diff options
author | Caolán McNamara <caolanm@redhat.com> | 2019-07-23 15:31:05 +0100 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2019-08-22 12:19:35 +0200 |
commit | 808898411a208887ff64aecbac415354404c7128 (patch) | |
tree | 3fd7136193f2a48acc66aa201ebf3c959ba6d4a4 | |
parent | f217a91242fde65de357c28f2b674c745f63dd3d (diff) |
expand LibreLogo check to global events
Reviewed-on: https://gerrit.libreoffice.org/76189
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 4a66c7eda6ccde26a42c4e31725248c59940255d)
Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76305
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit b14742734481ae0a4731989a99db487d8ae1986a)
(cherry picked from commit 139d6207488d5e9ae7904f9ea07f058c531898ef)
-rw-r--r-- | include/sfx2/objsh.hxx | 2 | ||||
-rw-r--r-- | sfx2/source/doc/objmisc.cxx | 6 | ||||
-rw-r--r-- | sfx2/source/notify/eventsupplier.cxx | 18 |
3 files changed, 15 insertions, 11 deletions
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index ab885358b66f..331ee58cf252 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -402,6 +402,8 @@ public: */ bool AdjustMacroMode(); + static bool UnTrustedScript(const OUString& rScriptURL); + SvKeyValueIterator* GetHeaderAttributes(); void ClearHeaderAttributesForSourceViewHack(); void SetHeaderAttributesForSourceViewHack(); diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 881d0a3bcad6..7655e73f5c84 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1427,16 +1427,12 @@ namespace } } -namespace { - // don't allow LibreLogo to be used with our mouseover/etc dom-alike events -bool UnTrustedScript(const OUString& rScriptURL) +bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL) { return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo"); } -} - ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL, const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const css::uno::Any* pCaller ) { diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx index aa94e1b8e07f..5c1e470106c8 100644 --- a/sfx2/source/notify/eventsupplier.cxx +++ b/sfx2/source/notify/eventsupplier.cxx @@ -213,18 +213,24 @@ void SfxEvents_Impl::Execute( uno::Any& aEventData, const document::DocumentEven else if (aType == "Service" || aType == "Script") { - if ( !aScript.isEmpty() ) + bool bAllowed = false; + util::URL aURL; + if (!aScript.isEmpty()) { - SfxViewFrame* pView = pDoc ? - SfxViewFrame::GetFirst( pDoc ) : - SfxViewFrame::Current(); - uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) ); - util::URL aURL; aURL.Complete = aScript; xTrans->parseStrict( aURL ); + bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete); + } + + if (bAllowed) + { + SfxViewFrame* pView = pDoc ? + SfxViewFrame::GetFirst( pDoc ) : + SfxViewFrame::Current(); + uno::Reference < frame::XDispatchProvider > xProv; |