b362cd0892
- add some protocols that don't make sense as floating frame targets - warn about exotic protocols as well - default to ignoring libreoffice special-purpose protocols in calc hyperlink - reuse AllowedLinkProtocolFromDocument in writer - reuse AllowedLinkProtocolFromDocument in impress/draw - CVE-2023-6186 backporting
240 lines
11 KiB
Diff
240 lines
11 KiB
Diff
From b74078dd27a8d9e7151bc0466ca231a06f555459 Mon Sep 17 00:00:00 2001
|
|
Message-ID: <b74078dd27a8d9e7151bc0466ca231a06f555459.1703086328.git.erack@redhat.com>
|
|
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
|
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
|
Date: Fri, 3 Nov 2023 17:26:25 +0000
|
|
Subject: [PATCH 2/4] default to ignoring libreoffice special-purpose protocols
|
|
in calc hyperlink
|
|
MIME-Version: 1.0
|
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
|
|
|
This is a multi-part message in MIME format.
|
|
--------------erAck-patch-parts
|
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
|
|
Tested-by: Jenkins
|
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
|
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159882
|
|
Tested-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159912
|
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
erAck: backported to 7.1.8.1
|
|
|
|
---
|
|
dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 +-
|
|
include/sfx2/docmacromode.hxx | 4 ++-
|
|
include/sfx2/objsh.hxx | 3 ++
|
|
sc/source/core/data/global.cxx | 33 ++++++++++++++++++-
|
|
sfx2/source/doc/docmacromode.cxx | 8 +++--
|
|
sfx2/source/doc/objmisc.cxx | 8 ++++-
|
|
sfx2/source/doc/objxtor.cxx | 1 +
|
|
sfx2/source/inc/objshimp.hxx | 3 +-
|
|
8 files changed, 56 insertions(+), 7 deletions(-)
|
|
|
|
|
|
--------------erAck-patch-parts
|
|
Content-Type: text/x-patch; name="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
|
|
Content-Transfer-Encoding: 8bit
|
|
Content-Disposition: attachment; filename="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
|
|
|
|
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
|
index 3e21289dbe9a..e399d5da7067 100644
|
|
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
|
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
|
@@ -1133,7 +1133,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
|
|
{
|
|
Reference< XInteractionHandler > xInteraction;
|
|
xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
|
|
- return m_aMacroMode.checkMacrosOnLoading( xInteraction );
|
|
+ const bool bHasMacros = m_aMacroMode.hasMacros();
|
|
+ return m_aMacroMode.checkMacrosOnLoading(xInteraction, false /*HasValidContentSignature*/, bHasMacros);
|
|
}
|
|
|
|
void ODatabaseModelImpl::resetMacroExecutionMode()
|
|
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
|
|
index 7ed42f6a14dd..0acb44cbfbb1 100644
|
|
--- a/include/sfx2/docmacromode.hxx
|
|
+++ b/include/sfx2/docmacromode.hxx
|
|
@@ -261,6 +261,8 @@ namespace sfx2
|
|
*/
|
|
static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
|
|
|
|
+ bool hasMacros() const;
|
|
+
|
|
static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainer );
|
|
/** checks the macro execution mode while loading the document.
|
|
|
|
@@ -288,7 +290,7 @@ namespace sfx2
|
|
bool
|
|
checkMacrosOnLoading(
|
|
const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
|
|
- bool bHasValidContentSignature = false
|
|
+ bool bHasValidContentSignature, bool bHasMacros
|
|
);
|
|
|
|
private:
|
|
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
|
|
index ef1a0a33e1dc..fde0dba3d7c9 100644
|
|
--- a/include/sfx2/objsh.hxx
|
|
+++ b/include/sfx2/objsh.hxx
|
|
@@ -433,6 +433,9 @@ public:
|
|
void SetMacroCallsSeenWhileLoading();
|
|
bool GetMacroCallsSeenWhileLoading() const;
|
|
|
|
+ // true if the document had macros (or similar) on load to trigger warning user
|
|
+ bool GetHadCheckedMacrosOnLoad() const;
|
|
+
|
|
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
|
|
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
|
|
|
|
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
|
|
index b0a91cb397d8..92caea1ea459 100644
|
|
--- a/sc/source/core/data/global.cxx
|
|
+++ b/sc/source/core/data/global.cxx
|
|
@@ -26,7 +26,9 @@
|
|
#include <sfx2/docfile.hxx>
|
|
#include <sfx2/dispatch.hxx>
|
|
#include <sfx2/objsh.hxx>
|
|
+#include <sfx2/sfxresid.hxx>
|
|
#include <sfx2/sfxsids.hrc>
|
|
+#include <sfx2/strings.hrc>
|
|
#include <sfx2/viewfrm.hxx>
|
|
#include <sfx2/viewsh.hxx>
|
|
#include <svl/intitem.hxx>
|
|
@@ -772,7 +774,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
|
|
|
OUString aUrlName( rURL );
|
|
SfxViewFrame* pFrame = nullptr;
|
|
- const SfxObjectShell* pObjShell = nullptr;
|
|
+ SfxObjectShell* pObjShell = nullptr;
|
|
OUString aReferName;
|
|
if ( pScActiveViewShell )
|
|
{
|
|
@@ -806,6 +808,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
|
aUrlName = aNewUrlName;
|
|
}
|
|
|
|
+ if (INetURLObject(aUrlName).IsExoticProtocol())
|
|
+ {
|
|
+ // Default to ignoring exotic protocols
|
|
+ bool bAllow = false;
|
|
+ if (pObjShell)
|
|
+ {
|
|
+ // If the document had macros when loaded then follow the allowed macro-mode
|
|
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
|
|
+ bAllow = pObjShell->AdjustMacroMode();
|
|
+ else // otherwise ask the user, defaulting to cancel
|
|
+ {
|
|
+ assert(pFrame && "if we have pObjShell we have pFrame");
|
|
+ //Reuse URITools::onOpenURI warning string
|
|
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
|
|
+ VclMessageType::Warning, VclButtonsType::YesNo,
|
|
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
|
|
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
|
+ INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
|
|
+ xQueryBox->set_default_response(RET_NO);
|
|
+ bAllow = xQueryBox->run() == RET_YES;
|
|
+ }
|
|
+ }
|
|
+ if (!bAllow)
|
|
+ {
|
|
+ SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
|
|
+ return;
|
|
+ }
|
|
+ }
|
|
+
|
|
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
|
|
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
|
|
if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window
|
|
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
|
|
index bdae350b22f5..d8757c7a505d 100644
|
|
--- a/sfx2/source/doc/docmacromode.cxx
|
|
+++ b/sfx2/source/doc/docmacromode.cxx
|
|
@@ -403,8 +403,12 @@ namespace sfx2
|
|
return bHasMacros;
|
|
}
|
|
|
|
+ bool DocumentMacroMode::hasMacros() const
|
|
+ {
|
|
+ return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
|
|
+ }
|
|
|
|
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
|
|
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool bHasMacros )
|
|
{
|
|
bool bAllow = false;
|
|
if ( SvtSecurityOptions().IsMacroDisabled() )
|
|
@@ -414,7 +418,7 @@ namespace sfx2
|
|
}
|
|
else
|
|
{
|
|
- if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
|
|
+ if (bHasMacros)
|
|
{
|
|
if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
|
|
m_bNeedsContentSigned = true;
|
|
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
|
|
index 6b86e2163ccb..ddf95eeafe5e 100644
|
|
--- a/sfx2/source/doc/objmisc.cxx
|
|
+++ b/sfx2/source/doc/objmisc.cxx
|
|
@@ -944,9 +944,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
|
|
|
|
// check macro security
|
|
const bool bHasValidContentSignature = HasValidSignatures();
|
|
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
|
|
+ const bool bHasMacros = pImpl->aMacroMode.hasMacros();
|
|
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature, bHasMacros );
|
|
+ pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
|
|
}
|
|
|
|
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
|
|
+{
|
|
+ return pImpl->m_bHadCheckedMacrosOnLoad;
|
|
+}
|
|
|
|
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
|
|
{
|
|
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
|
|
index c7f34aeadc31..ae6f713251ea 100644
|
|
--- a/sfx2/source/doc/objxtor.cxx
|
|
+++ b/sfx2/source/doc/objxtor.cxx
|
|
@@ -211,6 +211,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
|
|
,m_bAllowShareControlFileClean( true )
|
|
,m_bConfigOptionsChecked( false )
|
|
,m_bMacroCallsSeenWhileLoading( false )
|
|
+ ,m_bHadCheckedMacrosOnLoad( false )
|
|
,lErr(ERRCODE_NONE)
|
|
,nEventId ( SfxEventHintId::NONE )
|
|
,nLoadedFlags ( SfxLoadedFlags::ALL )
|
|
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
|
|
index 192470e5542d..b011b3737d66 100644
|
|
--- a/sfx2/source/inc/objshimp.hxx
|
|
+++ b/sfx2/source/inc/objshimp.hxx
|
|
@@ -90,7 +90,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
|
|
m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
|
|
m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
|
|
m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
|
|
- m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
|
|
+ m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
|
|
+ m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
|
|
|
|
IndexBitSet aBitSet;
|
|
ErrCode lErr;
|
|
|
|
--------------erAck-patch-parts--
|
|
|
|
|