void **ppSite)
|
|
{
|
|
|
|
HRESULT hr = E_POINTER;
|
|
|
|
if (!IsBadWritePtr(ppSite, sizeof(void*)))
|
|
{
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
*ppSite = NULL;
|
|
|
|
if (m_pUnkSite)
|
|
{
|
|
hr = m_pUnkSite->QueryInterface(riid, ppSite);
|
|
}
|
|
else
|
|
{
|
|
hr = E_FAIL;
|
|
}
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
//
|
|
// has this page been validated?
|
|
//
|
|
|
|
EnValidation GetValidation()
|
|
{
|
|
|
|
//
|
|
// if the page has not been validated, see if it is marked as safe
|
|
//
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
|
|
if (UNVALIDATED == s_enValidation)
|
|
{
|
|
if (IsPageSafe())
|
|
{
|
|
s_enValidation = VALIDATED_SAFE;
|
|
}
|
|
}
|
|
|
|
EnValidation enValidation = s_enValidation;
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
return enValidation;
|
|
}
|
|
|
|
|
|
//
|
|
// validate page as safe, unsafe, or reset validation
|
|
//
|
|
|
|
EnValidation Validate(EnValidation enNewValidation)
|
|
{
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
|
|
//
|
|
// keep the validation before the change
|
|
//
|
|
|
|
EnValidation enOldValidation = s_enValidation;
|
|
|
|
|
|
//
|
|
// safe permanent is a special case:
|
|
//
|
|
|
|
if (VALIDATED_SAFE_PERMANENT == enNewValidation)
|
|
{
|
|
|
|
//
|
|
// set persistent safety flag and
|
|
// validate page as safe
|
|
//
|
|
|
|
MarkPageAsSafe();
|
|
enNewValidation = VALIDATED_SAFE;
|
|
}
|
|
|
|
|
|
//
|
|
// change our validation level for this page
|
|
//
|
|
|
|
s_enValidation = enNewValidation;
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
return enOldValidation;
|
|
}
|
|
|
|
|
|
|
|
BOOL IsIntranet()
|
|
{
|
|
|
|
//
|
|
// if anything other that intranet assume internet -- a less secure zone
|
|
//
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
BOOL bIntranet = ( m_dwSecurityZone == URLZONE_INTRANET );
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
return bIntranet;
|
|
|
|
}
|
|
|
|
|
|
////////////////////
|
|
//
|
|
// HaveSite()
|
|
//
|
|
// return true if we have a site pointer
|
|
//
|
|
|
|
BOOL HaveSite()
|
|
{
|
|
|
|
s_ObjectWithSiteCritSection.Lock();
|
|
|
|
|
|
BOOL bHaveSite = FALSE;
|
|
|
|
if (NULL != m_pUnkSite)
|
|
{
|
|
bHaveSite = TRUE;
|
|
}
|
|
|
|
|
|
s_ObjectWithSiteCritSection.Unlock();
|
|
|
|
return bHaveSite;
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
////////////////////////////
|
|
//
|
|
// store the current url in the "safe" list
|
|
//
|
|
//
|
|
// not thread safe, called from inside a lock
|
|
//
|
|
|
|
HRESULT MarkPageAsSafe(EnMechanism enMechanism = COOKIES)
|
|
{
|
|
|
|
//
|
|
// if storage is invalid, the object has not been properly initialized
|
|
//
|
|
|
|
if (IsBadStringPtr(m_pszStorageName, -1))
|
|
{
|
|
return E_UNEXPECTED;
|
|
}
|
|
|
|
|
|
//
|
|
// is we don't have the url, can't do what we are asked
|
|
//
|
|
|
|
if (NULL == m_pszURL)
|
|
{
|
|
return S_FALSE;
|
|
}
|
|
|
|
|
|
//
|
|
// if url is garbage, we have a problem
|
|
//
|
|
|
|
if ( IsBadStringPtr(m_pszURL, -1) )
|
|
{
|
|
return E_FAIL;
|
|
}
|
|
|
|
|
|
HRESULT hr = E_FAIL;
|
|
|
|
switch (enMechanism)
|
|
{
|
|
|
|
case REGISTRY:
|
|
|
|
hr = MarkPageSafeInRegistry(m_pszStorageName);
|
|
break;
|
|
|
|
case COOKIES:
|
|
|
|
hr = MarkPageSafeCookie(m_pszStorageName);
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
//
|
|
// Returns TRUE if the current page is in the safe list
|
|
//
|
|
|
|
//
|
|
// not thread safe, called from inside a lock
|
|
//
|
|
|
|
BOOL IsPageSafe( EnMechanism enMechanism = COOKIES )
|
|
{
|
|
|
|
//
|
|
// if we cannot get safety marking for whatever reason,
|
|
// return false
|
|
//
|
|
|
|
_ASSERTE(NULL != m_pszStorageName);
|
|
|
|
if ( IsBadStringPtr(m_pszURL, -1) ||
|
|
IsBadStringPtr(m_pszStorageName, -1))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
BOOL bSafe = FALSE;
|
|
|
|
switch (enMechanism)
|
|
{
|
|
|
|
case REGISTRY:
|
|
|
|
bSafe = IsPageSafeRegistry(m_pszStorageName);
|
|
break;
|
|
|
|
case COOKIES:
|
|
|
|
bSafe = IsPageSafeCookie(m_pszStorageName);
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
}
|
|
|
|
return bSafe;
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
//
|
|
// this method is only called from the constructor. not thread safe.
|
|
//
|
|
|
|
HRESULT SetStorageName(TCHAR const *pszStorageName)
|
|
{
|
|
//
|
|
// calling this method invalidates the old storage name
|
|
// so deallocate it before doing anything else
|
|
//
|
|
|
|
if (NULL != m_pszStorageName)
|
|
{
|
|
delete m_pszStorageName;
|
|
m_pszStorageName = NULL;
|
|
}
|
|
|
|
//
|
|
// argument must be valid
|
|
//
|
|
|
|
if (IsBadStringPtr(pszStorageName, -1))
|
|
{
|
|
return E_POINTER;
|
|
}
|
|
|
|
//
|
|
// allocate buffer for the new storage name
|
|
//
|
|
|
|
size_t nSize = _tcsclen(pszStorageName) + 1;
|
|
|
|
m_pszStorageName = new TCHAR[nSize];
|
|
|
|
if (NULL == m_pszStorageName)
|
|
{
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
|
|
_tcscpy(m_pszStorageName, pszStorageName);
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// cache the url string and security zone id
|
|
// not thread safe must be called from inside a lock
|
|
//
|
|
|
|
HRESULT StoreURLAndZone(IUnknown *pUnkSite)
|
|
{
|
|
|
|
//
|
|
// reset zone and deallocate URL, if it exists
|
|
//
|
|
|
|
m_dwSecurityZone = URLZONE_UNTRUSTED;
|
|
|
|
if (m_pszURL)
|
|
{
|
|
delete m_pszURL;
|
|
m_pszURL = NULL;
|
|
}
|
|
|
|
if (pUnkSite == NULL)
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
//
|
|
// use pUnkSite to get to IHTMLDocument2, which will give us the URL
|
|
//
|
|
|
|
//
|
|
// these interfaces need to be released on exit.
|
|
// smart pointers will do exactly what we need
|
|
//
|
|
|
|
HRESULT hr = E_FAIL;
|
|
|
|
CComPtr<IOleClientSite> pSite;
|
|
|
|
if (FAILED(hr = pUnkSite->QueryInterface(IID_IOleClientSite, (LPVOID *) &pSite)))
|
|
{
|
|
return hr;
|
|
}
|
|
|
|
|
|
CComPtr<IOleContainer> pOleCtr;
|
|
|
|
if (FAILED(hr = pSite->GetContainer(&pOleCtr)))
|
|
{
|
|
return hr;
|
|
}
|
|
|
|
|
|
CComPtr<IHTMLDocument2> pDoc;
|
|
|
|
if (FAILED(hr = pOleCtr->QueryInterface(IID_IHTMLDocument2, (LPVOID *) &pDoc)))
|
|
{
|
|
return hr;
|
|
}
|
|
|
|
|
|
//
|
|
// get and keep the url
|
|
//
|
|
|
|
BSTR bstrURL;
|
|
|
|
if (FAILED(hr = pDoc->get_URL(&bstrURL)))
|
|
{
|
|
return hr;
|
|
}
|
|
|
|
UINT nURLLength = SysStringLen(bstrURL) + 1;
|
|
|
|
_ASSERTE(NULL == m_pszURL);
|
|
|
|
m_pszURL = new TCHAR[nURLLength];
|
|
|
|
if (NULL == m_pszURL)
|
|
{
|
|
SysFreeString(bstrURL);
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
|
|
|
|
|
|
#ifdef _UNICODE
|
|
|
|
_tcscpy(m_pszURL, bstrURL);
|
|
|
|
#else
|
|
int r = WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
bstrURL,
|
|
nURLLength,
|
|
m_pszURL,
|
|
nURLLength,
|
|
NULL,
|
|
NULL );
|
|
|
|
if (0 == r)
|
|
{
|
|
SysFreeString(bstrURL);
|
|
|
|
delete m_pszURL;
|
|
m_pszURL = NULL;
|
|
|
|
return E_FAIL;
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
//
|
|
// whatever follows '#' and '?' is "extra info" and is not considered
|
|
// to be a part of the actual URL by Internet(Set/Get)Coookie. Extra
|
|
// Info has no value for us -- so throw it out
|
|
//
|
|
|
|
TCHAR *psDelimiter = _tcsstr(m_pszURL, _T("#"));
|
|
|
|
if (NULL != psDelimiter)
|
|
{
|
|
*psDelimiter = _T('\0');
|
|
}
|
|
|
|
|
|
psDelimiter = _tcsstr(m_pszURL, _T("?"));
|
|
|
|
if (NULL != psDelimiter)
|
|
{
|
|
*psDelimiter = _T('\0');
|
|
}
|
|
|
|
|
|
//
|
|
// at this point we cached the URL
|
|
// now attempt to get the security zone. if we fail getting zone
|
|
// information still keep the url.
|
|
//
|
|
|
|
//
|
|
// Get security zone
|
|
//
|
|
|
|
CComPtr<IInternetSecurityManager> pSecMgr;
|
|
|
|
|
|
hr = CoCreateInstance(CLSID_InternetSecurityManager,
|
|
NULL,
|
|
CLSCTX_INPROC_SERVER,
|
|
IID_IInternetSecurityManager,
|
|
(LPVOID *) &pSecMgr);
|
|
|
|
if (pSecMgr == NULL)
|
|
{
|
|
SysFreeString(bstrURL);
|
|
return hr;
|
|
}
|
|
|
|
hr = pSecMgr->MapUrlToZone(bstrURL, &m_dwSecurityZone, 0);
|
|
|
|
|
|
//
|
|
// if failed, reset url to untrusted, just in case
|
|
//
|
|
|
|
if ( FAILED(hr) )
|
|
{
|
|
m_dwSecurityZone = URLZONE_UNTRUSTED;
|
|
}
|
|
|
|
|
|
SysFreeString(bstrURL);
|
|
|
|
//
|
|
// we should have at least the URL at this point
|
|
//
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
|
|
//
|
|
// drop a cookie for this page as an indicator that this page is safe
|
|
//
|
|
|
|
HRESULT MarkPageSafeCookie(TCHAR const *pszCookieName)
|
|
{
|
|
|
|
TCHAR *pszURL = NULL;
|
|
|
|
//
|
|
// generate the url for the cookie
|
|
// remember to delete the returned string
|
|
//
|
|
|
|
GenerateURLString(&pszURL);
|
|
|
|
if (NULL == pszURL)
|
|
return E_OUTOFMEMORY;
|
|
|
|
BOOL bReturn = InternetSetCookie(pszURL, pszCookieName, gszCookieData);
|
|
|
|
delete pszURL;
|
|
|
|
return (bReturn)?S_OK:E_FAIL;
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// presence of a cookie for this page is an indicator that it's safe
|
|
// returns TRUE if the cookie exists. FALSE otherwise
|
|
//
|
|
|
|
BOOL IsPageSafeCookie(TCHAR const *pszCookieName)
|
|
{
|
|
|
|
//
|
|
// m_pszURL was checked by the calling function and the object
|
|
// is protected. m_pszURL should never be null here.
|
|
//
|
|
|
|
_ASSERTE(m_pszURL);
|
|
|
|
//
|
|
// same goes for pszCookieName
|
|
//
|
|
|
|
_ASSERTE(pszCookieName);
|
|
|
|
|
|
BOOL bReturn = FALSE;
|
|
|
|
BOOL bFinalReturn = FALSE;
|
|
|
|
|
|
TCHAR *pszURL = NULL;
|
|
|
|
// remember to delete the returned string
|
|
|
|
GenerateURLString(&pszURL);
|
|
|
|
if (NULL == pszURL)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// see how much data the cookie contains
|
|
//
|
|
|
|
DWORD dwCookieDataSize = 0;
|
|
|
|
//
|
|
// assuming the return code is TRUE if the method succeeds in getting
|
|
// get the buffer size. the current documentation is not 100% clear
|
|
//
|
|
|
|
bReturn = InternetGetCookie(pszURL, pszCookieName, NULL, &dwCookieDataSize);
|
|
|
|
|
|
//
|
|
// dwCookieDataSize has the length of cookie data
|
|
//
|
|
|
|
if ( bReturn && dwCookieDataSize )
|
|
{
|
|
|
|
//
|
|
// allocate the buffer for cookie data
|
|
//
|
|
|
|
TCHAR *pCookieDataBuffer = new TCHAR[dwCookieDataSize];
|
|
|
|
if (NULL != pCookieDataBuffer)
|
|
{
|
|
//
|
|
// all cookies for this page are returned in cookie data,
|
|
// the name argument is ignored
|
|
//
|
|
|
|
bReturn = InternetGetCookie(pszURL,
|
|
pszCookieName,
|
|
pCookieDataBuffer,
|
|
&dwCookieDataSize);
|
|
|
|
|
|
//
|
|
// is succeeded, parse cookie data buffer to see if the
|
|
// cookie we are looking for is there
|
|
//
|
|
|
|
if ( bReturn && ( NULL != _tcsstr(pCookieDataBuffer, pszCookieName) ) )
|
|
{
|
|
|
|
bFinalReturn = TRUE;
|
|
}
|
|
|
|
|
|
delete pCookieDataBuffer;
|
|
pCookieDataBuffer = NULL;
|
|
}
|
|
}
|
|
|
|
|
|
delete pszURL;
|
|
pszURL = NULL;
|
|
|
|
return bFinalReturn;
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// add a registry entry for this page as an indicator that the page is safe
|
|
// returns TRUE if the registry entry exists
|
|
//
|
|
|
|
HRESULT MarkPageSafeInRegistry(TCHAR const *szRegistryKeyName)
|
|
{
|
|
|
|
_ASSERTE(m_pszURL);
|
|
|
|
//
|
|
// open the registry key. create if not there
|
|
//
|
|
|
|
DWORD dwDisposition = 0;
|
|
HKEY hKey = 0;
|
|
|
|
LONG rc = RegCreateKeyEx(HKEY_CURRENT_USER,
|
|
szRegistryKeyName,
|
|
0,
|
|
NULL,
|
|
REG_OPTION_NON_VOLATILE,
|
|
KEY_ALL_ACCESS,
|
|
NULL,
|
|
&hKey,
|
|
&dwDisposition);
|
|
|
|
if ( rc == ERROR_SUCCESS )
|
|
{
|
|
DWORD dwData = 0;
|
|
|
|
//
|
|
// add the current URL to the registry
|
|
//
|
|
|
|
rc = RegSetValueEx(hKey,
|
|
m_pszURL,
|
|
0,
|
|
REG_DWORD,
|
|
(BYTE*)&dwData,
|
|
sizeof(DWORD));
|
|
|
|
}
|
|
|
|
if (hKey)
|
|
{
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
hKey = NULL;
|
|
|
|
if (rc == ERROR_SUCCESS )
|
|
{
|
|
return S_OK;
|
|
}
|
|
else
|
|
{
|
|
return E_FAIL;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// presence of a registry entry for this page indicates that the
|
|
// page is safe
|
|
//
|
|
|
|
BOOL IsPageSafeRegistry(TCHAR const *szRegistryKeyName)
|
|
{
|
|
|
|
DWORD dwDisposition = 0;
|
|
HKEY hKey = 0;
|
|
|
|
//
|
|
// the default is not safe
|
|
//
|
|
|
|
if (NULL == m_pszURL)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// open the registry key where the page information is kept.
|
|
// create if not there
|
|
//
|
|
|
|
LONG rc = RegCreateKeyEx(HKEY_CURRENT_USER,
|
|
szRegistryKeyName,
|
|
0,
|
|
NULL,
|
|
REG_OPTION_NON_VOLATILE,
|
|
KEY_CREATE_SUB_KEY | KEY_READ,
|
|
NULL,
|
|
&hKey,
|
|
&dwDisposition);
|
|
|
|
if ( rc == ERROR_SUCCESS )
|
|
{
|
|
|
|
|
|
DWORD dwDataType = 0;
|
|
DWORD dwDataSize = 0;
|
|
|
|
//
|
|
// read the setting for the current page.
|
|
// Note: we don't need the actual data, we just
|
|
// want to see if the value exists
|
|
//
|
|
|
|
rc = RegQueryValueEx(hKey,
|
|
m_pszURL,
|
|
0,
|
|
&dwDataType,
|
|
NULL,
|
|
&dwDataSize
|
|
);
|
|
}
|
|
|
|
if (hKey)
|
|
{
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
hKey = NULL;
|
|
|
|
return (rc == ERROR_SUCCESS);
|
|
}
|
|
|
|
|
|
//
|
|
// build the URL string based on the hardcoded URL and
|
|
// the actual URL for this page.
|
|
// we are hoping that the striing will be unique (per page) and no
|
|
// mischevious scripting app can drop a cookie corresponding to
|
|
// this URL
|
|
//
|
|
// Note: if the implementation of of Internet(Set/Get)Cookie changes
|
|
// to have stricter validation for the URL string, this technique will
|
|
// not work
|
|
//
|
|
|
|
void GenerateURLString(TCHAR **ppszURL)
|
|
{
|
|
|
|
//
|
|
// the precondition is that m_pszURL exists
|
|
//
|
|
|
|
_ASSERT(NULL != m_pszURL);
|
|
|
|
*ppszURL = NULL;
|
|
|
|
//
|
|
// alias the char pointer pointer to by *pszURL.
|
|
// so it is easier to refer to.
|
|
//
|
|
|
|
TCHAR* &pszURL = *ppszURL;
|
|
|
|
//
|
|
// allocate memory for concatenated string
|
|
//
|
|
|
|
pszURL = new TCHAR[_tcslen(gszHardCodedURL) +
|
|
_tcslen(m_pszURL) +
|
|
_tcslen(gszURLSuffix) + 1];
|
|
|
|
// concatenate
|
|
|
|
if (pszURL)
|
|
{
|
|
*pszURL = _T('\0');
|
|
|
|
_tcscat(pszURL, gszHardCodedURL);
|
|
_tcscat(pszURL, m_pszURL);
|
|
_tcscat(pszURL, gszURLSuffix);
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
//
|
|
// cached URL string
|
|
//
|
|
|
|
TCHAR *m_pszURL;
|
|
|
|
|
|
//
|
|
// cached security zone
|
|
//
|
|
|
|
DWORD m_dwSecurityZone;
|
|
|
|
|
|
//
|
|
// site for IObjectWithSite
|
|
//
|
|
|
|
IUnknown *m_pUnkSite;
|
|
|
|
//
|
|
// thread safety
|
|
//
|
|
|
|
static CComAutoCriticalSection s_ObjectWithSiteCritSection;
|
|
|
|
//
|
|
// the status of the current page
|
|
//
|
|
|
|
static EnValidation s_enValidation;
|
|
|
|
//
|
|
// name of the persistent cookie or registry key
|
|
//
|
|
|
|
TCHAR *m_pszStorageName;
|
|
|
|
};
|
|
|
|
#endif // _TAPI_OBJECT_WITH_SITE_H_
|