libreoffice/SOURCES/0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Eduard Abdullin de2f892bad - escape url passed to gstreamer
- add some protocols that don't make sense as floating frame
 targets
- warn about exotic protocols as well
- default to ignoring libreoffice special-purpose protocols
 in calc hyperlink
- reuse AllowedLinkProtocolFromDocument in writer
- reuse AllowedLinkProtocolFromDocument in impress/draw
- CVE-2023-6186 backporting
2024-03-21 16:58:12 +03:00

100 lines
4.3 KiB
Diff

From 2b72aefb0ad620b4c5431a87f6493edba2563f27 Mon Sep 17 00:00:00 2001
Message-ID: <2b72aefb0ad620b4c5431a87f6493edba2563f27.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 22 Nov 2023 21:14:41 +0000
Subject: [PATCH 4/4] reuse AllowedLinkProtocolFromDocument in impress/draw
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159914
Reviewed-by: Eike Rathke <erack@redhat.com>
---
sd/source/ui/app/sdmod1.cxx | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index 573ee853069b..b22feb2d1f21 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -33,6 +33,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/request.hxx>
#include <sfx2/templatedlg.hxx>
+#include <svl/stritem.hxx>
#include <editeng/eeitem.hxx>
#include <svx/svxids.hrc>
@@ -192,26 +193,32 @@ void SdModule::Execute(SfxRequest& rReq)
{
bool bIntercept = false;
::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
- if (pDocShell)
+ ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
+ if (pViewShell)
{
- ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
- if (pViewShell)
+ if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
{
- if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
+ // Prevent documents from opening while the slide
+ // show is running, except when this request comes
+ // from a shape interaction.
+ if (rReq.GetArgs() == nullptr)
{
- // Prevent documents from opening while the slide
- // show is running, except when this request comes
- // from a shape interaction.
- if (rReq.GetArgs() == nullptr)
- {
- bIntercept = true;
- }
+ bIntercept = true;
}
}
}
if (!bIntercept)
{
+ if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
+ {
+ if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
+ pViewShell->GetObjectShell(),
+ pViewShell->GetFrameWeld()))
+ {
+ return;
+ }
+ }
SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
}
else
--------------erAck-patch-parts--