Disable outdated non-sandboxed plugins.

Relanding r55227, which had a compile error. BUG=47731 TEST=Run with --disable-outdated-plugins Review URL: http://codereview.chromium.org/3071028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55394 0039d316-1c4b-4281-b951-d872f2087c98
author: bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-09 13:32:29 +0000
committer: bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-09 13:32:29 +0000
commit: 851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c (patch)
tree: a409d4ec9b6804999d0ea4bf25750d6e896f90ba /chrome/renderer
parent: b089b89cabbb56d499dcbe2ee070e20710d362ef (diff)
download: chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.zip
chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.tar.gz
chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.tar.bz2
5 files changed, 114 insertions, 37 deletions
diff --git a/chrome/renderer/blocked_plugin.cc b/chrome/renderer/blocked_plugin.cc
index c6433c3..b3c0973 100644
--- a/chrome/renderer/blocked_plugin.cc
+++ b/chrome/renderer/blocked_plugin.cc
@@ -10,6 +10,7 @@
 #include "base/string_piece.h"
 #include "chrome/common/jstemplate_builder.h"
 #include "chrome/common/notification_service.h"
+#include "chrome/common/plugin_group.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/renderer/render_view.h"
 #include "grit/generated_resources.h"
@@ -33,7 +34,8 @@ static const char* const kBlockedPluginDataURL = "chrome://blockedplugindata/";
 
 BlockedPlugin::BlockedPlugin(RenderView* render_view,
                              WebFrame* frame,
-                            const WebPluginParams& params)
+                             const WebPluginParams& params,
+                             PluginGroup* group)
     : render_view_(render_view),
       frame_(frame),
       plugin_params_(params) {
@@ -49,15 +51,19 @@ BlockedPlugin::BlockedPlugin(RenderView* render_view,
   DCHECK(!template_html.empty()) << "unable to load template. ID: "
                                  << resource_id;
 
-  DictionaryValue localized_strings;
-  localized_strings.SetString(L"loadPlugin",
+  DictionaryValue values;
+  values.SetString(L"loadPlugin",
       l10n_util::GetStringUTF16(IDS_PLUGIN_LOAD));
-  localized_strings.SetString(L"message",
+  values.SetString(L"updatePlugin",
+      l10n_util::GetStringUTF16(IDS_PLUGIN_UPDATE));
+  values.SetString(L"message",
       l10n_util::GetStringUTF16(IDS_BLOCKED_PLUGINS_TITLE));
+  if (group)
+    values.Set(L"pluginGroup", group->GetDataForUI());
 
   // "t" is the id of the templates root node.
   std::string htmlData = jstemplate_builder::GetTemplatesHtml(
-      template_html, &localized_strings, "t");
+      template_html, &values, "t");
 
   web_view->mainFrame()->loadHTMLString(htmlData,
                                         GURL(kBlockedPluginDataURL));
@@ -70,6 +76,7 @@ BlockedPlugin::BlockedPlugin(RenderView* render_view,
 void BlockedPlugin::BindWebFrame(WebFrame* frame) {
   BindToJavascript(frame, L"plugin");
   BindMethod("load", &BlockedPlugin::Load);
+  BindMethod("update", &BlockedPlugin::Update);
 }
 
 void BlockedPlugin::WillDestroyPlugin() {
@@ -90,6 +97,23 @@ void BlockedPlugin::Load(const CppArgumentList& args, CppVariant* result) {
   LoadPlugin();
 }
 
+void BlockedPlugin::Update(const CppArgumentList& args, CppVariant* result) {
+  if (args.size() > 0) {
+    CppVariant arg(args[0]);
+    if (arg.isString()) {
+      GURL url(arg.ToString());
+      OpenURL(url);
+    }
+  }
+}
+
+void BlockedPlugin::OpenURL(GURL& url) {
+  render_view_->Send(new ViewHostMsg_OpenURL(render_view_->routing_id(),
+                                             url,
+                                             GURL(),
+                                             CURRENT_TAB));
+}
+
 void BlockedPlugin::LoadPlugin() {
   CHECK(plugin_);
   WebPluginContainer* container = plugin_->container();
diff --git a/chrome/renderer/blocked_plugin.h b/chrome/renderer/blocked_plugin.h
index 014c489..40a601d 100644
--- a/chrome/renderer/blocked_plugin.h
+++ b/chrome/renderer/blocked_plugin.h
@@ -11,6 +11,8 @@
 #include "webkit/glue/cpp_bound_class.h"
 #include "webkit/glue/plugins/webview_plugin.h"
 
+class GURL;
+class PluginGroup;
 class RenderView;
 
 class BlockedPlugin : public CppBoundClass,
@@ -19,10 +21,8 @@ class BlockedPlugin : public CppBoundClass,
  public:
   BlockedPlugin(RenderView* render_view,
                 WebKit::WebFrame* frame,
-                const WebKit::WebPluginParams& params);
-
-  void Load(const CppArgumentList& args, CppVariant* result);
-  void LoadPlugin();
+                const WebKit::WebPluginParams& params,
+                PluginGroup* group);
 
   WebViewPlugin* plugin() { return plugin_; }
 
@@ -38,6 +38,22 @@ class BlockedPlugin : public CppBoundClass,
  private:
   virtual ~BlockedPlugin() { }
 
+  // Javascript callbacks:
+  // Load the blocked plugin by calling LoadPlugin() below.
+  // Takes no arguments, and returns nothing.
+  void Load(const CppArgumentList& args, CppVariant* result);
+
+  // Update an outdated plugin. Takes one argument, the URL to download the
+  // latest version, and returns nothing.
+  void Update(const CppArgumentList& args, CppVariant* result);
+
+  // Tells the browser to navigate to |url| (to download the latest version of
+  // the plugin there).
+  void OpenURL(GURL& url);
+
+  // Load the blocked plugin.
+  void LoadPlugin();
+
   RenderView* render_view_;
   WebKit::WebFrame* frame_;
   WebKit::WebPluginParams plugin_params_;
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index b863fbb..bc400ef 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -34,6 +34,7 @@
 #include "chrome/common/notification_service.h"
 #include "chrome/common/page_zoom.h"
 #include "chrome/common/pepper_plugin_registry.h"
+#include "chrome/common/plugin_group.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/renderer_preferences.h"
 #include "chrome/common/thumbnail_score.h"
@@ -2236,15 +2237,30 @@ WebPlugin* RenderView::createPlugin(WebFrame* frame,
                                      &info,
                                      &actual_mime_type));
 
-  if (!found || !info.enabled)
+  if (!found)
     return NULL;
 
+  scoped_ptr<PluginGroup> group(PluginGroup::FindHardcodedPluginGroup(info));
+  group->AddPlugin(info, 0);
+
+  if (!info.enabled) {
+    if (CommandLine::ForCurrentProcess()->HasSwitch(
+            switches::kDisableOutdatedPlugins) &&
+        group->IsVulnerable()) {
+      Send(new ViewHostMsg_DisabledOutdatedPlugin(routing_id_,
+                                                  group->GetGroupName(),
+                                                  GURL(group->GetUpdateURL())));
+      return CreatePluginPlaceholder(frame, params, group.get());
+    }
+    return NULL;
+  }
+
   if (info.path.value() != kDefaultPluginLibraryName) {
     if (!AllowContentType(CONTENT_SETTINGS_TYPE_PLUGINS)) {
       DCHECK(CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kEnableClickToPlay));
       didNotAllowPlugins(frame);
-      return CreatePluginPlaceholder(frame, params);
+      return CreatePluginPlaceholder(frame, params, NULL);
     }
     scoped_refptr<pepper::PluginModule> pepper_module =
         PepperPluginRegistry::GetInstance()->GetModule(info.path);
@@ -2252,8 +2268,9 @@ WebPlugin* RenderView::createPlugin(WebFrame* frame,
       return CreatePepperPlugin(frame, params, info.path, pepper_module.get());
     if (CommandLine::ForCurrentProcess()->HasSwitch(
             switches::kBlockNonSandboxedPlugins)) {
-      Send(new ViewHostMsg_NonSandboxedPluginBlocked(routing_id_, info.name));
-      return CreatePluginPlaceholder(frame, params);
+      Send(new ViewHostMsg_NonSandboxedPluginBlocked(routing_id_,
+                                                     group->GetGroupName()));
+      return CreatePluginPlaceholder(frame, params, NULL);
     }
   }
   return CreateNPAPIPlugin(frame, params, info.path, actual_mime_type);
@@ -3746,11 +3763,13 @@ WebPlugin* RenderView::CreateNPAPIPlugin(WebFrame* frame,
 }
 
 WebPlugin* RenderView::CreatePluginPlaceholder(WebFrame* frame,
-                                               const WebPluginParams& params) {
+                                               const WebPluginParams& params,
+                                               PluginGroup* group) {
   // |blocked_plugin| will delete itself when the WebViewPlugin is destroyed.
-  BlockedPlugin* blocked_plugin = new BlockedPlugin(this, frame, params);
+  BlockedPlugin* blocked_plugin = new BlockedPlugin(this, frame, params, group);
   WebViewPlugin* plugin = blocked_plugin->plugin();
-  webkit_preferences_.Apply(plugin->web_view());
+  WebView* web_view = plugin->web_view();
+  webkit_preferences_.Apply(web_view);
   return plugin;
 }
 
diff --git a/chrome/renderer/render_view.h b/chrome/renderer/render_view.h
index 1834ba1..f31d27e 100644
--- a/chrome/renderer/render_view.h
+++ b/chrome/renderer/render_view.h
@@ -64,6 +64,7 @@ class ListValue;
 class NavigationState;
 class NotificationProvider;
 class PepperDeviceTest;
+class PluginGroup;
 class PrintWebViewHelper;
 class RenderViewVisitor;
 class SkBitmap;
@@ -868,7 +869,8 @@ class RenderView : public RenderWidget,
   // Create a new placeholder for a blocked plugin.
   WebKit::WebPlugin* CreatePluginPlaceholder(
       WebKit::WebFrame* frame,
-      const WebKit::WebPluginParams& params);
+      const WebKit::WebPluginParams& params,
+      PluginGroup* group);
 
   // Sends an IPC notification that the specified content type was blocked.
   void DidBlockContentType(ContentSettingsType settings_type);
diff --git a/chrome/renderer/resources/blocked_plugin.html b/chrome/renderer/resources/blocked_plugin.html
index 4310e98..b643b4d 100644
--- a/chrome/renderer/resources/blocked_plugin.html
+++ b/chrome/renderer/resources/blocked_plugin.html
@@ -1,12 +1,26 @@
 <!DOCTYPE html>
 <html>
 <head>
+<script>
+function debug(msg) {
+  document.getElementById('debug').textContent = msg;
+}
+
+function bodyClicked() {
+  var group = templateData.pluginGroup;
+  if (group) {
+    plugin.update(group.update_url);
+  } else {
+    plugin.load();
+  }
+}
+</script>
 <style>
 body {
-    background-color: rgb(252, 235, 162);
-    margin: 0;
-    text-align: center;
-    font-family: sans-serif;
+  background-color: rgb(252, 235, 162);
+  margin: 0;
+  text-align: center;
+  font-family: sans-serif;
 }
 
 h1 {
@@ -16,7 +30,7 @@ h1 {
 }
 
 #outer:hover h1 {
-    text-decoration: underline;
+  text-decoration: underline;
 }
 
 p {
@@ -25,32 +39,32 @@ p {
 }
 
 #outer {
-    width: 100%;
-    height: 100%;
-    cursor: pointer;
-    position: absolute;
+  width: 100%;
+  height: 100%;
+  cursor: pointer;
+  position: absolute;
 }
 
 #inner {
-    position: relative;
-    top: 50%;
-    margin-top: -50px;
+  position: relative;
+  top: 50%;
+  margin-top: -50px;
 }
 
 #top, #bottom, #left, #right {
-	background: black;
-	position: fixed;
+  background: black;
+  position: fixed;
 }
 #left, #right {
-	top: 0; bottom: 0;
-	width: 1px;
+  top: 0; bottom: 0;
+  width: 1px;
 }
 #left { left: 0; }
 #right { right: 0; }
 
 #top, #bottom {
-	left: 0; right: 0;
-	height: 1px;
+  left: 0; right: 0;
+  height: 1px;
 }
 #top { top: 0; }
 #bottom { bottom: 0; }
@@ -58,15 +72,17 @@ p {
 </head>
 
 <body id="t">
-<div id="outer" onclick="plugin.load()">
+<div id="outer" onclick="bodyClicked()">
 <div id="left"></div>
 <div id="right"></div>
 <div id="top"></div>
 <div id="bottom"></div>
 <div id="inner">
 <div><img src="../../app/theme/extensions_section.png" /></div>
-<h1 i18n-content="loadPlugin">PLUGIN_LOAD</h1>
+<h1 jsdisplay="!hasOwnProperty('pluginGroup') || !pluginGroup.critical"  i18n-content="loadPlugin">PLUGIN_LOAD</h1>
+<h1 jsdisplay="hasOwnProperty('pluginGroup')" i18n-content="updatePlugin">UPDATE_PLUGIN</h1>
 <p><span class="help" i18n-content="message">BLOCKED_PLUGINS_TITLE</span></p>
+<p id="debug"> </p>
 </div>
 </div>
 </body>
author	bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-09 13:32:29 +0000
committer	bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-09 13:32:29 +0000
commit	851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c (patch)
tree	a409d4ec9b6804999d0ea4bf25750d6e896f90ba /chrome/renderer
parent	b089b89cabbb56d499dcbe2ee070e20710d362ef (diff)
download	chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.zip chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.tar.gz chromium_src-851b1eb7c1ccf13b7fb7627bca78f7aefd03c67c.tar.bz2