default to ignoring libreoffice special-purpose protocols in calc hyperlink

Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit 672716d09c54cb6fdd59baa7da4b8393cf104cd2)

9 files changed, 59 insertions, 7 deletions

diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 21e45033ea4f..20e77a97cc8e 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1142,7 +1142,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
 {
     Reference< XInteractionHandler > xInteraction;
     xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
-    return m_aMacroMode.checkMacrosOnLoading( xInteraction );
+    const bool bHasMacros = m_aMacroMode.hasMacros();
+    return m_aMacroMode.checkMacrosOnLoading(xInteraction, false /*HasValidContentSignature*/, bHasMacros);
 }
 
 void ODatabaseModelImpl::resetMacroExecutionMode()
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index bd4f13fb016c..0cfca92db308 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -261,6 +261,8 @@ namespace sfx2
         */
         static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
 
+        bool hasMacros() const;
+
         static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainter );
         /** checks the macro execution mode while loading the document.
 
@@ -288,7 +290,7 @@ namespace sfx2
         bool
                 checkMacrosOnLoading(
                     const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
-                    bool bHasValidContentSignature = false
+                    bool bHasValidContentSignature, bool bHasMacros
                 );
 
     private:
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 2a56ebe88e07..43df4605fe1d 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -418,6 +418,9 @@ public:
     void                        SetMacroCallsSeenWhileLoading();
     bool                        GetMacroCallsSeenWhileLoading() const;
 
+    // true if the document had macros (or similar) on load to trigger warning user
+    bool                        GetHadCheckedMacrosOnLoad() const;
+
     const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
     bool                        SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
 
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 1db36e733c0c..29950ba68ca1 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -103,6 +103,7 @@
 #define STR_GB                                  NC_("STR_GB", "GB")
 #define STR_QUERY_LASTVERSION                   NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
 #define STR_NO_WEBBROWSER_FOUND                 NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
+#define STR_DANGEROUS_TO_OPEN                   NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
 #define STR_NO_ABS_URI_REF                      NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" is not an absolute URL that can be passed to an external application to open it.")
 #define STR_GID_INTERN                          NC_("STR_GID_INTERN", "Internal")
 #define STR_GID_APPLICATION                     NC_("STR_GID_APPLICATION", "Application")
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 050fd823b4ee..9696f7d9414d 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -26,7 +26,9 @@
 #include <sfx2/docfile.hxx>
 #include <sfx2/dispatch.hxx>
 #include <sfx2/objsh.hxx>
+#include <sfx2/sfxresid.hxx>
 #include <sfx2/sfxsids.hrc>
+#include <sfx2/strings.hrc>
 #include <sfx2/viewfrm.hxx>
 #include <sfx2/viewsh.hxx>
 #include <svl/intitem.hxx>
@@ -37,6 +39,8 @@
 #include <vcl/virdev.hxx>
 #include <vcl/settings.hxx>
 #include <vcl/svapp.hxx>
+#include <vcl/weld.hxx>
+#include <vcl/window.hxx>
 #include <unotools/charclass.hxx>
 #include <unotools/securityoptions.hxx>
 #include <osl/diagnose.h>
@@ -789,7 +793,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
 
     OUString aUrlName( rURL );
     SfxViewFrame* pFrame = nullptr;
-    const SfxObjectShell* pObjShell = nullptr;
+    SfxObjectShell* pObjShell = nullptr;
     OUString aReferName;
     if ( pScActiveViewShell )
     {
@@ -823,6 +827,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
             aUrlName = aNewUrlName;
     }
 
+    if (INetURLObject(aUrlName).IsExoticProtocol())
+    {
+        // Default to ignoring exotic protocols
+        bool bAllow = false;
+        if (pObjShell)
+        {
+            // If the document had macros when loaded then follow the allowed macro-mode
+            if (pObjShell->GetHadCheckedMacrosOnLoad())
+                bAllow = pObjShell->AdjustMacroMode();
+            else // otherwise ask the user, defaulting to cancel
+            {
+                assert(pFrame && "if we have pObjShell we have pFrame");
+                //Reuse URITools::onOpenURI warning string
+                std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetWindow().GetFrameWeld(),
+                                                               VclMessageType::Warning, VclButtonsType::YesNo,
+                                                               SfxResId(STR_DANGEROUS_TO_OPEN)));
+                xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+                    INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
+                xQueryBox->set_default_response(RET_NO);
+                bAllow = xQueryBox->run() == RET_YES;
+            }
+        }
+        if (!bAllow)
+        {
+            SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
+            return;
+        }
+    }
+
     SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
     SfxStringItem aTarget( SID_TARGETNAME, rTarget );
     if ( nScClickMouseModifier & KEY_SHIFT )     // control-click -> into new window
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 4d15ad30cb01..50782c3cd1b2 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -458,8 +458,12 @@ namespace sfx2
         return bHasMacros;
     }
 
+    bool DocumentMacroMode::hasMacros() const
+    {
+        return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
+    }
 
-    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
+    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool bHasMacros )
     {
         bool bAllow = false;
         if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -469,7 +473,7 @@ namespace sfx2
         }
         else
         {
-            if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+            if (bHasMacros)
             {
                 if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
                     m_bNeedsContentSigned = true;
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index f71358b568fa..c7418ef127fd 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -954,9 +954,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
 
     // check macro security
     const bool bHasValidContentSignature = HasValidSignatures();
-    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
+    const bool bHasMacros = pImpl->aMacroMode.hasMacros();
+    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature, bHasMacros );
+    pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
 }
 
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
+{
+    return pImpl->m_bHadCheckedMacrosOnLoad;
+}
 
 void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
 {
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
index 510c35daf59f..a707bb7c4a27 100644
--- a/sfx2/source/doc/objxtor.cxx
+++ b/sfx2/source/doc/objxtor.cxx
@@ -237,6 +237,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
     ,m_bAllowShareControlFileClean( true )
     ,m_bConfigOptionsChecked( false )
     ,m_bMacroCallsSeenWhileLoading( false )
+    ,m_bHadCheckedMacrosOnLoad( false )
     ,lErr(ERRCODE_NONE)
     ,nEventId ( SfxEventHintId::NONE )
     ,nLoadedFlags ( SfxLoadedFlags::ALL )
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
index 3d7b0b69c945..4afdd706d05e 100644
--- a/sfx2/source/inc/objshimp.hxx
+++ b/sfx2/source/inc/objshimp.hxx
@@ -91,7 +91,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
                         m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
                         m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
                         m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
-                        m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
+                        m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
+                        m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
 
     IndexBitSet         aBitSet;
     ErrCode             lErr;