diff options
| author | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-21 04:07:55 +0000 |
|---|---|---|
| committer | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-21 04:07:55 +0000 |
| commit | 26f16b508c8f1d44ca12a95dfcc25193c700f6c3 (patch) | |
| tree | 0aec165200e0ed356ad5560fa64d8debc4a2edd4 /chrome/browser/extensions | |
| parent | d78ef705947b6f3bb52aa10cdf3ed21b579bf507 (diff) | |
| download | chromium_src-26f16b508c8f1d44ca12a95dfcc25193c700f6c3.zip chromium_src-26f16b508c8f1d44ca12a95dfcc25193c700f6c3.tar.gz chromium_src-26f16b508c8f1d44ca12a95dfcc25193c700f6c3.tar.bz2 | |
Only allow installation of extensions/apps with gallery update url via download from gallery
BUG=45542
TEST=NONE
Review URL: http://codereview.chromium.org/2855009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50333 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions')
| -rw-r--r-- | chrome/browser/extensions/crx_installer.cc | 12 | ||||
| -rw-r--r-- | chrome/browser/extensions/extension_updater.cc | 8 | ||||
| -rw-r--r-- | chrome/browser/extensions/extensions_service.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/extensions/extensions_ui.cc | 5 |
4 files changed, 17 insertions, 10 deletions
diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc index e5bed66..61b67f8 100644 --- a/chrome/browser/extensions/crx_installer.cc +++ b/chrome/browser/extensions/crx_installer.cc @@ -20,6 +20,7 @@ #include "chrome/browser/web_applications/web_app.h" #include "chrome/common/chrome_paths.h" #include "chrome/common/extensions/extension_file_util.h" +#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/notification_service.h" #include "chrome/common/notification_type.h" #include "grit/browser_resources.h" @@ -135,6 +136,17 @@ void CrxInstaller::OnUnpackSuccess(const FilePath& temp_dir, // the temp dir. unpacked_extension_root_ = extension_dir; + // Only allow extensions with a gallery update url to be installed after + // having been directly downloaded from the gallery. + if (extension->update_url() == GURL(extension_urls::kGalleryUpdateURL) && + !StartsWithASCII(original_url_.spec(), + extension_urls::kGalleryDownloadPrefix, false)) { + ReportFailureFromUIThread(l10n_util::GetStringFUTF8( + IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS, + l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE))); + return; + } + // Determine whether to allow installation. We always allow themes and // external installs. if (!extensions_enabled_ && !extension->is_theme() && diff --git a/chrome/browser/extensions/extension_updater.cc b/chrome/browser/extensions/extension_updater.cc index 781a200..9c428e3 100644 --- a/chrome/browser/extensions/extension_updater.cc +++ b/chrome/browser/extensions/extension_updater.cc @@ -26,6 +26,7 @@ #include "chrome/browser/utility_process_host.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/extensions/extension.h" +#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/pref_names.h" #include "googleurl/src/gurl.h" #include "net/base/escape.h" @@ -46,11 +47,6 @@ using prefs::kExtensionBlacklistUpdateVersion; using prefs::kLastExtensionsUpdateCheck; using prefs::kNextExtensionsUpdateCheck; -// The default URL to fall back to if an extension doesn't have an -// update URL. -const char kDefaultUpdateURL[] = - "http://clients2.google.com/service/update2/crx"; - // NOTE: HTTPS is used here to ensure the response from omaha can be trusted. // The response contains a url for fetching the blacklist and a hash value // for validation. @@ -241,7 +237,7 @@ void ManifestFetchesBuilder::AddExtensionData( } else if (update_url.is_empty()) { url_stats_.no_url_count++; // Fill in default update URL. - update_url = GURL(kDefaultUpdateURL); + update_url = GURL(extension_urls::kGalleryUpdateURL); } else { url_stats_.other_url_count++; } diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc index 57ef3e2..99dcd9c 100644 --- a/chrome/browser/extensions/extensions_service.cc +++ b/chrome/browser/extensions/extensions_service.cc @@ -104,7 +104,7 @@ bool ExtensionsService::IsDownloadFromGallery(const GURL& download_url, if (StartsWithASCII(download_url.spec(), extension_urls::kGalleryDownloadPrefix, false) && StartsWithASCII(referrer_url.spec(), - extension_urls::kGalleryBrowsePrefix, false)) { + Extension::ChromeStoreURL(), false)) { return true; } diff --git a/chrome/browser/extensions/extensions_ui.cc b/chrome/browser/extensions/extensions_ui.cc index 5cd3711..9ad2e78 100644 --- a/chrome/browser/extensions/extensions_ui.cc +++ b/chrome/browser/extensions/extensions_ui.cc @@ -33,7 +33,6 @@ #include "chrome/browser/tab_contents/tab_contents_view.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/extensions/extension.h" -#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/extensions/user_script.h" #include "chrome/common/extensions/url_pattern.h" #include "chrome/common/jstemplate_builder.h" @@ -100,12 +99,12 @@ void ExtensionsUIHTMLSource::StartDataRequest(const std::string& path, l10n_util::GetStringF(IDS_EXTENSIONS_NONE_INSTALLED_SUGGEST_GALLERY, std::wstring(L"<a href='") + ASCIIToWide(google_util::AppendGoogleLocaleParam( - GURL(extension_urls::kGalleryBrowsePrefix)).spec()) + L"'>", + GURL(Extension::ChromeStoreURL())).spec()) + L"'>", L"</a>")); localized_strings.SetString(L"getMoreExtensions", std::wstring(L"<a href='") + ASCIIToWide(google_util::AppendGoogleLocaleParam( - GURL(extension_urls::kGalleryBrowsePrefix)).spec()) + L"'>" + + GURL(Extension::ChromeStoreURL())).spec()) + L"'>" + l10n_util::GetString(IDS_GET_MORE_EXTENSIONS) + L"</a>"); localized_strings.SetString(L"extensionDisabled", |