b362cd0892
- add some protocols that don't make sense as floating frame targets - warn about exotic protocols as well - default to ignoring libreoffice special-purpose protocols in calc hyperlink - reuse AllowedLinkProtocolFromDocument in writer - reuse AllowedLinkProtocolFromDocument in impress/draw - CVE-2023-6186 backporting
282 lines
13 KiB
Diff
282 lines
13 KiB
Diff
From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
|
|
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
|
|
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
|
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
|
Date: Wed, 15 Nov 2023 11:39:24 +0000
|
|
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
|
|
MIME-Version: 1.0
|
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
|
|
|
This is a multi-part message in MIME format.
|
|
--------------erAck-patch-parts
|
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
reorg calc hyperlink check to reuse elsewhere
|
|
|
|
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
|
|
Tested-by: Jenkins
|
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
|
|
|
|
reuse AllowedLinkProtocolFromDocument in writer
|
|
|
|
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
|
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
|
|
|
|
combine these hyperlink dispatchers into one call
|
|
|
|
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
|
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
|
|
|
|
we can have just one LoadURL for writer
|
|
|
|
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
|
|
Tested-by: Jenkins
|
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
|
|
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
|
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
|
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
|
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
|
---
|
|
include/sfx2/objsh.hxx | 7 +++--
|
|
sc/source/core/data/global.cxx | 32 ++---------------------
|
|
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
|
|
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
|
|
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
|
|
5 files changed, 60 insertions(+), 52 deletions(-)
|
|
|
|
|
|
--------------erAck-patch-parts
|
|
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
|
|
Content-Transfer-Encoding: 8bit
|
|
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
|
|
|
|
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
|
|
index fde0dba3d7c9..79f22c978dcb 100644
|
|
--- a/include/sfx2/objsh.hxx
|
|
+++ b/include/sfx2/objsh.hxx
|
|
@@ -200,6 +200,9 @@ private:
|
|
|
|
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
|
|
|
|
+ // true if the document had macros (or similar) on load to trigger warning user
|
|
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
|
|
+
|
|
protected:
|
|
SfxObjectShell(SfxObjectCreateMode);
|
|
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
|
|
@@ -427,8 +430,8 @@ public:
|
|
void SetMacroCallsSeenWhileLoading();
|
|
bool GetMacroCallsSeenWhileLoading() const;
|
|
|
|
- // true if the document had macros (or similar) on load to trigger warning user
|
|
- bool GetHadCheckedMacrosOnLoad() const;
|
|
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
|
|
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
|
|
|
|
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
|
|
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
|
|
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
|
|
index 92caea1ea459..27c5a51a46c1 100644
|
|
--- a/sc/source/core/data/global.cxx
|
|
+++ b/sc/source/core/data/global.cxx
|
|
@@ -29,9 +29,7 @@
|
|
#include <sfx2/docfile.hxx>
|
|
#include <sfx2/dispatch.hxx>
|
|
#include <sfx2/objsh.hxx>
|
|
-#include <sfx2/sfxresid.hxx>
|
|
#include <sfx2/sfxsids.hrc>
|
|
-#include <sfx2/strings.hrc>
|
|
#include <sfx2/viewfrm.hxx>
|
|
#include <sfx2/viewsh.hxx>
|
|
#include <svl/intitem.hxx>
|
|
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
|
aUrlName = aNewUrlName;
|
|
}
|
|
|
|
- if (INetURLObject(aUrlName).IsExoticProtocol())
|
|
- {
|
|
- // Default to ignoring exotic protocols
|
|
- bool bAllow = false;
|
|
- if (pObjShell)
|
|
- {
|
|
- // If the document had macros when loaded then follow the allowed macro-mode
|
|
- if (pObjShell->GetHadCheckedMacrosOnLoad())
|
|
- bAllow = pObjShell->AdjustMacroMode();
|
|
- else // otherwise ask the user, defaulting to cancel
|
|
- {
|
|
- assert(pFrame && "if we have pObjShell we have pFrame");
|
|
- //Reuse URITools::onOpenURI warning string
|
|
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
|
|
- VclMessageType::Warning, VclButtonsType::YesNo,
|
|
- SfxResId(STR_DANGEROUS_TO_OPEN)));
|
|
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
|
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
|
|
- xQueryBox->set_default_response(RET_NO);
|
|
- bAllow = xQueryBox->run() == RET_YES;
|
|
- }
|
|
- }
|
|
- if (!bAllow)
|
|
- {
|
|
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
|
|
- return;
|
|
- }
|
|
- }
|
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
|
|
+ return;
|
|
|
|
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
|
|
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
|
|
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
|
|
index ddf95eeafe5e..8c76c3f0f4d6 100644
|
|
--- a/sfx2/source/doc/objmisc.cxx
|
|
+++ b/sfx2/source/doc/objmisc.cxx
|
|
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
|
|
return pImpl->m_bHadCheckedMacrosOnLoad;
|
|
}
|
|
|
|
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
|
|
+{
|
|
+ if (!INetURLObject(rUrl).IsExoticProtocol())
|
|
+ return true;
|
|
+ // Default to ignoring exotic protocols
|
|
+ bool bAllow = false;
|
|
+ if (pObjShell)
|
|
+ {
|
|
+ // If the document had macros when loaded then follow the allowed macro-mode
|
|
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
|
|
+ bAllow = pObjShell->AdjustMacroMode();
|
|
+ else // otherwise ask the user, defaulting to cancel
|
|
+ {
|
|
+ //Reuse URITools::onOpenURI warning string
|
|
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
|
|
+ VclMessageType::Warning, VclButtonsType::YesNo,
|
|
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
|
|
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
|
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
|
|
+ xQueryBox->set_default_response(RET_NO);
|
|
+ bAllow = xQueryBox->run() == RET_YES;
|
|
+ }
|
|
+ }
|
|
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
|
|
+ return bAllow;
|
|
+}
|
|
+
|
|
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
|
|
{
|
|
OUString aVersion;
|
|
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
|
|
index c84ee7bd9af4..c51f501841ad 100644
|
|
--- a/sw/source/uibase/shells/drwtxtex.cxx
|
|
+++ b/sw/source/uibase/shells/drwtxtex.cxx
|
|
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
|
|
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
|
|
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
|
|
{
|
|
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
|
|
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
|
|
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
|
|
- SfxBoolItem aBrowsing(SID_BROWSE, true);
|
|
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
|
|
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
|
|
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
|
|
+ pURLField->GetTargetFrame());
|
|
}
|
|
}
|
|
break;
|
|
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
|
index 1995e7133c4a..d781823e82ec 100644
|
|
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
|
|
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
|
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
|
|
return bRet;
|
|
}
|
|
|
|
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
|
- const OUString& rTargetFrameName )
|
|
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
|
|
+ const OUString& rTargetFrameName)
|
|
{
|
|
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
|
|
- if( rURL.isEmpty() )
|
|
- return ;
|
|
+ SwDocShell* pDShell = rView.GetDocShell();
|
|
+ OSL_ENSURE( pDShell, "No DocShell?!");
|
|
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
|
|
|
|
- // The shell could be 0 also!!!!!
|
|
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
|
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
|
|
return;
|
|
|
|
// We are doing tiledRendering, let the client handles the URL loading,
|
|
// unless we are jumping to a TOC mark.
|
|
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
|
|
{
|
|
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
|
|
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
|
|
return;
|
|
}
|
|
|
|
- //A CursorShell is always a WrtShell
|
|
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
|
|
-
|
|
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
|
|
- OSL_ENSURE( pDShell, "No DocShell?!");
|
|
OUString sTargetFrame(rTargetFrameName);
|
|
if (sTargetFrame.isEmpty() && pDShell)
|
|
{
|
|
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
|
OUString sReferer;
|
|
if( pDShell && pDShell->GetMedium() )
|
|
sReferer = pDShell->GetMedium()->GetName();
|
|
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
|
|
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
|
|
SfxStringItem aName( SID_FILE_NAME, rURL );
|
|
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
|
|
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
|
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
|
|
}
|
|
|
|
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
|
+ const OUString& rTargetFrameName )
|
|
+{
|
|
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
|
|
+ if( rURL.isEmpty() )
|
|
+ return ;
|
|
+
|
|
+ // The shell could be 0 also!!!!!
|
|
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
|
|
+ return;
|
|
+
|
|
+ //A CursorShell is always a WrtShell
|
|
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
|
|
+
|
|
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
|
|
+}
|
|
+
|
|
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
|
|
const sal_uInt16 nAction )
|
|
{
|
|
|
|
--------------erAck-patch-parts--
|
|
|
|
|