From 762ed044e9c696a58e2ab41bd16b57003717a6ce Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Wed, 6 Mar 2024 23:19:34 +0100
Subject: [PATCH] CVE-2023-6186 backporting

Add dialog text string STR_DANGEROUS_TO_OPEN
as per upstream commit 70009098fd70df021048c540d1796c928554b494

SfxViewFrame doesn't have GetFrameWeld() yet, get from Window.
---
 include/sfx2/strings.hrc          | 1 +
 sc/source/core/data/global.cxx    | 4 +++-
 sw/source/uibase/wrtsh/wrtsh2.cxx | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 317dd88..b1bfa69 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -101,6 +101,7 @@
 #define STR_GB                                  NC_("STR_GB", "GB")
 #define STR_QUERY_LASTVERSION                   NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
 #define STR_NO_WEBBROWSER_FOUND                 NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
+#define STR_DANGEROUS_TO_OPEN                   NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
 #define STR_NO_ABS_URI_REF                      NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" cannot be passed to an external application to open it (e.g., it might not be an absolute URL, or might denote no existing file).")
 #define STR_GID_INTERN                          NC_("STR_GID_INTERN", "Internal")
 #define STR_GID_APPLICATION                     NC_("STR_GID_APPLICATION", "Application")
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index d2f7343..a066985 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -37,6 +37,8 @@
 #include <vcl/virdev.hxx>
 #include <vcl/settings.hxx>
 #include <vcl/svapp.hxx>
+#include <vcl/weld.hxx>
+#include <vcl/window.hxx>
 #include <unotools/charclass.hxx>
 #include <unotools/securityoptions.hxx>
 #include <osl/diagnose.h>
@@ -806,7 +808,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
             aUrlName = aNewUrlName;
     }
 
-    if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+    if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetWindow().GetFrameWeld() : nullptr))
         return;
 
     SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index c91a8f3..7908814 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -483,7 +483,7 @@ static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
     OSL_ENSURE( pDShell, "No DocShell?!");
     SfxViewFrame* pViewFrame = rView.GetViewFrame();
 
-    if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
+    if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetWindow().GetFrameWeld()))
         return;
 
     // We are doing tiledRendering, let the client handles the URL loading,
-- 
2.43.0