Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libreoffice
CVE-2023-6186-4.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-6186-4.patch of Package libreoffice
From 413293bace52d64e6e13d004bec794da4d0f576b Mon Sep 17 00:00:00 2001 From: Caolán McNamara <caolan.mcnamara@collabora.com> Date: Wed, 15 Nov 2023 11:39:24 +0000 Subject: [PATCH] reuse AllowedLinkProtocolFromDocument in writer reorg calc hyperlink check to reuse elsewhere Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> (cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75) reuse AllowedLinkProtocolFromDocument in writer Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488 Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> (cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d) combine these hyperlink dispatchers into one call Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489 Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> (cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb) we can have just one LoadURL for writer Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> (cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159852 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com> --- diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index bd3e25e..f58d362 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -202,6 +202,9 @@ SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet ); + // true if the document had macros (or similar) on load to trigger warning user + SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const; + protected: SfxObjectShell(SfxObjectCreateMode); SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx @@ -429,8 +432,8 @@ void SetMacroCallsSeenWhileLoading(); bool GetMacroCallsSeenWhileLoading() const; - // true if the document had macros (or similar) on load to trigger warning user - bool GetHadCheckedMacrosOnLoad() const; + // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc + static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent); const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const; bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo ); diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx index e949007..18fe503 100644 --- a/sc/source/core/data/global.cxx +++ b/sc/source/core/data/global.cxx @@ -29,9 +29,7 @@ #include <sfx2/docfile.hxx> #include <sfx2/dispatch.hxx> #include <sfx2/objsh.hxx> -#include <sfx2/sfxresid.hxx> #include <sfx2/sfxsids.hrc> -#include <sfx2/strings.hrc> #include <sfx2/viewfrm.hxx> #include <sfx2/viewsh.hxx> #include <svl/intitem.hxx> @@ -858,34 +856,8 @@ aUrlName = aNewUrlName; } - if (INetURLObject(aUrlName).IsExoticProtocol()) - { - // Default to ignoring exotic protocols - bool bAllow = false; - if (pObjShell) - { - // If the document had macros when loaded then follow the allowed macro-mode - if (pObjShell->GetHadCheckedMacrosOnLoad()) - bAllow = pObjShell->AdjustMacroMode(); - else // otherwise ask the user, defaulting to cancel - { - assert(pFrame && "if we have pObjShell we have pFrame"); - //Reuse URITools::onOpenURI warning string - std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(), - VclMessageType::Warning, VclButtonsType::YesNo, - SfxResId(STR_DANGEROUS_TO_OPEN))); - xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)", - INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous))); - xQueryBox->set_default_response(RET_NO); - bAllow = xQueryBox->run() == RET_YES; - } - } - if (!bAllow) - { - SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName); - return; - } - } + if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr)) + return; SfxStringItem aUrl( SID_FILE_NAME, aUrlName ); SfxStringItem aTarget( SID_TARGETNAME, rTarget ); diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 12a453d..11deb52 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -967,6 +967,33 @@ return pImpl->m_bHadCheckedMacrosOnLoad; } +bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent) +{ + if (!INetURLObject(rUrl).IsExoticProtocol()) + return true; + // Default to ignoring exotic protocols + bool bAllow = false; + if (pObjShell) + { + // If the document had macros when loaded then follow the allowed macro-mode + if (pObjShell->GetHadCheckedMacrosOnLoad()) + bAllow = pObjShell->AdjustMacroMode(); + else // otherwise ask the user, defaulting to cancel + { + //Reuse URITools::onOpenURI warning string + std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent, + VclMessageType::Warning, VclButtonsType::YesNo, + SfxResId(STR_DANGEROUS_TO_OPEN))); + xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)", + INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous))); + xQueryBox->set_default_response(RET_NO); + bAllow = xQueryBox->run() == RET_YES; + } + } + SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl); + return bAllow; +} + void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler ) { OUString aVersion; diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx index 44ad4bd..7491442 100644 --- a/sw/source/uibase/shells/drwtxtex.cxx +++ b/sw/source/uibase/shells/drwtxtex.cxx @@ -497,12 +497,8 @@ const SvxFieldData* pField = pOLV->GetFieldAtCursor(); if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField)) { - SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL()); - SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame()); - SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false); - SfxBoolItem aBrowsing(SID_BROWSE, true); - GetView().GetViewFrame().GetDispatcher()->ExecuteList( - SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing }); + ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE, + pURLField->GetTargetFrame()); } } break; diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx index f488130..378d828 100644 --- a/sw/source/uibase/wrtsh/wrtsh2.cxx +++ b/sw/source/uibase/wrtsh/wrtsh2.cxx @@ -552,30 +552,24 @@ return bRet; } -void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter, - const OUString& rTargetFrameName ) +static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter, + const OUString& rTargetFrameName) { - OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" ); - if( rURL.isEmpty() ) - return ; + SwDocShell* pDShell = rView.GetDocShell(); + OSL_ENSURE( pDShell, "No DocShell?!"); + SfxViewFrame& rViewFrame = rView.GetViewFrame(); - // The shell could be 0 also!!!!! - if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr ) + if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, rViewFrame.GetFrameWeld())) return; // We are doing tiledRendering, let the client handles the URL loading, // unless we are jumping to a TOC mark. if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#")) { - rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8()); + rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8()); return; } - //A CursorShell is always a WrtShell - SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh); - - SwDocShell* pDShell = rSh.GetView().GetDocShell(); - OSL_ENSURE( pDShell, "No DocShell?!"); OUString sTargetFrame(rTargetFrameName); if (sTargetFrame.isEmpty() && pDShell) { @@ -590,7 +584,6 @@ OUString sReferer; if( pDShell && pDShell->GetMedium() ) sReferer = pDShell->GetMedium()->GetName(); - SfxViewFrame& rViewFrame = rSh.GetView().GetViewFrame(); SfxFrameItem aView( SID_DOCFRAME, &rViewFrame ); SfxStringItem aName( SID_FILE_NAME, rURL ); SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame ); @@ -616,6 +609,23 @@ SfxCallMode::ASYNCHRON|SfxCallMode::RECORD ); } +void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter, + const OUString& rTargetFrameName ) +{ + OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" ); + if( rURL.isEmpty() ) + return ; + + // The shell could be 0 also!!!!! + if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr ) + return; + + //A CursorShell is always a WrtShell + SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh); + + ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName); +} + void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk, const sal_uInt16 nAction ) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
