| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <shlobj.h> | 5 #include <shlobj.h> |
| 6 #include <shobjidl.h> | 6 #include <shobjidl.h> |
| 7 | 7 |
| 8 #include "chrome/common/win_safe_util.h" | 8 #include "chrome/common/win_safe_util.h" |
| 9 | 9 |
| 10 #include "app/win_util.h" | 10 #include "app/win_util.h" |
| 11 #include "base/file_path.h" | 11 #include "base/file_path.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/path_service.h" | 13 #include "base/path_service.h" |
| 14 #include "base/scoped_comptr_win.h" | 14 #include "base/scoped_comptr_win.h" |
| 15 #include "base/string_util.h" | 15 #include "base/string_util.h" |
| 16 | 16 |
| 17 namespace win_util { | 17 namespace win_util { |
| 18 | 18 |
| 19 // This GUID is associated with any 'don't ask me again' settings that the |
| 20 // user can select for different file types. |
| 21 // {2676A9A2-D919-4fee-9187-152100393AB2} |
| 22 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee, |
| 23 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } }; |
| 24 |
| 19 // This function implementation is based on the attachment execution | 25 // This function implementation is based on the attachment execution |
| 20 // services functionally deployed with IE6 or Service pack 2. This | 26 // services functionally deployed with IE6 or Service pack 2. This |
| 21 // functionality is exposed in the IAttachmentExecute COM interface. | 27 // functionality is exposed in the IAttachmentExecute COM interface. |
| 22 // more information at: | 28 // more information at: |
| 23 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx | 29 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx |
| 24 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title, | 30 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title, |
| 25 const FilePath& full_path, | 31 const FilePath& full_path, |
| 26 const std::wstring& source_url) { | 32 const std::wstring& source_url) { |
| 27 ScopedComPtr<IAttachmentExecute> attachment_services; | 33 ScopedComPtr<IAttachmentExecute> attachment_services; |
| 28 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); | 34 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); |
| 29 if (FAILED(hr)) { | 35 if (FAILED(hr)) { |
| 30 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 | 36 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 |
| 31 // Windows installation, or the thread does not have COM initialized. | 37 // Windows installation, or the thread does not have COM initialized. |
| 32 if (hr == CO_E_NOTINITIALIZED) { | 38 if (hr == CO_E_NOTINITIALIZED) { |
| 33 NOTREACHED(); | 39 NOTREACHED(); |
| 34 return false; | 40 return false; |
| 35 } | 41 } |
| 36 return OpenItemViaShell(full_path); | 42 return OpenItemViaShell(full_path); |
| 37 } | 43 } |
| 38 | 44 |
| 39 // This GUID is associated with any 'don't ask me again' settings that the | |
| 40 // user can select for different file types. | |
| 41 // {2676A9A2-D919-4fee-9187-152100393AB2} | |
| 42 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee, | |
| 43 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } }; | |
| 44 | |
| 45 attachment_services->SetClientGuid(kClientID); | 45 attachment_services->SetClientGuid(kClientID); |
| 46 | 46 |
| 47 if (!window_title.empty()) | 47 if (!window_title.empty()) |
| 48 attachment_services->SetClientTitle(window_title.c_str()); | 48 attachment_services->SetClientTitle(window_title.c_str()); |
| 49 | 49 |
| 50 // To help windows decide if the downloaded file is dangerous we can provide | 50 // To help windows decide if the downloaded file is dangerous we can provide |
| 51 // what the documentation calls evidence. Which we provide now: | 51 // what the documentation calls evidence. Which we provide now: |
| 52 // | 52 // |
| 53 // Set the file itself as evidence. | 53 // Set the file itself as evidence. |
| 54 hr = attachment_services->SetLocalPath(full_path.value().c_str()); | 54 hr = attachment_services->SetLocalPath(full_path.value().c_str()); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action); | 87 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action); |
| 88 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) | 88 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) |
| 89 { | 89 { |
| 90 // The user has declined opening the item. | 90 // The user has declined opening the item. |
| 91 return false; | 91 return false; |
| 92 } | 92 } |
| 93 } | 93 } |
| 94 return OpenItemViaShellNoZoneCheck(full_path); | 94 return OpenItemViaShellNoZoneCheck(full_path); |
| 95 } | 95 } |
| 96 | 96 |
| 97 bool SetInternetZoneIdentifier(const FilePath& full_path) { | 97 bool SetInternetZoneIdentifier(const FilePath& full_path, |
| 98 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; | 98 const std::wstring& source_url) { |
| 99 std::wstring path = full_path.value() + L":Zone.Identifier"; | 99 ScopedComPtr<IAttachmentExecute> attachment_services; |
| 100 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL, | 100 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); |
| 101 OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); | 101 if (FAILED(hr)) { |
| 102 if (INVALID_HANDLE_VALUE == file) | |
| 103 return false; | 102 return false; |
| 103 } |
| 104 | 104 |
| 105 const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3"; | 105 hr = attachment_services->SetClientGuid(kClientID); |
| 106 DWORD written = 0; | 106 if (FAILED(hr)) { |
| 107 BOOL result = WriteFile(file, kIdentifier, arraysize(kIdentifier), &written, | 107 return false; |
| 108 NULL); | 108 } |
| 109 BOOL flush_result = FlushFileBuffers(file); | |
| 110 CloseHandle(file); | |
| 111 | 109 |
| 112 if (!result || !flush_result || written != arraysize(kIdentifier)) { | 110 hr = attachment_services->SetLocalPath(full_path.value().c_str()); |
| 113 NOTREACHED(); | 111 if (FAILED(hr)) { |
| 112 return false; |
| 113 } |
| 114 |
| 115 // Source is necessary for files ending in ".tmp" to avoid error 0x800c000e. |
| 116 hr = attachment_services->SetSource(source_url.c_str()); |
| 117 if (FAILED(hr)) { |
| 118 return false; |
| 119 } |
| 120 |
| 121 hr = attachment_services->Save(); |
| 122 if (FAILED(hr)) { |
| 114 return false; | 123 return false; |
| 115 } | 124 } |
| 116 | 125 |
| 117 return true; | 126 return true; |
| 118 } | 127 } |
| 119 | 128 |
| 120 } // namespace win_util | 129 } // namespace win_util |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 590001:
Respect the SaveZoneInformation policy when marking downloaded files as unsaf... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/