Fix the handling of user gestures for external protocol handler dialogs.

chrome/browser/external_protocol/external_protocol_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/external_protocol/external_protocol_handler.h"
 
 #include <set>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
 #include "base/strings/string_util.h"
 #include "base/threading/thread.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/platform_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
 #include "net/base/escape.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 
-// Whether we accept requests for launching external protocols. This is set to
-// false every time an external protocol is requested, and set back to true on
-// each user gesture. This variable should only be accessed from the UI thread.
-static bool g_accept_requests = true;
+// User gesture counter. This is increased when a user gesture is available, and
+// decreased when the gesture is consumed or goes out of scope. This variable
+// should only be accessed from the UI thread.
+static size_t g_consumable_user_gestures = 0;
 
 namespace {
 
 // Functions enabling unit testing. Using a NULL delegate will use the default
 // behavior; if a delegate is provided it will be used instead.
 ShellIntegration::DefaultProtocolClientWorker* CreateShellWorker(
     ShellIntegration::DefaultWebClientObserver* observer,
     const std::string& protocol,
     ExternalProtocolHandler::Delegate* delegate) {
   if (!delegate)
@@ skipping 153 matching lines @@
   for (size_t i = 0; i < arraysize(allowed_schemes); ++i) {
     if (!win_pref->GetBoolean(allowed_schemes[i], &should_block)) {
       win_pref->SetBoolean(allowed_schemes[i], false);
     }
   }
 }
 
 // static
 ExternalProtocolHandler::BlockState ExternalProtocolHandler::GetBlockState(
     const std::string& scheme) {
-  // If we are being carpet bombed, block the request.
-  if (!g_accept_requests)
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (!g_consumable_user_gestures)
     return BLOCK;
 
   if (scheme.length() == 1) {
     // We have a URL that looks something like:
     //   C:/WINDOWS/system32/notepad.exe
     // ShellExecuting this URL will cause the specified program to be executed.
     return BLOCK;
   }
 
   // Check the stored prefs.
@@ skipping 44 matching lines @@
   std::string escaped_url_string = net::EscapeExternalHandlerValue(url.spec());
   GURL escaped_url(escaped_url_string);
   BlockState block_state = GetBlockStateWithDelegate(escaped_url.scheme(),
                                                      delegate);
   if (block_state == BLOCK) {
     if (delegate)
       delegate->BlockRequest();
     return;
   }
 
-  g_accept_requests = false;
-
   // The worker creates tasks with references to itself and puts them into
   // message loops. When no tasks are left it will delete the observer and
   // eventually be deleted itself.
   ShellIntegration::DefaultWebClientObserver* observer =
       new ExternalDefaultProtocolObserver(url,
                                           render_process_host_id,
                                           tab_contents_id,
                                           block_state == UNKNOWN,
                                           delegate);
   scoped_refptr<ShellIntegration::DefaultProtocolClientWorker> worker =
@@ skipping 17 matching lines @@
 
   platform_util::OpenExternal(
       Profile::FromBrowserContext(web_contents->GetBrowserContext()), url);
 }
 
 // static
 void ExternalProtocolHandler::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterDictionaryPref(prefs::kExcludedSchemes);
 }
 
-// static
-void ExternalProtocolHandler::PermitLaunchUrl() {
-  DCHECK(base::MessageLoopForUI::IsCurrent());
-  g_accept_requests = true;
+ExternalProtocolHandler::ScopedUserGesture::ScopedUserGesture() {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  g_consumable_user_gestures++;
 }
+
+ExternalProtocolHandler::ScopedUserGesture::~ScopedUserGesture() {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  g_consumable_user_gestures--;
+}