libreoffice/SOURCES/0003-assume-IFrame-script-macro-support-isn-t-needed.patch
eabdullin 50fd5124e0 - escape url passed to gstreamer
- add some protocols that don't make sense as floating frame
 targets
- warn about exotic protocols as well
- default to ignoring libreoffice special-purpose protocols
 in calc hyperlink
- reuse AllowedLinkProtocolFromDocument in writer
- reuse AllowedLinkProtocolFromDocument in impress/draw
- CVE-2023-6186 backporting
2024-03-29 14:27:04 +03:00

55 lines
2.2 KiB
Diff

From eaa66eec69ec311b73521c6ce410a749c810298f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 20 Apr 2023 20:58:21 +0100
Subject: [PATCH 3/3] assume IFrame script/macro support isn't needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
seems undocumented at least
Change-Id: I316e4f4f25ddb7cf6b7bac4d856a721b987207a3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151020
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152150
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 4b679f8e16bc050bc0cc9fa9294413c8115ed239)
---
sfx2/source/doc/iframe.cxx | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index fce6cb48ea08f..84d724f7c58f3 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -168,20 +168,16 @@ sal_Bool SAL_CALL IFrameObject::load(
uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
xTrans->parseStrict( aTargetURL );
+ INetURLObject aURLObject(aTargetURL.Complete);
+ if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ return false;
+
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
- if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
- {
- if (pDoc && !pDoc->AdjustMacroMode())
- return false;
- }
-
bool bUpdateAllowed(true);
if (pDoc)
{
- // perhaps should only check for file targets, but lets default to making it strong
- // unless there is a known need to distinguish
comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer();
bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate();
}
--
2.41.0