Compare commits

...

No commits in common. 'i9c-beta' and 'c9' have entirely different histories.
i9c-beta ... c9

@ -0,0 +1,69 @@
From 6167f5815aefa78a70517c8e2acbdd7b9c9be27d Mon Sep 17 00:00:00 2001
Message-ID: <6167f5815aefa78a70517c8e2acbdd7b9c9be27d.1703003067.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 14:20:07 +0000
Subject: [PATCH] escape url passed to gstreamer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159583
erAck: backported to 7.1.8.1
---
avmedia/source/gstreamer/gstframegrabber.cxx | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-escape-url-passed-to-gstreamer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-escape-url-passed-to-gstreamer.patch"
diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
index ece799d87530..25170a296e66 100644
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
@@ -51,11 +51,9 @@ void FrameGrabber::disposePipeline()
FrameGrabber::FrameGrabber( const OUString &rURL ) :
FrameGrabber_BASE()
{
- gchar *pPipelineStr;
- pPipelineStr = g_strdup_printf(
- "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
- "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
- OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
+ const char pPipelineStr[] =
+ "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
+ "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
GError *pError = nullptr;
mpPipeline = gst_parse_launch( pPipelineStr, &pError );
@@ -66,6 +64,12 @@ FrameGrabber::FrameGrabber( const OUString &rURL ) :
}
if( mpPipeline ) {
+
+ if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
+ g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
+ else
+ g_warning("Missing 'source' element in gstreamer pipeline");
+
// pre-roll
switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
case GST_STATE_CHANGE_FAILURE:
--------------erAck-patch-parts--

@ -0,0 +1,93 @@
From 37d73a1ab94b43e03866d5a910cb58331543b8c3 Mon Sep 17 00:00:00 2001
Message-ID: <37d73a1ab94b43e03866d5a910cb58331543b8c3.1703086247.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:14:26 +0000
Subject: [PATCH] add some protocols that don't make sense as floating frame
targets
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159582
erAck: backported to 7.1.8.1
---
include/tools/urlobj.hxx | 5 +++++
sfx2/source/doc/iframe.cxx | 5 ++++-
tools/source/fsys/urlobj.cxx | 8 ++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
index 9d6820ddf241..dfd658722826 100644
--- a/include/tools/urlobj.hxx
+++ b/include/tools/urlobj.hxx
@@ -915,6 +915,11 @@ public:
void changeScheme(INetProtocol eTargetScheme);
+ // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
+ // vnd.sun.star.script, etc. All the types of URLs which shouldn't
+ // be accepted from an outside controlled source
+ bool IsExoticProtocol() const;
+
private:
// General Structure:
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 150218b436e9..b81ce82fd32e 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -168,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
xTrans->parseStrict( aTargetURL );
INetURLObject aURLObject(aTargetURL.Complete);
- if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ if (aURLObject.IsExoticProtocol())
+ {
+ //SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete);
return false;
+ }
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 764bb28ef623..2a9f7bc3d7dc 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4829,4 +4829,12 @@ OUString INetURLObject::CutExtension()
? aTheExtension : OUString();
}
+bool INetURLObject::IsExoticProtocol() const
+{
+ return m_eScheme == INetProtocol::Slot ||
+ m_eScheme == INetProtocol::Macro ||
+ m_eScheme == INetProtocol::Uno ||
+ isSchemeEqualTo(u"vnd.sun.star.script");
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
--------------erAck-patch-parts--

@ -0,0 +1,29 @@
From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 27 Mar 2024 17:07:20 +0000
Subject: [PATCH] add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
index 226caca..bcf67c4 100644
--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
@@ -212,6 +212,9 @@
if( maData.mbValid )
maData.mbValid = !sEventName.isEmpty();
+
+ if (!maData.msMacroName.isEmpty())
+ rImp.NotifyMacroEventRead();
}
css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext(

@ -0,0 +1,79 @@
From 1dec4285bd4c59c23a6a9a56cee9a66ebe0ba6c3 Mon Sep 17 00:00:00 2001
Message-ID: <1dec4285bd4c59c23a6a9a56cee9a66ebe0ba6c3.1723721182.git.erack@redhat.com>
From: Sarper Akdemir <sarper.akdemir@allotropia.de>
Date: Tue, 11 Jun 2024 12:39:36 +0200
Subject: [PATCH] remove ability to trust not validated macro signatures in
high security
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
---
sfx2/source/doc/docmacromode.cxx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 919033cbaf5d..33d546f2920a 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -228,14 +228,18 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
// the trusted macro check will also retrieve the signature state ( small optimization )
const SvtSecurityOptions aSecOption;
const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
- || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState == SignatureState::OK);
+
const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
- SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
if (!bAllowUIToAddAuthor)
--------------erAck-patch-parts--

@ -0,0 +1,100 @@
From 82752ccba78ecdbf94908377ec022f68ba7d9d59 Mon Sep 17 00:00:00 2001
Message-ID: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Sat, 4 Nov 2023 19:57:51 +0000
Subject: [PATCH 1/4] warn about exotic protocols as well
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159881
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159911
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 7.1.8.1
---
sw/source/filter/html/htmlplug.cxx | 2 +-
sw/source/filter/xml/xmltexti.cxx | 2 +-
tools/source/fsys/urlobj.cxx | 3 ++-
xmloff/source/draw/ximpshap.cxx | 2 +-
4 files changed, 5 insertions(+), 4 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-warn-about-exotic-protocols-as-well.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-warn-about-exotic-protocols-as-well.patch"
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
index 1aec184d8a6c..1c1f5f49f13e 100644
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1092,7 +1092,7 @@ void SwHTMLParser::InsertFloatingFrame()
OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 7ec4616f76dd..4bbed6bb8ff8 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -860,7 +860,7 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
OUString sHRef = URIHelper::SmartRel2Abs(
INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
GetXMLImport().NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL",
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 2a9f7bc3d7dc..36a8af31a0fb 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4767,7 +4767,8 @@ bool INetURLObject::IsExoticProtocol() const
return m_eScheme == INetProtocol::Slot ||
m_eScheme == INetProtocol::Macro ||
m_eScheme == INetProtocol::Uno ||
- isSchemeEqualTo(u"vnd.sun.star.script");
+ isSchemeEqualTo(u"vnd.sun.star.script") ||
+ isSchemeEqualTo(u"service");
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index 113f3a3ffc2a..263b4b937608 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -3257,7 +3257,7 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
if( !maHref.isEmpty() )
{
- if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(maHref).IsExoticProtocol())
GetImport().NotifyMacroEventRead();
xProps->setPropertyValue("FrameURL", Any(maHref) );
--------------erAck-patch-parts--

@ -0,0 +1,239 @@
From b74078dd27a8d9e7151bc0466ca231a06f555459 Mon Sep 17 00:00:00 2001
Message-ID: <b74078dd27a8d9e7151bc0466ca231a06f555459.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:26:25 +0000
Subject: [PATCH 2/4] default to ignoring libreoffice special-purpose protocols
in calc hyperlink
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159882
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159912
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 7.1.8.1
---
dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 +-
include/sfx2/docmacromode.hxx | 4 ++-
include/sfx2/objsh.hxx | 3 ++
sc/source/core/data/global.cxx | 33 ++++++++++++++++++-
sfx2/source/doc/docmacromode.cxx | 8 +++--
sfx2/source/doc/objmisc.cxx | 8 ++++-
sfx2/source/doc/objxtor.cxx | 1 +
sfx2/source/inc/objshimp.hxx | 3 +-
8 files changed, 56 insertions(+), 7 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 3e21289dbe9a..e399d5da7067 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1133,7 +1133,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
{
Reference< XInteractionHandler > xInteraction;
xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
- return m_aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasMacros = m_aMacroMode.hasMacros();
+ return m_aMacroMode.checkMacrosOnLoading(xInteraction, false /*HasValidContentSignature*/, bHasMacros);
}
void ODatabaseModelImpl::resetMacroExecutionMode()
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index 7ed42f6a14dd..0acb44cbfbb1 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -261,6 +261,8 @@ namespace sfx2
*/
static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
+ bool hasMacros() const;
+
static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainer );
/** checks the macro execution mode while loading the document.
@@ -288,7 +290,7 @@ namespace sfx2
bool
checkMacrosOnLoading(
const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
- bool bHasValidContentSignature = false
+ bool bHasValidContentSignature, bool bHasMacros
);
private:
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index ef1a0a33e1dc..fde0dba3d7c9 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -433,6 +433,9 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
+ // true if the document had macros (or similar) on load to trigger warning user
+ bool GetHadCheckedMacrosOnLoad() const;
+
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index b0a91cb397d8..92caea1ea459 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -26,7 +26,9 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
+#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
+#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -772,7 +774,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
OUString aUrlName( rURL );
SfxViewFrame* pFrame = nullptr;
- const SfxObjectShell* pObjShell = nullptr;
+ SfxObjectShell* pObjShell = nullptr;
OUString aReferName;
if ( pScActiveViewShell )
{
@@ -806,6 +808,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
+ if (INetURLObject(aUrlName).IsExoticProtocol())
+ {
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ assert(pFrame && "if we have pObjShell we have pFrame");
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ if (!bAllow)
+ {
+ SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
+ return;
+ }
+ }
+
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index bdae350b22f5..d8757c7a505d 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -403,8 +403,12 @@ namespace sfx2
return bHasMacros;
}
+ bool DocumentMacroMode::hasMacros() const
+ {
+ return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
+ }
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool bHasMacros )
{
bool bAllow = false;
if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -414,7 +418,7 @@ namespace sfx2
}
else
{
- if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+ if (bHasMacros)
{
if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
m_bNeedsContentSigned = true;
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 6b86e2163ccb..ddf95eeafe5e 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -944,9 +944,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
// check macro security
const bool bHasValidContentSignature = HasValidSignatures();
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
+ const bool bHasMacros = pImpl->aMacroMode.hasMacros();
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature, bHasMacros );
+ pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
}
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
+{
+ return pImpl->m_bHadCheckedMacrosOnLoad;
+}
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
index c7f34aeadc31..ae6f713251ea 100644
--- a/sfx2/source/doc/objxtor.cxx
+++ b/sfx2/source/doc/objxtor.cxx
@@ -211,6 +211,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
,m_bAllowShareControlFileClean( true )
,m_bConfigOptionsChecked( false )
,m_bMacroCallsSeenWhileLoading( false )
+ ,m_bHadCheckedMacrosOnLoad( false )
,lErr(ERRCODE_NONE)
,nEventId ( SfxEventHintId::NONE )
,nLoadedFlags ( SfxLoadedFlags::ALL )
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
index 192470e5542d..b011b3737d66 100644
--- a/sfx2/source/inc/objshimp.hxx
+++ b/sfx2/source/inc/objshimp.hxx
@@ -90,7 +90,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
- m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
+ m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
+ m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
IndexBitSet aBitSet;
ErrCode lErr;
--------------erAck-patch-parts--

@ -0,0 +1,281 @@
From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 15 Nov 2023 11:39:24 +0000
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
reorg calc hyperlink check to reuse elsewhere
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
reuse AllowedLinkProtocolFromDocument in writer
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
combine these hyperlink dispatchers into one call
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
we can have just one LoadURL for writer
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Eike Rathke <erack@redhat.com>
---
include/sfx2/objsh.hxx | 7 +++--
sc/source/core/data/global.cxx | 32 ++---------------------
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
5 files changed, 60 insertions(+), 52 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index fde0dba3d7c9..79f22c978dcb 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -200,6 +200,9 @@ private:
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
+ // true if the document had macros (or similar) on load to trigger warning user
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
+
protected:
SfxObjectShell(SfxObjectCreateMode);
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
@@ -427,8 +430,8 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
- // true if the document had macros (or similar) on load to trigger warning user
- bool GetHadCheckedMacrosOnLoad() const;
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 92caea1ea459..27c5a51a46c1 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -29,9 +29,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
-#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
-#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (INetURLObject(aUrlName).IsExoticProtocol())
- {
- // Default to ignoring exotic protocols
- bool bAllow = false;
- if (pObjShell)
- {
- // If the document had macros when loaded then follow the allowed macro-mode
- if (pObjShell->GetHadCheckedMacrosOnLoad())
- bAllow = pObjShell->AdjustMacroMode();
- else // otherwise ask the user, defaulting to cancel
- {
- assert(pFrame && "if we have pObjShell we have pFrame");
- //Reuse URITools::onOpenURI warning string
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
- VclMessageType::Warning, VclButtonsType::YesNo,
- SfxResId(STR_DANGEROUS_TO_OPEN)));
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
- xQueryBox->set_default_response(RET_NO);
- bAllow = xQueryBox->run() == RET_YES;
- }
- }
- if (!bAllow)
- {
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
- return;
- }
- }
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index ddf95eeafe5e..8c76c3f0f4d6 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
return pImpl->m_bHadCheckedMacrosOnLoad;
}
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
+{
+ if (!INetURLObject(rUrl).IsExoticProtocol())
+ return true;
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
+ return bAllow;
+}
+
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
OUString aVersion;
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
index c84ee7bd9af4..c51f501841ad 100644
--- a/sw/source/uibase/shells/drwtxtex.cxx
+++ b/sw/source/uibase/shells/drwtxtex.cxx
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
{
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
- SfxBoolItem aBrowsing(SID_BROWSE, true);
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
+ pURLField->GetTargetFrame());
}
}
break;
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 1995e7133c4a..d781823e82ec 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
return bRet;
}
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
- const OUString& rTargetFrameName )
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName)
{
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
- if( rURL.isEmpty() )
- return ;
+ SwDocShell* pDShell = rView.GetDocShell();
+ OSL_ENSURE( pDShell, "No DocShell?!");
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
- // The shell could be 0 also!!!!!
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
// unless we are jumping to a TOC mark.
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
{
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
return;
}
- //A CursorShell is always a WrtShell
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
-
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
- OSL_ENSURE( pDShell, "No DocShell?!");
OUString sTargetFrame(rTargetFrameName);
if (sTargetFrame.isEmpty() && pDShell)
{
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
OUString sReferer;
if( pDShell && pDShell->GetMedium() )
sReferer = pDShell->GetMedium()->GetName();
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
SfxStringItem aName( SID_FILE_NAME, rURL );
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
}
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName )
+{
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
+ if( rURL.isEmpty() )
+ return ;
+
+ // The shell could be 0 also!!!!!
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ return;
+
+ //A CursorShell is always a WrtShell
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
+
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
+}
+
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
const sal_uInt16 nAction )
{
--------------erAck-patch-parts--

@ -0,0 +1,99 @@
From 2b72aefb0ad620b4c5431a87f6493edba2563f27 Mon Sep 17 00:00:00 2001
Message-ID: <2b72aefb0ad620b4c5431a87f6493edba2563f27.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 22 Nov 2023 21:14:41 +0000
Subject: [PATCH 4/4] reuse AllowedLinkProtocolFromDocument in impress/draw
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159914
Reviewed-by: Eike Rathke <erack@redhat.com>
---
sd/source/ui/app/sdmod1.cxx | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index 573ee853069b..b22feb2d1f21 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -33,6 +33,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/request.hxx>
#include <sfx2/templatedlg.hxx>
+#include <svl/stritem.hxx>
#include <editeng/eeitem.hxx>
#include <svx/svxids.hrc>
@@ -192,26 +193,32 @@ void SdModule::Execute(SfxRequest& rReq)
{
bool bIntercept = false;
::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
- if (pDocShell)
+ ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
+ if (pViewShell)
{
- ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
- if (pViewShell)
+ if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
{
- if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
+ // Prevent documents from opening while the slide
+ // show is running, except when this request comes
+ // from a shape interaction.
+ if (rReq.GetArgs() == nullptr)
{
- // Prevent documents from opening while the slide
- // show is running, except when this request comes
- // from a shape interaction.
- if (rReq.GetArgs() == nullptr)
- {
- bIntercept = true;
- }
+ bIntercept = true;
}
}
}
if (!bIntercept)
{
+ if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
+ {
+ if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
+ pViewShell->GetObjectShell(),
+ pViewShell->GetFrameWeld()))
+ {
+ return;
+ }
+ }
SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
}
else
--------------erAck-patch-parts--

@ -0,0 +1,65 @@
From 762ed044e9c696a58e2ab41bd16b57003717a6ce Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Wed, 6 Mar 2024 23:19:34 +0100
Subject: [PATCH] CVE-2023-6186 backporting
Add dialog text string STR_DANGEROUS_TO_OPEN
as per upstream commit 70009098fd70df021048c540d1796c928554b494
SfxViewFrame doesn't have GetFrameWeld() yet, get from Window.
---
include/sfx2/strings.hrc | 1 +
sc/source/core/data/global.cxx | 4 +++-
sw/source/uibase/wrtsh/wrtsh2.cxx | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 317dd88..b1bfa69 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -101,6 +101,7 @@
#define STR_GB NC_("STR_GB", "GB")
#define STR_QUERY_LASTVERSION NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
#define STR_NO_WEBBROWSER_FOUND NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
+#define STR_DANGEROUS_TO_OPEN NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
#define STR_NO_ABS_URI_REF NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" cannot be passed to an external application to open it (e.g., it might not be an absolute URL, or might denote no existing file).")
#define STR_GID_INTERN NC_("STR_GID_INTERN", "Internal")
#define STR_GID_APPLICATION NC_("STR_GID_APPLICATION", "Application")
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index d2f7343..a066985 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -37,6 +37,8 @@
#include <vcl/virdev.hxx>
#include <vcl/settings.hxx>
#include <vcl/svapp.hxx>
+#include <vcl/weld.hxx>
+#include <vcl/window.hxx>
#include <unotools/charclass.hxx>
#include <unotools/securityoptions.hxx>
#include <osl/diagnose.h>
@@ -806,7 +808,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetWindow().GetFrameWeld() : nullptr))
return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index c91a8f3..7908814 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -483,7 +483,7 @@ static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
OSL_ENSURE( pDShell, "No DocShell?!");
SfxViewFrame* pViewFrame = rView.GetViewFrame();
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetWindow().GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
--
2.43.0

@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice Name: libreoffice
Epoch: 1 Epoch: 1
Version: %{libo_version}.1 Version: %{libo_version}.1
Release: 11%{?libo_prerelease}%{?dist} Release: 14%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/ URL: http://www.libreoffice.org/
@ -289,6 +289,15 @@ Patch33: 0001-set-Referer-on-loading-IFrames.patch
Patch34: 0002-put-floating-frames-under-managed-links-control.patch Patch34: 0002-put-floating-frames-under-managed-links-control.patch
Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
Patch36: 0001-disable-script-dump.patch Patch36: 0001-disable-script-dump.patch
Patch37: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Patch38: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
Patch39: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot.patch
Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Patch43: 0006-CVE-2023-6186-backporting.patch
Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch
Patch45: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
# not upstreamed # not upstreamed
Patch500: 0001-disable-libe-book-support.patch Patch500: 0001-disable-libe-book-support.patch
@ -1042,6 +1051,10 @@ git commit -q -a -m 'add Red Hat colors to palette'
# apply patches # apply patches
%autopatch -M 99 %autopatch -M 99
%if 0%{?rhel} %if 0%{?rhel}
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
# From https://src.fedoraproject.org/rpms/python3.9/pull-request/60
# Make at least a local rhpkg prep on Fedora work..
%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
%apply_patch -q %{PATCH500} %apply_patch -q %{PATCH500}
%endif %endif
@ -1060,6 +1073,9 @@ sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
%endif %endif
# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
git commit -q -a -m 'temporarily disable failing tests' git commit -q -a -m 'temporarily disable failing tests'
@ -2285,8 +2301,16 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
%{_includedir}/LibreOfficeKit %{_includedir}/LibreOfficeKit
%changelog %changelog
* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:7.1.8.1-11 * Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-14
- Rebuilt for MSVSphere 9.3 beta - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
high security
* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-13
- Fix CVE-2024-3044 add notify for script use
* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
- Fix CVE-2023-6185 escape url passed to gstreamer
- Fix CVE-2023-6186 check link target protocols
* Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11 * Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
- Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula

Loading…
Cancel
Save