Default to FOLDERID_Downloads on Windows Vista/7 when safe.

Landing for DCheng@. Codereview: http://codereview.chromium.org/553040 TEST=none BUG=13610 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37023 0039d316-1c4b-4281-b951-d872f2087c98
author: dimich@google.com <dimich@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2010-01-25 18:18:20 +0000
committer: dimich@google.com <dimich@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2010-01-25 18:18:20 +0000
commit: 2403fd6476afd05baed46b26b698ce305a351787 (patch)
tree: 87324fc7ded19e77f66fefccf81da8ac56fc600d /chrome
parent: 4b167a328d35583af35e865e8fcd40dafcb9a55a (diff)
download: chromium_src-2403fd6476afd05baed46b26b698ce305a351787.zip
chromium_src-2403fd6476afd05baed46b26b698ce305a351787.tar.gz
chromium_src-2403fd6476afd05baed46b26b698ce305a351787.tar.bz2
5 files changed, 69 insertions, 27 deletions
diff --git a/chrome/browser/download/download_manager.cc b/chrome/browser/download/download_manager.cc
index c0b9e82..6bbdd93 100644
--- a/chrome/browser/download/download_manager.cc
+++ b/chrome/browser/download/download_manager.cc
@@ -337,6 +337,12 @@ void DownloadManager::RegisterUserPrefs(PrefService* prefs) {
                         &default_download_path)) {
     NOTREACHED();
   }
+  if (DownloadPathIsDangerous(default_download_path)) {
+    if (!PathService::Get(chrome::DIR_DEFAULT_DOWNLOADS_SAFE,
+                          &default_download_path)) {
+      NOTREACHED();
+    }
+  }
   prefs->RegisterFilePathPref(prefs::kDownloadDefaultDirectory,
                               default_download_path);
 
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
index 9b02bb7..d423507 100644
--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
@@ -83,6 +83,14 @@ bool PathProvider(int key, FilePath* result) {
         return false;
       create_dir = true;
       break;
+    case chrome::DIR_DEFAULT_DOWNLOADS_SAFE:
+#if defined(OS_WIN)
+      if (!GetUserDownloadsDirectorySafe(&cur))
+        return false;
+      break;
+#else
+      // Fall through for all other platforms.
+#endif
     case chrome::DIR_DEFAULT_DOWNLOADS:
       if (!GetUserDownloadsDirectory(&cur))
         return false;
diff --git a/chrome/common/chrome_paths.h b/chrome/common/chrome_paths.h
index 4382c62..3b0521b 100644
--- a/chrome/common/chrome_paths.h
+++ b/chrome/common/chrome_paths.h
@@ -15,33 +15,38 @@ namespace chrome {
 enum {
   PATH_START = 1000,
 
-  DIR_APP = PATH_START,  // directory where dlls and data reside
-  DIR_LOGS,              // directory where logs should be written
-  DIR_USER_DATA,         // directory where user data can be written
-  DIR_CRASH_DUMPS,       // directory where crash dumps are written
-  DIR_USER_DESKTOP,      // directory that correspond to the desktop
-  DIR_INSPECTOR,         // directory where web inspector is located
-  DIR_APP_DICTIONARIES,  // directory where the global dictionaries are
-  DIR_USER_DOCUMENTS,    // directory for a user's "My Documents"
-  DIR_DEFAULT_DOWNLOADS, // directory for a user's "My Documents/Downloads"
-  FILE_RESOURCE_MODULE,  // full path and filename of the module that contains
-                         // embedded resources (version, strings, images, etc.)
-  FILE_LOCAL_STATE,      // path and filename to the file in which machine/
-                         // installation-specific state is saved
-  FILE_RECORDED_SCRIPT,  // full path to the script.log file that contains
-                         // recorded browser events for playback.
-  FILE_GEARS_PLUGIN,     // full path to the gears.dll plugin file.
-  FILE_LIBAVCODEC,       // full path to libavcodec media decoding library.
-  FILE_LIBAVFORMAT,      // full path to libavformat media parsing library.
-  FILE_LIBAVUTIL,        // full path to libavutil media utility library.
+  DIR_APP = PATH_START,         // directory where dlls and data reside
+  DIR_LOGS,                     // directory where logs should be written
+  DIR_USER_DATA,                // directory where user data can be written
+  DIR_CRASH_DUMPS,              // directory where crash dumps are written
+  DIR_USER_DESKTOP,             // directory that correspond to the desktop
+  DIR_INSPECTOR,                // directory where web inspector is located
+  DIR_APP_DICTIONARIES,         // directory where the global dictionaries are
+  DIR_USER_DOCUMENTS,           // directory for a user's "My Documents"
+  DIR_DEFAULT_DOWNLOADS_SAFE,   // directory for a user's
+                                // "My Documents/Downloads"
+  DIR_DEFAULT_DOWNLOADS,        // directory for a user's downloads
+  FILE_RESOURCE_MODULE,         // full path and filename of the module that
+                                // contains embedded resources (version,
+                                // strings, images, etc.)
+  FILE_LOCAL_STATE,             // path and filename to the file in which
+                                // machine/installation-specific state is saved
+  FILE_RECORDED_SCRIPT,         // full path to the script.log file that
+                                // contains recorded browser events for playback
+  FILE_GEARS_PLUGIN,            // full path to the gears.dll plugin file.
+  FILE_LIBAVCODEC,              // full path to libavcodec media decoding
+                                // library.
+  FILE_LIBAVFORMAT,             // full path to libavformat media parsing
+                                // library.
+  FILE_LIBAVUTIL,               // full path to libavutil media utility library.
 #if defined(OS_CHROMEOS)
-  FILE_CHROMEOS_API,     // full path to chrome os api shared object.
+  FILE_CHROMEOS_API,            // full path to chrome os api shared object.
 #endif
 
 
   // Valid only in development environment; TODO(darin): move these
-  DIR_TEST_DATA,         // directory where unit test data resides
-  DIR_TEST_TOOLS,        // directory where unit test tools reside
+  DIR_TEST_DATA,                // directory where unit test data resides
+  DIR_TEST_TOOLS,               // directory where unit test tools reside
 
   PATH_END
 };
diff --git a/chrome/common/chrome_paths_internal.h b/chrome/common/chrome_paths_internal.h
index dc726d6..5254f51 100644
--- a/chrome/common/chrome_paths_internal.h
+++ b/chrome/common/chrome_paths_internal.h
@@ -22,6 +22,11 @@ bool GetChromeFrameUserDataDirectory(FilePath* result);
 // Get the path to the user's documents directory.
 bool GetUserDocumentsDirectory(FilePath* result);
 
+#if defined (OS_WIN)
+// Gets the path to a safe default download directory for a user.
+bool GetUserDownloadsDirectorySafe(FilePath* result);
+#endif
+
 // Get the path to the user's downloads directory.
 bool GetUserDownloadsDirectory(FilePath* result);
 
diff --git a/chrome/common/chrome_paths_win.cc b/chrome/common/chrome_paths_win.cc
index 5a860b9..40ef825 100644
--- a/chrome/common/chrome_paths_win.cc
+++ b/chrome/common/chrome_paths_win.cc
@@ -5,11 +5,15 @@
 #include "chrome/common/chrome_paths_internal.h"
 
 #include <windows.h>
+#include <knownfolders.h>
 #include <shellapi.h>
 #include <shlobj.h>
+#include <shobjidl.h>
 
+#include "app/win_util.h"
 #include "base/file_path.h"
 #include "base/path_service.h"
+#include "base/scoped_comptr_win.h"
 #include "chrome/common/chrome_constants.h"
 
 namespace chrome {
@@ -45,13 +49,11 @@ bool GetUserDocumentsDirectory(FilePath* result) {
   return true;
 }
 
-// On Vista, we can get the download path using a Win API
-// (http://msdn.microsoft.com/en-us/library/bb762584(VS.85).aspx),
-// but it can be set to Desktop, which is dangerous. Instead,
-// we just use 'Downloads' under DIR_USER_DOCUMENTS. Localizing
+// Return a default path for downloads that is safe.
+// We just use 'Downloads' under DIR_USER_DOCUMENTS. Localizing
 // 'downloads' is not a good idea because Chrome's UI language
 // can be changed.
-bool GetUserDownloadsDirectory(FilePath* result) {
+bool GetUserDownloadsDirectorySafe(FilePath* result) {
   if (!GetUserDocumentsDirectory(result))
     return false;
 
@@ -59,6 +61,22 @@ bool GetUserDownloadsDirectory(FilePath* result) {
   return true;
 }
 
+// On Vista and higher, use the downloads known folder. Since it can be
+// relocated to point to a "dangerous" folder, callers should validate that the
+// returned path is not dangerous before using it.
+bool GetUserDownloadsDirectory(FilePath* result) {
+  typedef HRESULT (WINAPI *GetKnownFolderPath)(
+      REFKNOWNFOLDERID, DWORD, HANDLE, PWSTR*);
+  GetKnownFolderPath f = reinterpret_cast<GetKnownFolderPath>(
+      GetProcAddress(GetModuleHandle(L"shell32.dll"), "SHGetKnownFolderPath"));
+  win_util::CoMemReleaser<wchar_t> path_buf;
+  if (f && SUCCEEDED(f(FOLDERID_Downloads, 0, NULL, &path_buf))) {
+    *result = FilePath(std::wstring(path_buf));
+    return true;
+  }
+  return GetUserDownloadsDirectorySafe(result);
+}
+
 bool GetUserDesktop(FilePath* result) {
   // We need to go compute the value. It would be nice to support paths
   // with names longer than MAX_PATH, but the system functions don't seem
author	dimich@google.com <dimich@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2010-01-25 18:18:20 +0000
committer	dimich@google.com <dimich@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2010-01-25 18:18:20 +0000
commit	2403fd6476afd05baed46b26b698ce305a351787 (patch)
tree	87324fc7ded19e77f66fefccf81da8ac56fc600d /chrome
parent	4b167a328d35583af35e865e8fcd40dafcb9a55a (diff)
download	chromium_src-2403fd6476afd05baed46b26b698ce305a351787.zip chromium_src-2403fd6476afd05baed46b26b698ce305a351787.tar.gz chromium_src-2403fd6476afd05baed46b26b698ce305a351787.tar.bz2