Fix the handling of user gestures for external protocol handler dialogs.

chrome/browser/external_protocol/external_protocol_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/external_protocol/external_protocol_handler.h"
 
 #include <set>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
 #include "base/strings/string_util.h"
 #include "base/threading/thread.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/platform_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
 #include "net/base/escape.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 
-// Whether we accept requests for launching external protocols. This is set to
-// false every time an external protocol is requested, and set back to true on
-// each user gesture. This variable should only be accessed from the UI thread.
-static bool g_accept_requests = true;
-
 namespace {
 
 // Functions enabling unit testing. Using a NULL delegate will use the default
 // behavior; if a delegate is provided it will be used instead.
 ShellIntegration::DefaultProtocolClientWorker* CreateShellWorker(
     ShellIntegration::DefaultWebClientObserver* observer,
     const std::string& protocol,
     ExternalProtocolHandler::Delegate* delegate) {
   if (!delegate)
     return new ShellIntegration::DefaultProtocolClientWorker(observer,
                                                              protocol);
 
   return delegate->CreateShellWorker(observer, protocol);
 }
 
 ExternalProtocolHandler::BlockState GetBlockStateWithDelegate(
     const std::string& scheme,
-    ExternalProtocolHandler::Delegate* delegate) {
+    ExternalProtocolHandler::Delegate* delegate,
+    bool user_gesture) {
   if (!delegate)
-    return ExternalProtocolHandler::GetBlockState(scheme);
+    return ExternalProtocolHandler::GetBlockState(scheme, user_gesture);
 
-  return delegate->GetBlockState(scheme);
+  return delegate->GetBlockState(scheme, user_gesture);
 }
 
 void RunExternalProtocolDialogWithDelegate(
     const GURL& url,
     int render_process_host_id,
     int routing_id,
     ExternalProtocolHandler::Delegate* delegate) {
   if (!delegate) {
     ExternalProtocolHandler::RunExternalProtocolDialog(url,
                                                        render_process_host_id,
@@ skipping 129 matching lines @@
 
   for (size_t i = 0; i < arraysize(allowed_schemes); ++i) {
     if (!win_pref->GetBoolean(allowed_schemes[i], &should_block)) {
       win_pref->SetBoolean(allowed_schemes[i], false);
     }
   }
 }
 
 // static
 ExternalProtocolHandler::BlockState ExternalProtocolHandler::GetBlockState(
-    const std::string& scheme) {
-  // If we are being carpet bombed, block the request.
-  if (!g_accept_requests)
+    const std::string& scheme,
+    bool user_gesture) {
+
+  if (!user_gesture)
     return BLOCK;
 
   if (scheme.length() == 1) {
     // We have a URL that looks something like:
     //   C:/WINDOWS/system32/notepad.exe
     // ShellExecuting this URL will cause the specified program to be executed.
     return BLOCK;
   }
 
   // Check the stored prefs.
@@ skipping 29 matching lines @@
     } else {
       update_excluded_schemas->SetBoolean(scheme, (state == BLOCK));
     }
   }
 }
 
 // static
 void ExternalProtocolHandler::LaunchUrlWithDelegate(const GURL& url,
                                                     int render_process_host_id,
                                                     int tab_contents_id,
-                                                    Delegate* delegate) {
+                                                    Delegate* delegate,
+                                                    bool user_gesture) {
   DCHECK(base::MessageLoopForUI::IsCurrent());
 
   // Escape the input scheme to be sure that the command does not
   // have parameters unexpected by the external program.
   std::string escaped_url_string = net::EscapeExternalHandlerValue(url.spec());
   GURL escaped_url(escaped_url_string);
   BlockState block_state = GetBlockStateWithDelegate(escaped_url.scheme(),
-                                                     delegate);
+                                                     delegate,
+                                                     user_gesture);
   if (block_state == BLOCK) {
     if (delegate)
       delegate->BlockRequest();
     return;
   }
 
-  g_accept_requests = false;
-
   // The worker creates tasks with references to itself and puts them into
   // message loops. When no tasks are left it will delete the observer and
   // eventually be deleted itself.
   ShellIntegration::DefaultWebClientObserver* observer =
       new ExternalDefaultProtocolObserver(url,
                                           render_process_host_id,
                                           tab_contents_id,
                                           block_state == UNKNOWN,
                                           delegate);
   scoped_refptr<ShellIntegration::DefaultProtocolClientWorker> worker =
@@ skipping 16 matching lines @@
     return;
 
   platform_util::OpenExternal(
       Profile::FromBrowserContext(web_contents->GetBrowserContext()), url);
 }
 
 // static
 void ExternalProtocolHandler::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterDictionaryPref(prefs::kExcludedSchemes);
 }
-
-// static
-void ExternalProtocolHandler::PermitLaunchUrl() {
-  DCHECK(base::MessageLoopForUI::IsCurrent());
-  g_accept_requests = true;
-}