diff options
| author | Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de> | 2019-12-10 18:42:40 +0100 |
|---|---|---|
| committer | Jan-Marek Glogowski <glogow@fbihome.de> | 2019-12-17 11:59:08 +0100 |
| commit | 71c6f438cecc3ce5e8060efe1df840652885701c (patch) | |
| tree | f0c1e7ee813f0ccc6ca94138eaa27649aa7a4ddb | |
| parent | b3348ce498b3d54b3e5e6518954ad9d5e917b8f2 (diff) | |
tdf#129311 don't allow temporary trusted certs
This simply skips the DocumentMacroConfirmationRequest, if the
macro security level (MSL) is *High* and the list of trusted
authors is read-only. For the MSL *Medium*, the check box of
the dialog is hidden with read-only trusted authors.
Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5
Reviewed-on: https://gerrit.libreoffice.org/84887
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
| -rw-r--r-- | sfx2/source/doc/docmacromode.cxx | 10 | ||||
| -rw-r--r-- | uui/source/secmacrowarnings.cxx | 9 |
2 files changed, 16 insertions, 3 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index ef5123a2c39d..94d0f076d733 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -226,11 +226,17 @@ namespace sfx2 if ( nMacroExecutionMode != MacroExecMode::FROM_LIST ) { // the trusted macro check will also retrieve the signature state ( small optimization ) - bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN ); + const SvtSecurityOptions aSecOption; + const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN + && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE + || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)); + const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor); SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); if ( nSignatureState == SignatureState::BROKEN ) { + if (!bAllowUIToAddAuthor) + lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown); return disallowMacroExecution(); } else if ( bHasTrustedMacroSignature ) @@ -242,6 +248,8 @@ namespace sfx2 || nSignatureState == SignatureState::NOTVALIDATED ) { // there is valid signature, but it is not from the trusted author + if (!bAllowUIToAddAuthor) + lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown); return disallowMacroExecution(); } } diff --git a/uui/source/secmacrowarnings.cxx b/uui/source/secmacrowarnings.cxx index 6c6e343a08f0..0bc2e1d04d72 100644 --- a/uui/source/secmacrowarnings.cxx +++ b/uui/source/secmacrowarnings.cxx @@ -137,9 +137,14 @@ void MacroWarning::InitControls() { mxViewSignsBtn->connect_clicked(LINK(this, MacroWarning, ViewSignsBtnHdl)); mxViewSignsBtn->set_sensitive(false); - mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning, AlwaysTrustCheckHdl)); - mnActSecLevel = SvtSecurityOptions().GetMacroSecurityLevel(); + const SvtSecurityOptions aSecOption; + if (!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)) + mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning, AlwaysTrustCheckHdl)); + else + mxAlwaysTrustCB->set_visible(false); + + mnActSecLevel = aSecOption.GetMacroSecurityLevel(); if ( mnActSecLevel >= 2 ) mxEnableBtn->set_sensitive(false); } |