add referer to ole objects

so we can identify what document is requesting their contents extends: commit 5668e73beb30b95abc6520b7432c54972ca3ab2c Date: Wed Nov 20 14:43:45 2013 +0100 avmedia: Implement "block untrusted referer links" feature See f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db "rhbz#887420 Implement 'block untrusted referer links' feature" for details. This adds some further /*TODO?*/ comments, and one known problem (marked /*TODO!*/) is that movies/sounds are not blocked during a slideshow presentation. to these objects too, namely OLE2Shape and derivatives AppletShape, FrameShape and PluginShape so in paranoid mode we won't load the contents of such objects from documents considered "untrusted". Conflicts: include/svx/unoshape.hxx reportdesign/source/core/sdr/ReportDrawPage.cxx svx/source/unodraw/shapeimpl.hxx svx/source/unodraw/unopage.cxx svx/source/unodraw/unoshap4.cxx xmloff/source/draw/ximpshap.cxx Change-Id: I6d988035d0cd09fd3fade5f6885fe336c95579ab Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156598 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com> (cherry picked from commit 125cf1525361c6cd699574f60b4cf12868188568)
author: Caolán McNamara <caolan.mcnamara@collabora.com> 2023-09-06 10:05:23 +0100
committer: Thorsten Behrens <thorsten.behrens@allotropia.de> 2023-12-06 00:56:52 +0100
commit: 3e533861d7613cefc05b6be92ef19d53a2a82e64 (patch)
tree: 8aa28921c0a4a8c0ea6f7f9a971ca5b0abf78dff
parent: a0a1d909043e0b508804eaa3dbe608925f1c702a (diff)
7 files changed, 45 insertions, 30 deletions
diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx
index 712552a55281..4b5c78b26cfa 100644
--- a/include/svx/unoshape.hxx
+++ b/include/svx/unoshape.hxx
@@ -581,6 +581,8 @@ public:
 // #i118485# changed parent to SvxShapeText to allow Text handling over UNO API
 class SVX_DLLPUBLIC SvxOle2Shape : public SvxShapeText
 {
+private:
+    OUString referer_;
 protected:
     // override these for special property handling in subcasses. Return true if property is handled
     virtual bool setPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, const css::uno::Any& rValue ) override;
@@ -590,8 +592,8 @@ protected:
 
     SvGlobalName GetClassName_Impl(OUString& rHexCLSID);
 public:
-    SvxOle2Shape(SdrObject* pObj);
-    SvxOle2Shape(SdrObject* pObject, const SfxItemPropertyMapEntry* pPropertyMap, const SvxItemPropertySet* pPropertySet);
+    SvxOle2Shape(SdrObject* pObj, OUString referer);
+    SvxOle2Shape(SdrObject* pObject, OUString referer, const SfxItemPropertyMapEntry* pPropertyMap, const SvxItemPropertySet* pPropertySet);
     virtual ~SvxOle2Shape() throw() override;
 
     bool createObject( const SvGlobalName &aClassName );
diff --git a/reportdesign/source/core/sdr/ReportDrawPage.cxx b/reportdesign/source/core/sdr/ReportDrawPage.cxx
index 00027a557a7b..06a088296798 100644
--- a/reportdesign/source/core/sdr/ReportDrawPage.cxx
+++ b/reportdesign/source/core/sdr/ReportDrawPage.cxx
@@ -128,7 +128,7 @@ uno::Reference< drawing::XShape >  OReportDrawPage::CreateShape( SdrObject *pObj
                 awt::Size aSz( aTmp.Width(), aTmp.Height() );
                 xObj->setVisualAreaSize( nAspect, aSz );
             }
-            SvxOle2Shape* pShape = new SvxOle2Shape( pObj );
+            SvxOle2Shape* pShape = new SvxOle2Shape( pObj, "" /*TODO?*/ );
             xShape.set(*pShape,uno::UNO_QUERY);
             pShape->setShapeKind(pObj->GetObjIdentifier());
         }
diff --git a/svx/source/unodraw/shapeimpl.hxx b/svx/source/unodraw/shapeimpl.hxx
index 4381094d380a..78aa366b4d88 100644
--- a/svx/source/unodraw/shapeimpl.hxx
+++ b/svx/source/unodraw/shapeimpl.hxx
@@ -36,7 +36,7 @@ protected:
     virtual bool getPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, css::uno::Any& rValue ) override;
 
 public:
-    explicit SvxPluginShape(SdrObject* pObj);
+    explicit SvxPluginShape(SdrObject* pObj, OUString referer);
     virtual ~SvxPluginShape() throw() override;
 
     virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName, const css::uno::Any& aValue ) override;
@@ -46,6 +46,7 @@ public:
 
     virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override;
 };
+
 class SvxAppletShape : public SvxOle2Shape
 {
 protected:
@@ -54,7 +55,7 @@ protected:
     virtual bool getPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, css::uno::Any& rValue ) override;
 
 public:
-    explicit SvxAppletShape(SdrObject* pObj);
+    explicit SvxAppletShape(SdrObject* pObj, OUString referer);
     virtual ~SvxAppletShape() throw() override;
 
     virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName, const css::uno::Any& aValue ) override;
@@ -76,7 +77,7 @@ protected:
         css::uno::Any& rValue) override;
 
 public:
-    explicit SvxFrameShape(SdrObject* pObj);
+    explicit SvxFrameShape(SdrObject* pObj, OUString referer);
     virtual ~SvxFrameShape() throw() override;
 
     virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName, const css::uno::Any& aValue ) override;
diff --git a/svx/source/unodraw/unomod.cxx b/svx/source/unodraw/unomod.cxx
index e3017b41ecfb..a0ee09645cd4 100644
--- a/svx/source/unodraw/unomod.cxx
+++ b/svx/source/unodraw/unomod.cxx
@@ -209,7 +209,11 @@ uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstanceWi
 {
     OUString arg;
     if ((ServiceSpecifier == "com.sun.star.drawing.GraphicObjectShape"
-         || ServiceSpecifier == "com.sun.star.drawing.MediaShape")
+         || ServiceSpecifier == "com.sun.star.drawing.AppletShape"
+         || ServiceSpecifier == "com.sun.star.drawing.FrameShape"
+         || ServiceSpecifier == "com.sun.star.drawing.OLE2Shape"
+         || ServiceSpecifier == "com.sun.star.drawing.MediaShape"
+         || ServiceSpecifier == "com.sun.star.drawing.PluginShape")
         && Arguments.getLength() == 1 && (Arguments[0] >>= arg))
     {
         return create(ServiceSpecifier, arg);
diff --git a/svx/source/unodraw/unopage.cxx b/svx/source/unodraw/unopage.cxx
index 28082f35e75f..25f96b615fb3 100644
--- a/svx/source/unodraw/unopage.cxx
+++ b/svx/source/unodraw/unopage.cxx
@@ -702,13 +702,13 @@ SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, SdrInvent
                     pRet = new SvxGraphicObject( pObj );
                     break;
                 case OBJ_FRAME:
-                    pRet = new SvxFrameShape( pObj );
+                    pRet = new SvxFrameShape( pObj, referer );
                     break;
                 case OBJ_OLE2_APPLET:
-                    pRet = new SvxAppletShape( pObj );
+                    pRet = new SvxAppletShape( pObj, referer );
                     break;
                 case OBJ_OLE2_PLUGIN:
-                    pRet = new SvxPluginShape( pObj );
+                    pRet = new SvxPluginShape( pObj, referer );
                     break;
                  case OBJ_OLE2:
                      {
@@ -736,17 +736,17 @@ SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, SdrInvent
 
                                         if( aPluginClassId == aClassId )
                                         {
-                                            pRet = new SvxPluginShape( pObj );
+                                            pRet = new SvxPluginShape( pObj, referer );
                                             nType = OBJ_OLE2_PLUGIN;
                                         }
                                         else if( aAppletClassId == aClassId )
                                         {
-                                            pRet = new SvxAppletShape( pObj );
+                                            pRet = new SvxAppletShape( pObj, referer );
                                             nType = OBJ_OLE2_APPLET;
                                         }
                                         else if( aIFrameClassId == aClassId )
                                         {
-                                            pRet = new SvxFrameShape( pObj );
+                                            pRet = new SvxFrameShape( pObj, referer );
                                             nType = OBJ_FRAME;
                                         }
                                     }
@@ -756,7 +756,7 @@ SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, SdrInvent
                         if( pRet == nullptr )
                         {
                             SvxUnoPropertyMapProvider& rSvxMapProvider = getSvxMapProvider();
-                            pRet = new SvxOle2Shape( pObj, rSvxMapProvider.GetMap(SVXMAP_OLE2),  rSvxMapProvider.GetPropertySet(SVXMAP_OLE2, SdrObject::GetGlobalDrawObjectItemPool()) );
+                            pRet = new SvxOle2Shape( pObj, referer, rSvxMapProvider.GetMap(SVXMAP_OLE2),  rSvxMapProvider.GetPropertySet(SVXMAP_OLE2, SdrObject::GetGlobalDrawObjectItemPool()) );
                         }
                      }
                     break;
diff --git a/svx/source/unodraw/unoshap4.cxx b/svx/source/unodraw/unoshap4.cxx
index 6dc18d6cf9e4..8765aa737a57 100644
--- a/svx/source/unodraw/unoshap4.cxx
+++ b/svx/source/unodraw/unoshap4.cxx
@@ -68,14 +68,16 @@ using namespace ::com::sun::star::container;
 using namespace ::com::sun::star::beans;
 
 
-SvxOle2Shape::SvxOle2Shape(SdrObject* pObject)
-: SvxShapeText( pObject, getSvxMapProvider().GetMap(SVXMAP_OLE2),
-                getSvxMapProvider().GetPropertySet(SVXMAP_OLE2,SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, OUString referer)
+    : SvxShapeText(pObject, getSvxMapProvider().GetMap(SVXMAP_OLE2),
+                getSvxMapProvider().GetPropertySet(SVXMAP_OLE2,SdrObject::GetGlobalDrawObjectItemPool()))
+    , referer_(std::move(referer))
 {
 }
 
-SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, const SfxItemPropertyMapEntry* pPropertyMap, const SvxItemPropertySet* pPropertySet)
-: SvxShapeText( pObject, pPropertyMap, pPropertySet  )
+SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, OUString referer, const SfxItemPropertyMapEntry* pPropertyMap, const SvxItemPropertySet* pPropertySet)
+    : SvxShapeText(pObject, pPropertyMap, pPropertySet)
+    , referer_(std::move(referer))
 {
 }
 
@@ -450,16 +452,18 @@ void SvxOle2Shape::createLink( const OUString& aLinkURL )
 
     ::comphelper::IEmbeddedHelper* pPersist = GetSdrObject()->getSdrModelFromSdrObject().GetPersist();
 
-    uno::Sequence< beans::PropertyValue > aMediaDescr( 1 );
+    uno::Sequence< beans::PropertyValue > aMediaDescr( 2 );
     aMediaDescr[0].Name = "URL";
     aMediaDescr[0].Value <<= aLinkURL;
+    aMediaDescr[1].Name = "Referer";
+    aMediaDescr[1].Value <<= referer_;
 
     uno::Reference< task::XInteractionHandler > xInteraction = pPersist->getInteractionHandler();
     if ( xInteraction.is() )
     {
-        aMediaDescr.realloc( 2 );
-        aMediaDescr[1].Name = "InteractionHandler";
-        aMediaDescr[1].Value <<= xInteraction;
+        aMediaDescr.realloc( 3 );
+        aMediaDescr[2].Name = "InteractionHandler";
+        aMediaDescr[2].Value <<= xInteraction;
     }
 
     //TODO/LATER: how to cope with creation failure?!
@@ -560,8 +564,8 @@ OUString SvxOle2Shape::GetAndClearInitialFrameURL()
     return OUString();
 }
 
-SvxAppletShape::SvxAppletShape(SdrObject* pObject)
-    : SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_APPLET), getSvxMapProvider().GetPropertySet(SVXMAP_APPLET, SdrObject::GetGlobalDrawObjectItemPool())  )
+SvxAppletShape::SvxAppletShape(SdrObject* pObject, OUString referer)
+    : SvxOle2Shape(pObject, std::move(referer), getSvxMapProvider().GetMap(SVXMAP_APPLET), getSvxMapProvider().GetPropertySet(SVXMAP_APPLET, SdrObject::GetGlobalDrawObjectItemPool()))
 {
     SetShapeType( "com.sun.star.drawing.AppletShape" );
 }
@@ -631,8 +635,8 @@ bool SvxAppletShape::getPropertyValueImpl( const OUString& rName, const SfxItemP
     }
 }
 
-SvxPluginShape::SvxPluginShape(SdrObject* pObject)
-    : SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_PLUGIN), getSvxMapProvider().GetPropertySet(SVXMAP_PLUGIN, SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxPluginShape::SvxPluginShape(SdrObject* pObject, OUString referer)
+    : SvxOle2Shape(pObject, std::move(referer), getSvxMapProvider().GetMap(SVXMAP_PLUGIN), getSvxMapProvider().GetPropertySet(SVXMAP_PLUGIN, SdrObject::GetGlobalDrawObjectItemPool()))
 {
     SetShapeType( "com.sun.star.drawing.PluginShape" );
 }
@@ -702,9 +706,8 @@ bool SvxPluginShape::getPropertyValueImpl( const OUString& rName, const SfxItemP
     }
 }
 
-
-SvxFrameShape::SvxFrameShape(SdrObject* pObject)
-: SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_FRAME), getSvxMapProvider().GetPropertySet(SVXMAP_FRAME, SdrObject::GetGlobalDrawObjectItemPool())  )
+SvxFrameShape::SvxFrameShape(SdrObject* pObject, OUString referer)
+    : SvxOle2Shape(pObject, std::move(referer), getSvxMapProvider().GetMap(SVXMAP_FRAME), getSvxMapProvider().GetPropertySet(SVXMAP_FRAME, SdrObject::GetGlobalDrawObjectItemPool()))
 {
     SetShapeType( "com.sun.star.drawing.FrameShape" );
 }
@@ -785,6 +788,7 @@ bool SvxFrameShape::getPropertyValueImpl(const OUString& rName, const SfxItemPro
         return SvxOle2Shape::getPropertyValueImpl( rName, pProperty, rValue );
     }
 }
+
 SvxMediaShape::SvxMediaShape(SdrObject* pObj, OUString const & referer)
 :   SvxShape( pObj, getSvxMapProvider().GetMap(SVXMAP_MEDIA), getSvxMapProvider().GetPropertySet(SVXMAP_MEDIA, SdrObject::GetGlobalDrawObjectItemPool()) ),
     referer_(referer)
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index 30c303690d97..955ec011c5df 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -510,7 +510,11 @@ void SdXMLShapeContext::AddShape(OUString const & serviceName)
                 xShape.set(xServiceFact->createInstance("com.sun.star.drawing.temporaryForXMLImportOLE2Shape"), uno::UNO_QUERY);
             }
             else if (serviceName == "com.sun.star.drawing.GraphicObjectShape"
+                     || serviceName == "com.sun.star.drawing.AppletShape"
+                     || serviceName == "com.sun.star.drawing.FrameShape"
                      || serviceName == "com.sun.star.drawing.MediaShape"
+                     || serviceName == "com.sun.star.drawing.OLE2Shape"
+                     || serviceName == "com.sun.star.drawing.PluginShape"
                      || serviceName == "com.sun.star.presentation.MediaShape")
             {
                 css::uno::Sequence<css::uno::Any> args(1);
author	Caolán McNamara <caolan.mcnamara@collabora.com>	2023-09-06 10:05:23 +0100
committer	Thorsten Behrens <thorsten.behrens@allotropia.de>	2023-12-06 00:56:52 +0100
commit	3e533861d7613cefc05b6be92ef19d53a2a82e64 (patch)
tree	8aa28921c0a4a8c0ea6f7f9a971ca5b0abf78dff
parent	a0a1d909043e0b508804eaa3dbe608925f1c702a (diff)