diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2013-11-14 10:39:27 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2013-11-14 11:13:25 +0100 |
| commit | f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch) | |
| tree | 5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 | |
| parent | 96aca98168cba4b9055f2e2a16bb1a8f6f6e57ce (diff) | |
rhbz#887420 Implement "block untrusted referer links" feature
For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks
configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and
SvxBrushItem::GetGraphicObject. Checking in additional places will probably be
necessary to block /all/ unwanted communication. Also, some places marked
/*TODO?*/ currently pass in an empty referer (which is always considered
trusted) and will probably need to be adapted.
Ideally, Referer URIs would never be empty (and consistently use something like
<private:user> for cases where access is explicitly initiated by the user and
should never be blocked), but that's a very daunting task, so start small by
identifying the places that potentially need blocking and adding appropriate
Referer URIs there. Also, Referer information should always be computed as
freshly as possible from the context in which an access attempt is made, but,
again, always carrying the information from the context all the way to the
relevant functions is a very daunting task, so for now store the information
upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...).
The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already
used to track macro execution, and there is one place in
SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked
by the user) is done that needs the current document's URI as Referer to check
execution of macro URIs but needs an empty (or <private:user>, see above)
Referer to not block non-macro URIs. Special code has been added there to
handle that.
Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9
53 files changed, 221 insertions, 99 deletions
diff --git a/cui/source/tabpages/backgrnd.cxx b/cui/source/tabpages/backgrnd.cxx index e1e598ddb6a6..7948b6ca5066 100644 --- a/cui/source/tabpages/backgrnd.cxx +++ b/cui/source/tabpages/backgrnd.cxx @@ -843,7 +843,7 @@ sal_Bool SvxBackgroundTabPage::FillItemSet( SfxItemSet& rCoreSet ) SvxBrushItem aTmpBrush(nWhich); if ( bIsLink ) { - aTmpBrush = SvxBrushItem( aBgdGraphicPath, + aTmpBrush = SvxBrushItem( aBgdGraphicPath, ""/*TODO?*/, aBgdGraphicFilter, eNewPos, nWhich ); @@ -881,7 +881,7 @@ sal_Bool SvxBackgroundTabPage::FillItemSet( SfxItemSet& rCoreSet ) SvxBrushItem* pTmpBrush = 0; if ( m_pBtnLink->IsChecked() ) { - pTmpBrush = new SvxBrushItem( aBgdGraphicPath, + pTmpBrush = new SvxBrushItem( aBgdGraphicPath, ""/*TODO?*/, aBgdGraphicFilter, GetGraphicPosition_Impl(), nWhich ); @@ -1665,7 +1665,7 @@ IMPL_LINK( SvxBackgroundTabPage, TblDestinationHdl_Impl, ListBox*, pBox ) bIsGraphicValid = LoadLinkedGraphic_Impl(); if ( bIsLink ) - *pActItem = SvxBrushItem( aBgdGraphicPath, + *pActItem = SvxBrushItem( aBgdGraphicPath, ""/*TODO?*/, aBgdGraphicFilter, eNewPos, pActItem->Which() ); @@ -1746,7 +1746,7 @@ IMPL_LINK( SvxBackgroundTabPage, ParaDestinationHdl_Impl, ListBox*, pBox ) bIsGraphicValid = LoadLinkedGraphic_Impl(); if ( bIsLink ) - *pActItem = SvxBrushItem( aBgdGraphicPath, + *pActItem = SvxBrushItem( aBgdGraphicPath, ""/*TODO?*/, aBgdGraphicFilter, eNewPos, pActItem->Which() ); diff --git a/cui/source/tabpages/tpbitmap.cxx b/cui/source/tabpages/tpbitmap.cxx index 89a51a8b26f2..d3647e30cab4 100644 --- a/cui/source/tabpages/tpbitmap.cxx +++ b/cui/source/tabpages/tpbitmap.cxx @@ -792,7 +792,7 @@ IMPL_LINK_NOARG(SvxBitmapTabPage, ClickLoadHdl_Impl) // save table XBitmapListRef pBmpList = XPropertyList::CreatePropertyList( - XBITMAP_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) )->AsBitmapList(); + XBITMAP_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" )->AsBitmapList(); pBmpList->SetName( aURL.getName() ); if( pBmpList->Load() ) { diff --git a/cui/source/tabpages/tpgradnt.cxx b/cui/source/tabpages/tpgradnt.cxx index 6a2a70bfa5c8..001c042c4d23 100644 --- a/cui/source/tabpages/tpgradnt.cxx +++ b/cui/source/tabpages/tpgradnt.cxx @@ -646,7 +646,7 @@ IMPL_LINK_NOARG(SvxGradientTabPage, ClickLoadHdl_Impl) // save list XGradientListRef pGrdList = XPropertyList::CreatePropertyList( - XGRADIENT_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) )->AsGradientList(); + XGRADIENT_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" )->AsGradientList(); pGrdList->SetName( aURL.getName() ); if ( pGrdList->Load() ) diff --git a/cui/source/tabpages/tphatch.cxx b/cui/source/tabpages/tphatch.cxx index 1021f629120a..d6c4d60575b2 100644 --- a/cui/source/tabpages/tphatch.cxx +++ b/cui/source/tabpages/tphatch.cxx @@ -686,7 +686,7 @@ IMPL_LINK_NOARG(SvxHatchTabPage, ClickLoadHdl_Impl) aPathURL.removeFinalSlash(); XHatchListRef pHatchList = XPropertyList::CreatePropertyList( - XHATCH_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) )->AsHatchList(); + XHATCH_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" )->AsHatchList(); pHatchList->SetName( aURL.getName() ); if( pHatchList->Load() ) { diff --git a/cui/source/tabpages/tpline.cxx b/cui/source/tabpages/tpline.cxx index 458b6b920d93..a5a9cdc752fb 100644 --- a/cui/source/tabpages/tpline.cxx +++ b/cui/source/tabpages/tpline.cxx @@ -266,7 +266,7 @@ void SvxLineTabPage::InitSymbols(MenuButton* pButton) pUIName = &aPhysicalName; } - SvxBrushItem* pBrushItem = new SvxBrushItem(*it, aEmptyStr, GPOS_AREA, SID_ATTR_BRUSH); + SvxBrushItem* pBrushItem = new SvxBrushItem(*it, ""/*TODO?*/, aEmptyStr, GPOS_AREA, SID_ATTR_BRUSH); pBrushItem->SetDoneLink(STATIC_LINK(this, SvxLineTabPage, GraphicArrivedHdl_Impl)); SvxBmpItemInfo* pInfo = new SvxBmpItemInfo(); diff --git a/cui/source/tabpages/tplnedef.cxx b/cui/source/tabpages/tplnedef.cxx index 57d612f1d9e7..1d09382d4c4d 100644 --- a/cui/source/tabpages/tplnedef.cxx +++ b/cui/source/tabpages/tplnedef.cxx @@ -749,7 +749,7 @@ IMPL_LINK_NOARG(SvxLineDefTabPage, ClickLoadHdl_Impl) aPathURL.removeSegment(); aPathURL.removeFinalSlash(); - XDashListRef pDshLst = XPropertyList::CreatePropertyList( XDASH_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) )->AsDashList(); + XDashListRef pDshLst = XPropertyList::CreatePropertyList( XDASH_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" )->AsDashList(); pDshLst->SetName( aURL.getName() ); if( pDshLst->Load() ) diff --git a/cui/source/tabpages/tplneend.cxx b/cui/source/tabpages/tplneend.cxx index ecaae0a2fa1f..bb3a0967c913 100644 --- a/cui/source/tabpages/tplneend.cxx +++ b/cui/source/tabpages/tplneend.cxx @@ -569,7 +569,7 @@ IMPL_LINK_NOARG(SvxLineEndDefTabPage, ClickLoadHdl_Impl) aPathURL.removeSegment(); aPathURL.removeFinalSlash(); - XLineEndListRef pLeList = XPropertyList::CreatePropertyList(XLINE_END_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) )->AsLineEndList(); + XLineEndListRef pLeList = XPropertyList::CreatePropertyList(XLINE_END_LIST, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" )->AsLineEndList(); pLeList->SetName( aURL.getName() ); if( pLeList->Load() ) { diff --git a/editeng/source/items/frmitems.cxx b/editeng/source/items/frmitems.cxx index 18c6caea9999..4cb76d7e5569 100644 --- a/editeng/source/items/frmitems.cxx +++ b/editeng/source/items/frmitems.cxx @@ -43,6 +43,7 @@ #include <com/sun/star/frame/status/UpperLowerMarginScale.hpp> #include <com/sun/star/drawing/ShadingPattern.hpp> +#include <unotools/securityoptions.hxx> #include <unotools/ucbstreamhelper.hxx> #include <limits.h> #include <comphelper/processfactory.hxx> @@ -3409,7 +3410,7 @@ SvxBrushItem::SvxBrushItem( const GraphicObject& rGraphicObj, // ----------------------------------------------------------------------- SvxBrushItem::SvxBrushItem( - const OUString& rLink, const OUString& rFilter, + const OUString& rLink, const OUString& rReferer, const OUString& rFilter, SvxGraphicPosition ePos, sal_uInt16 _nWhich ) : SfxPoolItem( _nWhich ), @@ -3418,6 +3419,7 @@ SvxBrushItem::SvxBrushItem( nShadingValue ( ShadingPattern::CLEAR ), pImpl ( new SvxBrushItem_Impl( NULL ) ), maStrLink ( rLink ), + maReferer ( rReferer ), maStrFilter ( rFilter ), eGraphicPos ( ( GPOS_NONE != ePos ) ? ePos : GPOS_MM ), bLoadAgain ( sal_True ) @@ -3820,11 +3822,13 @@ SvxBrushItem& SvxBrushItem::operator=( const SvxBrushItem& rItem ) DELETEZ( pImpl->pGraphicObject ); maStrLink = ""; + maReferer = ""; maStrFilter = ""; if ( GPOS_NONE != eGraphicPos ) { maStrLink = rItem.maStrLink; + maReferer = rItem.maReferer; maStrFilter = rItem.maStrFilter; if ( rItem.pImpl->pGraphicObject ) { @@ -3852,7 +3856,7 @@ int SvxBrushItem::operator==( const SfxPoolItem& rAttr ) const { if ( GPOS_NONE != eGraphicPos ) { - bEqual = maStrLink == rCmp.maStrLink; + bEqual = maStrLink == rCmp.maStrLink && maReferer == rCmp.maReferer; if ( bEqual ) { @@ -3943,6 +3947,9 @@ const GraphicObject* SvxBrushItem::GetGraphicObject() const if ( bLoadAgain && !maStrLink.isEmpty() && !pImpl->pGraphicObject ) // when graphics already loaded, use as a cache { + if (SvtSecurityOptions().isUntrustedReferer(maReferer)) { + return 0; + } pImpl->pStream = utl::UcbStreamHelper::CreateStream( maStrLink, STREAM_STD_READ ); if( pImpl->pStream && !pImpl->pStream->GetError() ) { @@ -3991,6 +3998,7 @@ void SvxBrushItem::SetGraphicPos( SvxGraphicPosition eNew ) { DELETEZ( pImpl->pGraphicObject ); maStrLink = ""; + maReferer = ""; maStrFilter = ""; } else diff --git a/editeng/source/items/numitem.cxx b/editeng/source/items/numitem.cxx index 2dca4a74d332..e4a9bb996092 100644 --- a/editeng/source/items/numitem.cxx +++ b/editeng/source/items/numitem.cxx @@ -424,7 +424,7 @@ void SvxNumberFormat::SetGraphic( const OUString& rName ) return ; delete pGraphicBrush; - pGraphicBrush = new SvxBrushItem( rName, "", GPOS_AREA, 0 ); + pGraphicBrush = new SvxBrushItem( rName, ""/*TODO?*/, "", GPOS_AREA, 0 ); pGraphicBrush->SetDoneLink( STATIC_LINK( this, SvxNumberFormat, GraphicArrived) ); if( eVertOrient == text::VertOrientation::NONE ) eVertOrient = text::VertOrientation::TOP; diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx index 2b8c56e09dc4..bff5864bf3d9 100644 --- a/filter/source/msfilter/msdffimp.cxx +++ b/filter/source/msfilter/msdffimp.cxx @@ -3924,7 +3924,7 @@ SdrObject* SvxMSDffManager::ImportGraphic( SvStream& rSt, SfxItemSet& rSet, cons if ( pRet->ISA( SdrGrafObj ) ) { if( aLinkFileName.getLength() ) - ((SdrGrafObj*)pRet)->SetGraphicLink( aLinkFileName, aLinkFilterName ); + ((SdrGrafObj*)pRet)->SetGraphicLink( aLinkFileName, ""/*TODO?*/, aLinkFilterName ); if ( bLinkGrf && !bGrfRead ) { diff --git a/include/editeng/brushitem.hxx b/include/editeng/brushitem.hxx index 69e49b68e3ca..4ef5bfd4615c 100644 --- a/include/editeng/brushitem.hxx +++ b/include/editeng/brushitem.hxx @@ -51,6 +51,7 @@ class EDITENG_DLLPUBLIC SvxBrushItem : public SfxPoolItem sal_Int32 nShadingValue; SvxBrushItem_Impl* pImpl; OUString maStrLink; + OUString maReferer; OUString maStrFilter; SvxGraphicPosition eGraphicPos; sal_Bool bLoadAgain; @@ -71,7 +72,7 @@ public: SvxGraphicPosition ePos, sal_uInt16 nWhich ); SvxBrushItem( const GraphicObject& rGraphicObj, SvxGraphicPosition ePos, sal_uInt16 nWhich ); - SvxBrushItem( const OUString& rLink, const OUString& rFilter, + SvxBrushItem( const OUString& rLink, const OUString& rReferer, const OUString& rFilter, SvxGraphicPosition ePos, sal_uInt16 nWhich ); SvxBrushItem( const SvxBrushItem& ); SvxBrushItem( const CntWallpaperItem&, sal_uInt16 nWhich ); diff --git a/include/sfx2/docfile.hxx b/include/sfx2/docfile.hxx index 202fee5be28a..7ef8b9ea2443 100644 --- a/include/sfx2/docfile.hxx +++ b/include/sfx2/docfile.hxx @@ -76,6 +76,14 @@ public: StreamMode nOpenMode, const SfxFilter *pFilter = 0, SfxItemSet *pSet = 0 ); + /** + * @param pSet Takes ownership + */ + SfxMedium( const OUString &rName, + const OUString &rReferer, + StreamMode nOpenMode, + const SfxFilter *pFilter = 0, + SfxItemSet *pSet = 0 ); /** * @param pSet does NOT take ownership diff --git a/include/svx/svdograf.hxx b/include/svx/svdograf.hxx index 3b95cc583692..20151dde4a9a 100644 --- a/include/svx/svdograf.hxx +++ b/include/svx/svdograf.hxx @@ -79,6 +79,7 @@ private: GraphicAttr aGrafInfo; OUString aFileName; // Wenn es sich um einen Link handelt, steht hier der Dateiname drin. + OUString aReferer; OUString aFilterName; GraphicObject* pGraphic; // Zur Beschleunigung von Bitmapausgaben, besonders von gedrehten. GraphicObject* mpReplacementGraphic; @@ -137,7 +138,7 @@ public: void ForceSwapIn() const; void ForceSwapOut() const; - void SetGraphicLink(const OUString& rFileName, const OUString& rFilterName); + void SetGraphicLink(const OUString& rFileName, const OUString& rReferer, const OUString& rFilterName); void ReleaseGraphicLink(); bool IsLinkedGraphic() const; diff --git a/include/svx/unopage.hxx b/include/svx/unopage.hxx index dc36e83043f3..78bc0b414857 100644 --- a/include/svx/unopage.hxx +++ b/include/svx/unopage.hxx @@ -93,7 +93,7 @@ class SVX_DLLPUBLIC SvxDrawPage : public ::cppu::WeakAggImplHelper5< ::com::sun: // Can be used by derived classes to support their owen Shapes (e.g. Controls). virtual SdrObject *_CreateSdrObject( const ::com::sun::star::uno::Reference< ::com::sun::star::drawing::XShape >& xShape ) throw(); - static SvxShape* CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj = NULL, SvxDrawPage *pPage = NULL ) throw(); + static SvxShape* CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj = NULL, SvxDrawPage *pPage = NULL, OUString const & referer = OUString() ) throw(); // The following method is called if a SvxShape object is to be created. // Derived classes can create a derivation or an SvxShape aggregating object. diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx index 9190e6326c92..f7558b834fdf 100644 --- a/include/svx/unoshape.hxx +++ b/include/svx/unoshape.hxx @@ -653,8 +653,11 @@ protected: virtual bool getPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, ::com::sun::star::uno::Any& rValue ) throw(::com::sun::star::beans::UnknownPropertyException, ::com::sun::star::lang::WrappedTargetException, ::com::sun::star::uno::RuntimeException); public: - SvxGraphicObject( SdrObject* pObj ) throw(); + SvxGraphicObject( SdrObject* pObj, OUString const & referer ) throw(); virtual ~SvxGraphicObject() throw(); + +private: + OUString referer_; }; /*********************************************************************** diff --git a/include/svx/xtable.hxx b/include/svx/xtable.hxx index 5e26206adc00..71f0db76e78b 100644 --- a/include/svx/xtable.hxx +++ b/include/svx/xtable.hxx @@ -201,13 +201,14 @@ protected: XPropertyListType meType; OUString maName; // not persistent OUString maPath; + OUString maReferer; XPropertyEntryList_impl maList; bool mbListDirty; bool mbEmbedInDocument; - XPropertyList(XPropertyListType t, const OUString& rPath); + XPropertyList(XPropertyListType t, const OUString& rPath, const OUString& rReferer); virtual Bitmap CreateBitmapForUI(long nIndex) = 0; @@ -246,7 +247,7 @@ public: bool Load(); bool LoadFrom(const ::com::sun::star::uno::Reference< ::com::sun::star::embed::XStorage > &xStorage, - const OUString &rURL); + const OUString &rURL, const OUString &rReferer); bool Save(); bool SaveTo (const ::com::sun::star::uno::Reference< ::com::sun::star::embed::XStorage > &xStorage, @@ -256,7 +257,8 @@ public: // Factory method for sub-classes static XPropertyListRef CreatePropertyList(XPropertyListType t, - const OUString& rPath); + const OUString& rPath, + const OUString& rReferer); // as above but initializes name as expected static XPropertyListRef CreatePropertyListFromURL(XPropertyListType t, const OUString & rUrl); @@ -280,8 +282,8 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XColorList(const OUString& rPath) - : XPropertyList(XCOLOR_LIST, rPath) {} + XColorList(const OUString& rPath, const OUString& rReferer) + : XPropertyList(XCOLOR_LIST, rPath, rReferer) {} using XPropertyList::Replace; using XPropertyList::Remove; @@ -306,7 +308,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XLineEndList(const OUString& rPath); + XLineEndList(const OUString& rPath, const OUString& rReferer); virtual ~XLineEndList(); using XPropertyList::Remove; @@ -333,7 +335,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XDashList(const OUString& rPath); + XDashList(const OUString& rPath, const OUString& rReferer); virtual ~XDashList(); using XPropertyList::Replace; @@ -366,7 +368,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XHatchList(const OUString& rPath); + XHatchList(const OUString& rPath, const OUString& rReferer); virtual ~XHatchList(); using XPropertyList::Replace; @@ -388,7 +390,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XGradientList(const OUString& rPath); + XGradientList(const OUString& rPath, const OUString& rReferer); virtual ~XGradientList(); using XPropertyList::Replace; @@ -411,8 +413,8 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XBitmapList(const OUString& rPath) - : XPropertyList(XBITMAP_LIST, rPath) {} + XBitmapList(const OUString& rPath, const OUString& rReferer) + : XPropertyList(XBITMAP_LIST, rPath, rReferer) {} using XPropertyList::Replace; using XPropertyList::Remove; diff --git a/include/xmloff/settingsstore.hxx b/include/xmloff/settingsstore.hxx index e4212f553405..259897b18e65 100644 --- a/include/xmloff/settingsstore.hxx +++ b/include/xmloff/settingsstore.hxx @@ -23,6 +23,7 @@ public: // Import objects and update properties (eliding URLs) virtual com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> filterStreamsFromStorage( + OUString const & referer, const com::sun::star::uno::Reference< com::sun::star::embed::XStorage > &xStorage, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>& aConfigProps ) = 0; // Export objects and update properties with relative URLs into this storage diff --git a/sc/source/filter/rtf/eeimpars.cxx b/sc/source/filter/rtf/eeimpars.cxx index bff7c71174c4..ee1204c84763 100644 --- a/sc/source/filter/rtf/eeimpars.cxx +++ b/sc/source/filter/rtf/eeimpars.cxx @@ -598,7 +598,7 @@ void ScEEImport::InsertGraphic( SCCOL nCol, SCROW nRow, SCTAB nTab, // SetGraphicLink has to be used after inserting the object, // otherwise an empty graphic is swapped in and the contact stuff crashes. // See #i37444#. - pObj->SetGraphicLink( pI->aURL, pI->aFilterName ); + pObj->SetGraphicLink( pI->aURL, ""/*TODO?*/, pI->aFilterName ); pObj->SetLogicRect( aRect ); // Only after InsertObject! } diff --git a/sc/source/ui/drawfunc/fuins1.cxx b/sc/source/ui/drawfunc/fuins1.cxx index 2ffa3abc22e6..f509bdc82c51 100644 --- a/sc/source/ui/drawfunc/fuins1.cxx +++ b/sc/source/ui/drawfunc/fuins1.cxx @@ -146,7 +146,7 @@ static void lcl_InsertGraphic( const Graphic& rGraphic, // otherwise an empty graphic is swapped in and the contact stuff crashes. // See #i37444#. if ( bAsLink ) - pObj->SetGraphicLink( rFileName, rFilterName ); + pObj->SetGraphicLink( rFileName, ""/*TODO?*/, rFilterName ); } //------------------------------------------------------------------------ diff --git a/sc/source/ui/view/viewfun7.cxx b/sc/source/ui/view/viewfun7.cxx index ebcbaeb10062..1904bcec5c77 100644 --- a/sc/source/ui/view/viewfun7.cxx +++ b/sc/source/ui/view/viewfun7.cxx @@ -416,7 +416,7 @@ sal_Bool ScViewFunc::PasteGraphic( const Point& rPos, const Graphic& rGraphic, // otherwise an empty graphic is swapped in and the contact stuff crashes. // See #i37444#. if (!rFile.isEmpty()) - pGrafObj->SetGraphicLink( rFile, rFilter ); + pGrafObj->SetGraphicLink( rFile, ""/*TODO?*/, rFilter ); return sal_True; } diff --git a/sd/source/ui/func/fuinsert.cxx b/sd/source/ui/func/fuinsert.cxx index f19f2c824d96..500ca888ba60 100644 --- a/sd/source/ui/func/fuinsert.cxx +++ b/sd/source/ui/func/fuinsert.cxx @@ -32,6 +32,7 @@ #include <tools/urlobj.hxx> #include <svl/urihelper.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/msgpool.hxx> #include <svtools/sores.hxx> #include <svtools/insdlg.hxx> @@ -144,7 +145,11 @@ void FuInsertGraphic::DoExecute( SfxRequest& ) // store as link OUString aFltName(aDlg.GetCurrentFilter()); OUString aPath(aDlg.GetPath()); - pGrafObj->SetGraphicLink(aPath, aFltName); + OUString aReferer; + if (mpDocSh->HasName()) { + aReferer = mpDocSh->GetMedium()->GetName(); + } + pGrafObj->SetGraphicLink(aPath, aReferer, aFltName); } } } diff --git a/sd/source/ui/unoidl/UnoDocumentSettings.cxx b/sd/source/ui/unoidl/UnoDocumentSettings.cxx index 8a0b689cc708..b01d8fbf326b 100644 --- a/sd/source/ui/unoidl/UnoDocumentSettings.cxx +++ b/sd/source/ui/unoidl/UnoDocumentSettings.cxx @@ -104,7 +104,8 @@ namespace sd // DocumentSettingsSerializer cf. xmloff virtual uno::Sequence<beans::PropertyValue> - filterStreamsFromStorage(const uno::Reference< embed::XStorage > &xStorage, + filterStreamsFromStorage(OUString const & referer, + const uno::Reference< embed::XStorage > &xStorage, const uno::Sequence<beans::PropertyValue>& aConfigProps ); virtual uno::Sequence<beans::PropertyValue> filterStreamsToStorage(const uno::Reference< embed::XStorage > &xStorage, @@ -116,6 +117,7 @@ namespace sd private: bool LoadList( XPropertyListType t, const OUString &rPath, + const OUString &rReferer, const uno::Reference< embed::XStorage > &xStorage ); void AssignURL( XPropertyListType t, const Any* pValue, bool *pOk, bool *pChanged ); void ExtractURL( XPropertyListType t, Any* pValue ); @@ -225,6 +227,7 @@ DocumentSettings::~DocumentSettings() throw() } bool DocumentSettings::LoadList( XPropertyListType t, const OUString &rInPath, + const OUString &rReferer, const uno::Reference< embed::XStorage > &xStorage ) { SdDrawDocument* pDoc = mxModel->GetDoc(); @@ -239,10 +242,10 @@ bool DocumentSettings::LoadList( XPropertyListType t, const OUString &rInPath, } XPropertyListRef pList = XPropertyList::CreatePropertyList( - t, aPath ); + t, aPath, rReferer ); pList->SetName( aName ); - if( pList->LoadFrom( xStorage, rInPath ) ) + if( pList->LoadFrom( xStorage, rInPath, rReferer ) ) { pDoc->SetPropertyList( pList ); return true; @@ -258,7 +261,7 @@ void DocumentSettings::AssignURL( XPropertyListType t, const Any* pValue, if( !(bool)( *pValue >>= aURL ) ) return; - if( LoadList( t, aURL, uno::Reference< embed::XStorage >() ) ) + if( LoadList( t, aURL, ""/*TODO?*/, uno::Reference< embed::XStorage >() ) ) *pOk = *pChanged = true; } @@ -296,6 +299,7 @@ static OUString getNameOfType( XPropertyListType t ) uno::Sequence<beans::PropertyValue> DocumentSettings::filterStreamsFromStorage( + OUString const & referer, const uno::Reference< embed::XStorage > &xStorage, const uno::Sequence<beans::PropertyValue>& aConfigProps ) { @@ -310,7 +314,7 @@ uno::Sequence<beans::PropertyValue> { OUString aURL; aConfigProps[i].Value >>= aURL; - LoadList( t, aURL, xStorage ); + LoadList( t, aURL, referer, xStorage ); } } aRet.realloc( nRet ); diff --git a/sd/source/ui/view/sdview4.cxx b/sd/source/ui/view/sdview4.cxx index 666f19984cd9..16e5f5507114 100644 --- a/sd/source/ui/view/sdview4.cxx +++ b/sd/source/ui/view/sdview4.cxx @@ -388,7 +388,7 @@ IMPL_LINK_NOARG(View, DropInsertFileHdl) SdrGrafObj* pGrafObj = InsertGraphic( aGraphic, nTempAction, maDropPos, NULL, NULL ); if(pGrafObj && bLink) { - pGrafObj->SetGraphicLink( aCurrentDropFile, OUString() ); + pGrafObj->SetGraphicLink( aCurrentDropFile, ""/*TODO?*/, OUString() ); } // return action from first inserted graphic diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx index e1f2479d4c97..e8e23c5d1a4c 100644 --- a/sfx2/source/appl/appopen.cxx +++ b/sfx2/source/appl/appopen.cxx @@ -1064,6 +1064,19 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq ) // convert items to properties for framework API calls Sequence < PropertyValue > aArgs; TransformItems( SID_OPENDOC, *rReq.GetArgs(), aArgs ); + // Any Referer (that was relevant in the above call to + // SvtSecurityOptions::isSecureMacroUri) is no longer relevant, assuming + // this "open" request is initiated directly by the user: + for (sal_Int32 i = 0; i != aArgs.getLength(); ++i) { + if (aArgs[i].Name == "Referer") { + ++i; + for (; i != aArgs.getLength(); ++i) { + aArgs[i - 1] = aArgs[i]; + } + aArgs.realloc(aArgs.getLength()-1); + break; + } + } // TODO/LATER: either remove LinkItem or create an asynchronous process for it if( bHidden || pLinkItem || rReq.IsSynchronCall() ) diff --git a/sfx2/source/appl/fileobj.cxx b/sfx2/source/appl/fileobj.cxx index 547a6344594b..1ffdaef6bd55 100644 --- a/sfx2/source/appl/fileobj.cxx +++ b/sfx2/source/appl/fileobj.cxx @@ -265,7 +265,7 @@ sal_Bool SvFileObject::LoadFile_Impl() return sal_False; // at the moment on the current DocShell - xMed = new SfxMedium( sFileNm, STREAM_STD_READ ); + xMed = new SfxMedium( sFileNm, sReferer, STREAM_STD_READ ); SvLinkSource::StreamToLoadFrom aStreamToLoadFrom = getStreamToLoadFrom(); xMed->setStreamToLoadFrom( diff --git a/sfx2/source/bastyp/fltfnc.cxx b/sfx2/source/bastyp/fltfnc.cxx index daee557adadb..65974d01b0f7 100644 --- a/sfx2/source/bastyp/fltfnc.cxx +++ b/sfx2/source/bastyp/fltfnc.cxx @@ -445,6 +445,12 @@ sal_uInt32 SfxFilterMatcher::GuessFilterControlDefaultUI( SfxMedium& rMedium, c aDescriptor[utl::MediaDescriptor::PROP_URL() ] <<= sURL; aDescriptor[utl::MediaDescriptor::PROP_INPUTSTREAM() ] <<= xInStream; aDescriptor[utl::MediaDescriptor::PROP_INTERACTIONHANDLER()] <<= rMedium.GetInteractionHandler(); + SfxStringItem const * it = static_cast<SfxStringItem const *>( + rMedium.GetItemSet()->GetItem(SID_REFERER)); + if (it != 0) { + aDescriptor[utl::MediaDescriptor::PROP_REFERRER()] + <<= it->GetValue(); + } if ( !m_rImpl.aName.isEmpty() ) aDescriptor[utl::MediaDescriptor::PROP_DOCUMENTSERVICE()] <<= m_rImpl.aName; diff --git a/sfx2/source/doc/docfile.cxx b/sfx2/source/doc/docfile.cxx index 0dd46584b46b..0a96f895b388 100644 --- a/sfx2/source/doc/docfile.cxx +++ b/sfx2/source/doc/docfile.cxx @@ -2854,6 +2854,20 @@ SfxMedium::SfxMedium(const OUString &rName, StreamMode nOpenMode, const SfxFilte Init_Impl(); } +SfxMedium::SfxMedium(const OUString &rName, const OUString &rReferer, StreamMode nOpenMode, const SfxFilter *pFlt, SfxItemSet *pInSet) : + pImp(new SfxMedium_Impl(this)) +{ + pImp->m_pSet = pInSet; + SfxItemSet * s = GetItemSet(); + if (s->GetItem(SID_REFERER) == 0) { + s->Put(SfxStringItem(SID_REFERER, rReferer)); + } + pImp->m_pFilter = pFlt; + pImp->m_aLogicName = rName; + pImp->m_nStorOpenMode = nOpenMode; + Init_Impl(); +} + SfxMedium::SfxMedium( const uno::Sequence<beans::PropertyValue>& aArgs ) : pImp(new SfxMedium_Impl(this)) { diff --git a/svx/source/inc/xmlxtimp.hxx b/svx/source/inc/xmlxtimp.hxx index 294a477b19f2..3b3ad7935059 100644 --- a/svx/source/inc/xmlxtimp.hxx +++ b/svx/source/inc/xmlxtimp.hxx @@ -41,7 +41,7 @@ public: virtual ~SvxXMLXTableImport() throw (); - static bool load( const OUString &rPath, + static bool load( const OUString &rPath, const OUString &rReferer, const ::com::sun::star::uno::Reference < ::com::sun::star::embed::XStorage > &xStorage, const ::com::sun::star::uno::Reference< ::com::sun::star::container::XNameContainer >& xTable, bool *bOptLoadedFromStorage ) throw(); diff --git a/svx/source/svdraw/svdmodel.cxx b/svx/source/svdraw/svdmodel.cxx index 6e29042008e9..fe0a540e18d3 100644 --- a/svx/source/svdraw/svdmodel.cxx +++ b/svx/source/svdraw/svdmodel.cxx @@ -694,7 +694,7 @@ void SdrModel::ImpCreateTables() { if( !bExtColorTable || i != XCOLOR_LIST ) maProperties[i] = XPropertyList::CreatePropertyList ( - (XPropertyListType) i, aTablePath ); + (XPropertyListType) i, aTablePath, ""/*TODO?*/ ); } } diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx index 5dff972e7910..9a96952f7c3d 100644 --- a/svx/source/svdraw/svdograf.cxx +++ b/svx/source/svdraw/svdograf.cxx @@ -102,11 +102,11 @@ sal_uInt32 getCacheTimeInMs() return 0; } -const Graphic ImpLoadLinkedGraphic( const OUString& aFileName, const OUString& aFilterName ) +const Graphic ImpLoadLinkedGraphic( const OUString& aFileName, const OUString& aReferer, const OUString& aFilterName ) { Graphic aGraphic; - SfxMedium xMed( aFileName, STREAM_STD_READ ); + SfxMedium xMed( aFileName, aReferer, STREAM_STD_READ ); xMed.DownLoad(); SvStream* pInStrm = xMed.GetInStream(); @@ -152,6 +152,8 @@ public: bool Connect() { return 0 != GetRealObject(); } void UpdateAsynchron(); void RemoveGraphicUpdater(); + + OUString getReferer() const { return rGrafObj.aReferer; } }; class SdrGraphicUpdater : public ::osl::Thread @@ -210,7 +212,7 @@ void SAL_CALL SdrGraphicUpdater::onTerminated(void) void SAL_CALL SdrGraphicUpdater::run(void) { - Graphic aGraphic( ImpLoadLinkedGraphic( maFileName, maFilterName ) ); + Graphic aGraphic( ImpLoadLinkedGraphic( maFileName, mrGraphicLink.getReferer(), maFilterName ) ); SolarMutexGuard aSolarGuard; if ( !mbIsTerminated ) { @@ -655,10 +657,11 @@ void SdrGrafObj::ImpLinkAbmeldung() } } -void SdrGrafObj::SetGraphicLink(const OUString& rFileName, const OUString& rFilterName) +void SdrGrafObj::SetGraphicLink(const OUString& rFileName, const OUString& rReferer, const OUString& rFilterName) { ImpLinkAbmeldung(); aFileName = rFileName; + aReferer = rReferer; aFilterName = rFilterName; ImpLinkAnmeldung(); pGraphic->SetUserData(); @@ -671,6 +674,7 @@ void SdrGrafObj::ReleaseGraphicLink() { ImpLinkAbmeldung(); aFileName = OUString(); + aReferer = ""; aFilterName = OUString(); } @@ -733,7 +737,7 @@ bool SdrGrafObj::ImpUpdateGraphicLink( bool bAsynchron ) const if ( bAsynchron ) pGraphicLink->UpdateAsynchron(); else - pGraphicLink->DataChanged( ImpLoadLinkedGraphic( aFileName, aFilterName ) ); + pGraphicLink->DataChanged( ImpLoadLinkedGraphic( aFileName, aReferer, aFilterName ) ); bRet = true; } return bRet; @@ -889,7 +893,7 @@ SdrGrafObj& SdrGrafObj::operator=( const SdrGrafObj& rObj ) if( rObj.pGraphicLink != NULL) { - SetGraphicLink( aFileName, aFilterName ); + SetGraphicLink( aFileName, rObj.aReferer, aFilterName ); } ImpSetAttrToGrafInfo(); diff --git a/svx/source/tbxctrls/fillctrl.cxx b/svx/source/tbxctrls/fillctrl.cxx index 499bccf54fa9..f6beef210d03 100644 --- a/svx/source/tbxctrls/fillctrl.cxx +++ b/svx/source/tbxctrls/fillctrl.cxx @@ -302,7 +302,7 @@ void SvxFillToolBoxControl::Update( const SfxPoolItem* pState ) aTmpStr = TMP_STR_BEGIN + aString + TMP_STR_END; XGradientEntry* pEntry = new XGradientEntry( pGradientItem->GetGradientValue(), aTmpStr ); - XGradientList aGradientList( "" ); + XGradientList aGradientList( "", ""/*TODO?*/ ); aGradientList.Insert( pEntry ); aGradientList.SetDirty( sal_False ); const Bitmap aBmp = aGradientList.GetUiBitmap( 0 ); @@ -347,7 +347,7 @@ void SvxFillToolBoxControl::Update( const SfxPoolItem* pState ) aTmpStr = TMP_STR_BEGIN + aString + TMP_STR_END; XHatchEntry* pEntry = new XHatchEntry( pHatchItem->GetHatchValue(), aTmpStr ); - XHatchList aHatchList( "" ); + XHatchList aHatchList( "", ""/*TODO?*/ ); aHatchList.Insert( pEntry ); aHatchList.SetDirty( sal_False ); const Bitmap aBmp = aHatchList.GetUiBitmap( 0 ); @@ -401,7 +401,7 @@ void SvxFillToolBoxControl::Update( const SfxPoolItem* pState ) XBitmapEntry* pEntry = new XBitmapEntry(pBitmapItem->GetGraphicObject(), aTmpStr); XBitmapListRef xBitmapList = XPropertyList::CreatePropertyList(XBITMAP_LIST, - OUString("TmpList"))->AsBitmapList(); + OUString("TmpList"), ""/*TODO?*/)->AsBitmapList(); xBitmapList->Insert( pEntry ); xBitmapList->SetDirty( sal_False ); pFillAttrLB->Fill( xBitmapList ); diff --git a/svx/source/unodraw/unoctabl.cxx b/svx/source/unodraw/unoctabl.cxx index e059060b3d11..37c34c5e554e 100644 --- a/svx/source/unodraw/unoctabl.cxx +++ b/svx/source/unodraw/unoctabl.cxx @@ -77,7 +77,7 @@ public: SvxUnoColorTable::SvxUnoColorTable() throw() { - pList = XPropertyList::CreatePropertyList( XCOLOR_LIST, SvtPathOptions().GetPalettePath() )->AsColorList(); + pList = XPropertyList::CreatePropertyList( XCOLOR_LIST, SvtPathOptions().GetPalettePath(), "" )->AsColorList(); } SvxUnoColorTable::~SvxUnoColorTable() throw() diff --git a/svx/source/unodraw/unomod.cxx b/svx/source/unodraw/unomod.cxx index 0c9eddea63c9..782f3d0309aa 100644 --- a/svx/source/unodraw/unomod.cxx +++ b/svx/source/unodraw/unomod.cxx @@ -168,8 +168,10 @@ sal_Bool SvxUnoDrawMSFactory::createEvent( const SdrModel* pDoc, const SdrHint* return sal_True; } -uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( const OUString& rServiceSpecifier ) - throw( uno::Exception, uno::RuntimeException ) +namespace { + +css::uno::Reference<css::uno::XInterface> create( + OUString const & rServiceSpecifier, OUString const & referer) { if( rServiceSpecifier.startsWith("com.sun.star.drawing.") ) { @@ -179,7 +181,7 @@ uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( sal_uInt16 nT = (sal_uInt16)(nType & ~E3D_INVENTOR_FLAG); sal_uInt32 nI = (nType & E3D_INVENTOR_FLAG)?E3dInventor:SdrInventor; - return uno::Reference< uno::XInterface >( (drawing::XShape*) SvxDrawPage::CreateShapeByTypeAndInventor( nT, nI ) ); + return uno::Reference< uno::XInterface >( (drawing::XShape*) SvxDrawPage::CreateShapeByTypeAndInventor( nT, nI, 0, 0, referer ) ); } } else if ( rServiceSpecifier == "com.sun.star.document.ImportGraphicObjectResolver" ) @@ -190,21 +192,35 @@ uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( return xRet; } - uno::Reference< uno::XInterface > xRet( createTextField( rServiceSpecifier ) ); + uno::Reference< uno::XInterface > xRet( SvxUnoDrawMSFactory::createTextField( rServiceSpecifier ) ); if( !xRet.is() ) throw lang::ServiceNotRegisteredException(); return xRet; } +} + +uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( const OUString& rServiceSpecifier ) + throw( uno::Exception, uno::RuntimeException ) +{ + return create(rServiceSpecifier, ""); +} + uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createTextField( const OUString& ServiceSpecifier ) throw(::com::sun::star::uno::Exception, ::com::sun::star::uno::RuntimeException) { return SvxUnoTextCreateTextField( ServiceSpecifier ); } -uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstanceWithArguments( const OUString&, const uno::Sequence< ::com::sun::star::uno::Any >& ) +uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstanceWithArguments( const OUString& ServiceSpecifier, const uno::Sequence< ::com::sun::star::uno::Any >& Arguments ) throw( uno::Exception, uno::RuntimeException ) { + OUString arg; + if (ServiceSpecifier == "com.sun.star.drawing.GraphicObjectShape" + && Arguments.getLength() == 1 && (Arguments[0] >>= arg)) + { + return create(ServiceSpecifier, arg); + } throw lang::NoSupportException(); } diff --git a/svx/source/unodraw/unopage.cxx b/svx/source/unodraw/unopage.cxx index ee6ba75547ea..acf0ce864dd7 100644 --- a/svx/source/unodraw/unopage.cxx +++ b/svx/source/unodraw/unopage.cxx @@ -565,7 +565,7 @@ void SvxDrawPage::GetTypeAndInventor( sal_uInt16& rType, sal_uInt32& rInventor, } } -SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj, SvxDrawPage *mpPage ) throw() +SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj, SvxDrawPage *mpPage, OUString const & referer ) throw() { SvxShape* pRet = NULL; switch( nInventor ) @@ -647,7 +647,7 @@ SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt3 pRet = new SvxShapeText( pObj ); break; case OBJ_GRAF: - pRet = new SvxGraphicObject( pObj ); + pRet = new SvxGraphicObject( pObj, referer ); break; case OBJ_FRAME: pRet = new SvxFrameShape( pObj ); diff --git a/svx/source/unodraw/unoshap2.cxx b/svx/source/unodraw/unoshap2.cxx index 62b842d3946f..cc6ee03089b7 100644 --- a/svx/source/unodraw/unoshap2.cxx +++ b/svx/source/unodraw/unoshap2.cxx @@ -1443,8 +1443,8 @@ uno::Sequence< OUString > SAL_CALL SvxShapePolyPolygonBezier::getSupportedServic #include <toolkit/helper/vclunohelper.hxx> //---------------------------------------------------------------------- -SvxGraphicObject::SvxGraphicObject( SdrObject* pObj ) throw() -: SvxShapeText( pObj, getSvxMapProvider().GetMap(SVXMAP_GRAPHICOBJECT), getSvxMapProvider().GetPropertySet(SVXMAP_GRAPHICOBJECT, SdrObject::GetGlobalDrawObjectItemPool()) ) +SvxGraphicObject::SvxGraphicObject( SdrObject* pObj, OUString const & referer ) throw() +: SvxShapeText( pObj, getSvxMapProvider().GetMap(SVXMAP_GRAPHICOBJECT), getSvxMapProvider().GetPropertySet(SVXMAP_GRAPHICOBJECT, SdrObject::GetGlobalDrawObjectItemPool()) ), referer_(referer) { } @@ -1529,7 +1529,7 @@ bool SvxGraphicObject::setPropertyValueImpl( const OUString& rName, const SfxIte // normal link OUString aFilterName; const SfxFilter* pSfxFilter = NULL; - SfxMedium aSfxMedium( aURL, STREAM_READ | STREAM_SHARE_DENYNONE ); + SfxMedium aSfxMedium( aURL, referer_, STREAM_READ | STREAM_SHARE_DENYNONE ); SFX_APP()->GetFilterMatcher().GuessFilter( aSfxMedium, &pSfxFilter, SFX_FILTER_IMPORT, SFX_FILTER_NOTINSTALLED | SFX_FILTER_EXECUTABLE ); @@ -1558,7 +1558,7 @@ bool SvxGraphicObject::setPropertyValueImpl( const OUString& rName, const SfxIte // it is possible that our shape is removed while where in this // method. if( mpObj.is() ) - static_cast<SdrGrafObj*>(mpObj.get())->SetGraphicLink( aURL, aFilterName ); + static_cast<SdrGrafObj*>(mpObj.get())->SetGraphicLink( aURL, referer_, aFilterName ); } bOk = true; diff --git a/svx/source/xml/xmlxtimp.cxx b/svx/source/xml/xmlxtimp.cxx index ca821cf6c768..5eba668b376d 100644 --- a/svx/source/xml/xmlxtimp.cxx +++ b/svx/source/xml/xmlxtimp.cxx @@ -369,7 +369,7 @@ static void openStorageStream( xml::sax::InputSource *pParserInput, *ppGraphicHelper = SvXMLGraphicHelper::Create( xStorage, GRAPHICHELPER_MODE_READ ); } -bool SvxXMLXTableImport::load( const OUString &rPath, +bool SvxXMLXTableImport::load( const OUString &rPath, const OUString &rReferer, const uno::Reference < embed::XStorage > &xStorage, const uno::Reference< XNameContainer >& xTable, bool *bOptLoadedFromStorage ) throw() @@ -391,7 +391,7 @@ bool SvxXMLXTableImport::load( const OUString &rPath, if( !bUseStorage || !xStorage.is() ) { - SfxMedium aMedium( rPath, STREAM_READ | STREAM_NOCREATE ); + SfxMedium aMedium( rPath, rReferer, STREAM_READ | STREAM_NOCREATE ); aParserInput.sSystemId = aMedium.GetName(); if( aMedium.IsStorage() ) diff --git a/svx/source/xoutdev/xtabcolr.cxx b/svx/source/xoutdev/xtabcolr.cxx index a1e6eb5c5a2f..d70a4fbcdb5e 100644 --- a/svx/source/xoutdev/xtabcolr.cxx +++ b/svx/source/xoutdev/xtabcolr.cxx @@ -30,7 +30,7 @@ using namespace com::sun::star; XColorListRef XColorList::CreateStdColorList() { return XPropertyList::CreatePropertyList( - XCOLOR_LIST, SvtPathOptions().GetPalettePath() )->AsColorList(); + XCOLOR_LIST, SvtPathOptions().GetPalettePath(), "" )->AsColorList(); } XColorListRef XColorList::GetStdColorList() diff --git a/svx/source/xoutdev/xtabdash.cxx b/svx/source/xoutdev/xtabdash.cxx index d34e60fe156d..0b81754c596a 100644 --- a/svx/source/xoutdev/xtabdash.cxx +++ b/svx/source/xoutdev/xtabdash.cxx @@ -33,8 +33,8 @@ using namespace com::sun::star; -XDashList::XDashList(const OUString& rPath) - : XPropertyList(XDASH_LIST, rPath) +XDashList::XDashList(const OUString& rPath, const OUString& rReferer) + : XPropertyList(XDASH_LIST, rPath, rReferer) , maBitmapSolidLine() , maStringSolidLine() , maStringNoLine() diff --git a/svx/source/xoutdev/xtabgrdt.cxx b/svx/source/xoutdev/xtabgrdt.cxx index a78cde57e1c9..5c03ccab5923 100644 --- a/svx/source/xoutdev/xtabgrdt.cxx +++ b/svx/source/xoutdev/xtabgrdt.cxx @@ -34,8 +34,8 @@ using namespace com::sun::star; -XGradientList::XGradientList( const OUString& rPath ) -: XPropertyList( XGRADIENT_LIST, rPath ) +XGradientList::XGradientList( const OUString& rPath, const OUString& rReferer ) +: XPropertyList( XGRADIENT_LIST, rPath, rReferer ) { } diff --git a/svx/source/xoutdev/xtabhtch.cxx b/svx/source/xoutdev/xtabhtch.cxx index ba75ca3265c2..3baa12335f2c 100644 --- a/svx/source/xoutdev/xtabhtch.cxx +++ b/svx/source/xoutdev/xtabhtch.cxx @@ -34,8 +34,8 @@ using namespace ::com::sun::star; using namespace ::rtl; -XHatchList::XHatchList(const OUString& rPath) - : XPropertyList( XHATCH_LIST, rPath ) +XHatchList::XHatchList(const OUString& rPath, const OUString& rReferer) + : XPropertyList( XHATCH_LIST, rPath, rReferer ) { } diff --git a/svx/source/xoutdev/xtable.cxx b/svx/source/xoutdev/xtable.cxx index 53894b838a2e..e0d0d4b0da36 100644 --- a/svx/source/xoutdev/xtable.cxx +++ b/svx/source/xoutdev/xtable.cxx @@ -122,10 +122,11 @@ XBitmapEntry::XBitmapEntry(const XBitmapEntry& rOther) XPropertyList::XPropertyList( XPropertyListType type, - const OUString& rPath + const OUString& rPath, const OUString& rReferer ) : meType ( type ), maName ( RTL_CONSTASCII_USTRINGPARAM( "standard" ) ), maPath ( rPath ), + maReferer ( rReferer ), mbListDirty ( true ), mbEmbedInDocument( false ) { @@ -249,7 +250,7 @@ bool XPropertyList::Load() if( aURL.getExtension().isEmpty() ) aURL.setExtension( GetDefaultExt() ); - return SvxXMLXTableImport::load( aURL.GetMainURL( INetURLObject::NO_DECODE ), + return SvxXMLXTableImport::load( aURL.GetMainURL( INetURLObject::NO_DECODE ), maReferer, uno::Reference < embed::XStorage >(), createInstance(), NULL ); } @@ -257,12 +258,12 @@ bool XPropertyList::Load() } bool XPropertyList::LoadFrom( const uno::Reference < embed::XStorage > &xStorage, - const OUString &rURL ) + const OUString &rURL, const OUString &rReferer ) { if( !mbListDirty ) return false; mbListDirty = false; - return SvxXMLXTableImport::load( rURL, xStorage, createInstance(), &mbEmbedInDocument ); + return SvxXMLXTableImport::load( rURL, rReferer, xStorage, createInstance(), &mbEmbedInDocument ); } bool XPropertyList::Save() @@ -292,12 +293,13 @@ bool XPropertyList::SaveTo( const uno::Reference< embed::XStorage > &xStorage, } XPropertyListRef XPropertyList::CreatePropertyList( XPropertyListType t, - const OUString& rPath ) + const OUString& rPath, + const OUString& rReferer ) { XPropertyListRef pRet; #define MAP(e,c) \ - case e: pRet = XPropertyListRef (new c( rPath ) ); break + case e: pRet = XPropertyListRef (new c( rPath, rReferer ) ); break switch (t) { MAP( XCOLOR_LIST, XColorList ); MAP( XLINE_END_LIST, XLineEndList ); @@ -326,7 +328,7 @@ XPropertyList::CreatePropertyListFromURL( XPropertyListType t, aPathURL.removeFinalSlash(); XPropertyListRef pList = XPropertyList::CreatePropertyList( - t, aPathURL.GetMainURL( INetURLObject::NO_DECODE ) ); + t, aPathURL.GetMainURL( INetURLObject::NO_DECODE ), "" ); pList->SetName( aURL.getName() ); return pList; diff --git a/svx/source/xoutdev/xtablend.cxx b/svx/source/xoutdev/xtablend.cxx index 4e782027f7ff..6db53818b43f 100644 --- a/svx/source/xoutdev/xtablend.cxx +++ b/svx/source/xoutdev/xtablend.cxx @@ -33,8 +33,8 @@ using namespace com::sun::star; -XLineEndList::XLineEndList( const OUString& rPath ) - : XPropertyList( XLINE_END_LIST, rPath ) +XLineEndList::XLineEndList( const OUString& rPath, const OUString& rReferer ) + : XPropertyList( XLINE_END_LIST, rPath, rReferer ) { } diff --git a/sw/source/core/docnode/retrieveinputstream.cxx b/sw/source/core/docnode/retrieveinputstream.cxx index 1e4fa27535cb..6e609f6c1e13 100644 --- a/sw/source/core/docnode/retrieveinputstream.cxx +++ b/sw/source/core/docnode/retrieveinputstream.cxx @@ -27,19 +27,21 @@ */ ::rtl::Reference< ObservableThread > SwAsyncRetrieveInputStreamThread::createThread( const SwRetrievedInputStreamDataManager::tDataKey nDataKey, - const OUString& rLinkedURL ) + const OUString& rLinkedURL, const OUString& rReferer ) { SwAsyncRetrieveInputStreamThread* pNewThread = - new SwAsyncRetrieveInputStreamThread( nDataKey, rLinkedURL ); + new SwAsyncRetrieveInputStreamThread( nDataKey, rLinkedURL, rReferer ); return pNewThread; } SwAsyncRetrieveInputStreamThread::SwAsyncRetrieveInputStreamThread( const SwRetrievedInputStreamDataManager::tDataKey nDataKey, - const OUString& rLinkedURL ) + const OUString& rLinkedURL, + const OUString& rReferer ) : ObservableThread(), mnDataKey( nDataKey ), - mrLinkedURL( rLinkedURL ) + mrLinkedURL( rLinkedURL ), + mrReferer( rReferer ) { } @@ -49,9 +51,11 @@ SwAsyncRetrieveInputStreamThread::~SwAsyncRetrieveInputStreamThread() void SwAsyncRetrieveInputStreamThread::threadFunction() { - com::sun::star::uno::Sequence < com::sun::star::beans::PropertyValue > xProps( 1 ); + com::sun::star::uno::Sequence < com::sun::star::beans::PropertyValue > xProps( 2 ); xProps[0].Name = "URL"; - xProps[0].Value <<= OUString( mrLinkedURL ); + xProps[0].Value <<= mrLinkedURL; + xProps[1].Name = "Referer"; + xProps[1].Value <<= mrReferer; utl::MediaDescriptor aMedium( xProps ); aMedium.addInputStream(); diff --git a/sw/source/core/docnode/retrieveinputstreamconsumer.cxx b/sw/source/core/docnode/retrieveinputstreamconsumer.cxx index efd6b4544e4c..f621fd8b2ee2 100644 --- a/sw/source/core/docnode/retrieveinputstreamconsumer.cxx +++ b/sw/source/core/docnode/retrieveinputstreamconsumer.cxx @@ -39,7 +39,7 @@ SwAsyncRetrieveInputStreamThreadConsumer::~SwAsyncRetrieveInputStreamThreadConsu SwThreadManager::GetThreadManager().RemoveThread( mnThreadID ); } -void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rURL ) +void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rURL, const OUString& rReferer ) { // Get new data container for input stream data SwRetrievedInputStreamDataManager::tDataKey nDataKey = @@ -47,7 +47,7 @@ void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rUR mrGrfNode.GetThreadConsumer() ); rtl::Reference< ObservableThread > pNewThread = - SwAsyncRetrieveInputStreamThread::createThread( nDataKey, rURL ); + SwAsyncRetrieveInputStreamThread::createThread( nDataKey, rURL, rReferer ); // Add thread to thread manager and pass ownership of thread to thread manager. mnThreadID = SwThreadManager::GetThreadManager().AddThread( pNewThread ); diff --git a/sw/source/core/graphic/ndgrf.cxx b/sw/source/core/graphic/ndgrf.cxx index 25946bbd2940..87b81dee61ea 100644 --- a/sw/source/core/graphic/ndgrf.cxx +++ b/sw/source/core/graphic/ndgrf.cxx @@ -25,6 +25,7 @@ #include <svtools/imap.hxx> #include <vcl/graphicfilter.hxx> #include <sot/storage.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/linkmgr.hxx> #include <editeng/boxitem.hxx> #include <sot/formats.hxx> @@ -1157,8 +1158,13 @@ void SwGrfNode::TriggerAsyncRetrieveInputStream() OUString sGrfNm; refLink->GetLinkManager()->GetDisplayNames( refLink, 0, &sGrfNm, 0, 0 ); - - mpThreadConsumer->CreateThread( sGrfNm ); + OUString sReferer; + SfxObjectShell * sh = GetDoc()->GetPersist(); + if (sh != 0 && sh->HasName()) + { + sReferer = sh->GetMedium()->GetName(); + } + mpThreadConsumer->CreateThread( sGrfNm, sReferer ); } } diff --git a/sw/source/core/inc/retrieveinputstream.hxx b/sw/source/core/inc/retrieveinputstream.hxx index 267d5fe56494..d2237a256753 100644 --- a/sw/source/core/inc/retrieveinputstream.hxx +++ b/sw/source/core/inc/retrieveinputstream.hxx @@ -36,7 +36,7 @@ class SwAsyncRetrieveInputStreamThread : public ObservableThread static ::rtl::Reference< ObservableThread > createThread( const SwRetrievedInputStreamDataManager::tDataKey nDataKey, - const OUString& rLinkedURL ); + const OUString& rLinkedURL, const OUString& rReferer ); virtual ~SwAsyncRetrieveInputStreamThread(); @@ -47,10 +47,12 @@ class SwAsyncRetrieveInputStreamThread : public ObservableThread private: SwAsyncRetrieveInputStreamThread( const SwRetrievedInputStreamDataManager::tDataKey nDataKey, - const OUString& rLinkedURL ); + const OUString& rLinkedURL, + const OUString& rReferer ); const SwRetrievedInputStreamDataManager::tDataKey mnDataKey; const OUString mrLinkedURL; + const OUString mrReferer; }; #endif diff --git a/sw/source/core/inc/retrieveinputstreamconsumer.hxx b/sw/source/core/inc/retrieveinputstreamconsumer.hxx index e56f664a72a8..64f660c4e315 100644 --- a/sw/source/core/inc/retrieveinputstreamconsumer.hxx +++ b/sw/source/core/inc/retrieveinputstreamconsumer.hxx @@ -40,7 +40,7 @@ class SwAsyncRetrieveInputStreamThreadConsumer /** method to create thread */ - void CreateThread( const OUString& rURL ); + void CreateThread( const OUString& rURL, const OUString& rReferer ); /** method called to provide the retrieved input stream to the thread Consumer */ diff --git a/sw/source/core/unocore/unosett.cxx b/sw/source/core/unocore/unosett.cxx index cea2d9e26b84..9aae7dbb790a 100644 --- a/sw/source/core/unocore/unosett.cxx +++ b/sw/source/core/unocore/unosett.cxx @@ -1991,7 +1991,7 @@ void SwXNumberingRules::SetNumberingRuleByIndex( pSetBrush = new SvxBrushItem(*pOrigBrush); } else - pSetBrush = new SvxBrushItem(aEmptyOUStr, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND); + pSetBrush = new SvxBrushItem(aEmptyOUStr, ""/*TODO?*/, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND); } pSetBrush->PutValue( pData->aVal, MID_GRAPHIC_URL ); } @@ -2010,7 +2010,7 @@ void SwXNumberingRules::SetNumberingRuleByIndex( pSetBrush = new SvxBrushItem(*pOrigBrush); } else - pSetBrush = new SvxBrushItem(aEmptyOUStr, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND); + pSetBrush = new SvxBrushItem(aEmptyOUStr, ""/*TODO?*/, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND); } BitmapEx aBmp = VCLUnoHelper::GetBitmap( *pBitmap ); diff --git a/sw/source/ui/frmdlg/frmpage.cxx b/sw/source/ui/frmdlg/frmpage.cxx index ca224be6e09f..b6a06690c66c 100644 --- a/sw/source/ui/frmdlg/frmpage.cxx +++ b/sw/source/ui/frmdlg/frmpage.cxx @@ -2499,7 +2499,7 @@ sal_Bool SwGrfExtPage::FillItemSet( SfxItemSet &rSet ) { bModified = sal_True; aGrfName = m_pConnectED->GetText(); - rSet.Put( SvxBrushItem( aGrfName, aFilterName, GPOS_LT, + rSet.Put( SvxBrushItem( aGrfName, ""/*TODO?*/, aFilterName, GPOS_LT, SID_ATTR_GRAF_GRAPHIC )); } return bModified; diff --git a/sw/source/ui/shells/grfsh.cxx b/sw/source/ui/shells/grfsh.cxx index cf21daafd252..c6dadbfbbe35 100644 --- a/sw/source/ui/shells/grfsh.cxx +++ b/sw/source/ui/shells/grfsh.cxx @@ -66,6 +66,7 @@ #include <popup.hrc> #include <svx/extedit.hxx> #include <svx/graphichelper.hxx> +#include <doc.hxx> #define SwGrfShell @@ -261,11 +262,17 @@ void SwGrfShell::Execute(SfxRequest &rReq) rSh.GetGrfNms( &sGrfNm, &sFilterNm ); if( !sGrfNm.isEmpty() ) { + OUString sReferer; + SfxObjectShell * sh = rSh.GetDoc()->GetPersist(); + if (sh != 0 && sh->HasName()) + { + sReferer = sh->GetMedium()->GetName(); + } aSet.Put( SvxBrushItem( INetURLObject::decode( sGrfNm, INET_HEX_ESCAPE, INetURLObject::DECODE_UNAMBIGUOUS, RTL_TEXTENCODING_UTF8 ), - sFilterNm, GPOS_LT, + sReferer, sFilterNm, GPOS_LT, SID_ATTR_GRAF_GRAPHIC )); } else diff --git a/unotools/source/misc/mediadescriptor.cxx b/unotools/source/misc/mediadescriptor.cxx index 0eadb025c390..34e54ff4e0fd 100644 --- a/unotools/source/misc/mediadescriptor.cxx +++ b/unotools/source/misc/mediadescriptor.cxx @@ -19,6 +19,7 @@ #include <comphelper/docpasswordhelper.hxx> #include <unotools/mediadescriptor.hxx> +#include <unotools/securityoptions.hxx> #include <comphelper/namedvaluecollection.hxx> #include <comphelper/stillreadwriteinteraction.hxx> @@ -596,6 +597,11 @@ sal_Bool MediaDescriptor::impl_openStreamWithPostData( const css::uno::Reference sal_Bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, sal_Bool bLockFile ) throw(::com::sun::star::uno::RuntimeException) { + OUString referer(getUnpackedValueOrDefault(PROP_REFERRER(), OUString())); + if (SvtSecurityOptions().isUntrustedReferer(referer)) { + return false; + } + // prepare the environment css::uno::Reference< css::task::XInteractionHandler > xOrgInteraction = getUnpackedValueOrDefault( MediaDescriptor::PROP_INTERACTIONHANDLER(), diff --git a/xmloff/source/draw/sdxmlimp.cxx b/xmloff/source/draw/sdxmlimp.cxx index a7b6c602598e..6b1dd4a795da 100644 --- a/xmloff/source/draw/sdxmlimp.cxx +++ b/xmloff/source/draw/sdxmlimp.cxx @@ -839,7 +839,7 @@ void SdXMLImport::SetConfigurationSettings(const com::sun::star::uno::Sequence<c uno::Sequence<beans::PropertyValue> aFiltered; if( pFilter ) { - aFiltered = pFilter->filterStreamsFromStorage( GetSourceStorage(), aConfigProps ); + aFiltered = pFilter->filterStreamsFromStorage( GetDocumentBase(), GetSourceStorage(), aConfigProps ); nCount = aFiltered.getLength(); pValues = aFiltered.getConstArray(); } diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx index e8d1b99f1357..001b47154f57 100644 --- a/xmloff/source/draw/ximpshap.cxx +++ b/xmloff/source/draw/ximpshap.cxx @@ -494,6 +494,15 @@ void SdXMLShapeContext::AddShape(OUString const & serviceName) { xShape = uno::Reference< drawing::XShape >(xServiceFact->createInstance("com.sun.star.drawing.temporaryForXMLImportOLE2Shape"), uno::UNO_QUERY); } + else if (serviceName == "com.sun.star.drawing.GraphicObjectShape") + { + css::uno::Sequence<css::uno::Any> args(1); + args[0] <<= GetImport().GetDocumentBase(); + xShape = css::uno::Reference<css::drawing::XShape>( + xServiceFact->createInstanceWithArguments( + serviceName, args), + css::uno::UNO_QUERY); + } else { xShape = uno::Reference< drawing::XShape >(xServiceFact->createInstance(serviceName), uno::UNO_QUERY); |