consider VndSunStarExpand an exotic protocol

and generally don't bother with it when fetching data
from urls

Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176645
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Jenkins

11 files changed, 49 insertions, 18 deletions

diff --git a/avmedia/source/viewer/mediawindow_impl.cxx b/avmedia/source/viewer/mediawindow_impl.cxx
index 4bada4d23ec1..823152e3b029 100644
--- a/avmedia/source/viewer/mediawindow_impl.cxx
+++ b/avmedia/source/viewer/mediawindow_impl.cxx
@@ -171,15 +171,16 @@ void MediaWindowImpl::dispose()
 
 uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString*)
 {
-    uno::Reference<media::XPlayer> xPlayer;
-
     if( rURL.isEmpty() )
-        return xPlayer;
+        return nullptr;
 
     if (SvtSecurityOptions::isUntrustedReferer(rReferer))
-    {
-        return xPlayer;
-    }
+        return nullptr;
+
+    if (INetURLObject(rURL).IsExoticProtocol())
+        return nullptr;
+
+    uno::Reference<media::XPlayer> xPlayer;
 
     // currently there isn't anything else, throw any mime type to the media players
     //if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)
diff --git a/editeng/source/items/frmitems.cxx b/editeng/source/items/frmitems.cxx
index 930fdd70f2e2..8b4e10e25c83 100644
--- a/editeng/source/items/frmitems.cxx
+++ b/editeng/source/items/frmitems.cxx
@@ -4739,6 +4739,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
             return nullptr;
         }
 
+        INetURLObject aGraphicURL( maStrLink );
+        if (aGraphicURL.IsExoticProtocol())
+        {
+            SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
+            return nullptr;
+        }
+
         // tdf#94088 prepare graphic and state
         Graphic aGraphic;
         bool bGraphicLoaded = false;
@@ -4759,8 +4766,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
         // a 'data:' scheme url and try to load that (embedded graphics)
         if(!bGraphicLoaded)
         {
-            INetURLObject aGraphicURL( maStrLink );
-
             if( INetProtocol::Data == aGraphicURL.GetProtocol() )
             {
                 std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData());
diff --git a/embeddedobj/source/commonembedding/persistence.cxx b/embeddedobj/source/commonembedding/persistence.cxx
index 15ad2ea51e89..53c27b3a9ac9 100644
--- a/embeddedobj/source/commonembedding/persistence.cxx
+++ b/embeddedobj/source/commonembedding/persistence.cxx
@@ -55,6 +55,7 @@
 #include <comphelper/namedvaluecollection.hxx>
 #include <comphelper/propertyvalue.hxx>
 #include <comphelper/configuration.hxx>
+#include <tools/urlobj.hxx>
 #include <unotools/mediadescriptor.hxx>
 #include <unotools/securityoptions.hxx>
 
@@ -403,11 +404,19 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl()
     uno::Sequence< beans::PropertyValue > aArgs( m_aDocMediaDescriptor.getLength() + nLen );
     auto pArgs = aArgs.getArray();
 
-    pArgs[0].Name = "URL";
-    if(m_aLinkTempFile.is())
-        pArgs[0].Value <<= m_aLinkTempFile->getUri();
+    OUString sURL;
+    if (m_aLinkTempFile.is())
+        sURL = m_aLinkTempFile->getUri();
     else
-        pArgs[0].Value <<= m_aLinkURL;
+        sURL = m_aLinkURL;
+    if (INetURLObject(sURL).IsExoticProtocol())
+    {
+        SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << pArgs[0].Value);
+        return nullptr;
+    }
+
+    pArgs[0].Name = "URL";
+    pArgs[0].Value <<= sURL;
 
     pArgs[1].Name = "FilterName";
     pArgs[1].Value <<= m_aLinkFilterName;
diff --git a/forms/source/component/ImageControl.cxx b/forms/source/component/ImageControl.cxx
index fc879ed06450..d06cd0e82214 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -401,7 +401,7 @@ bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, Val
 {
     OUString referer;
     getPropertyValue(u"Referer"_ustr) >>= referer;
-    if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+    if (SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) {
         return false;
     }
 
diff --git a/forms/source/component/clickableimage.cxx b/forms/source/component/clickableimage.cxx
index 5c95ef6be5fe..7a6d709241a6 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -736,7 +736,7 @@ namespace frm
 
         // the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first
         INetURLObject aUrl(rURL);
-        if (INetProtocol::NotValid == aUrl.GetProtocol())
+        if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol())
             // we treat an invalid URL like we would treat no URL
             return;
 
diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx
index da2a3cf141f7..8a54ac946945 100644
--- a/sfx2/source/appl/linkmgr2.cxx
+++ b/sfx2/source/appl/linkmgr2.cxx
@@ -537,8 +537,11 @@ bool LinkManager::GetGraphicFromAny(std::u16string_view rMimeType,
             sReferer = sh->GetMedium()->GetName();
 
         OUString sURL = rValue.get<OUString>();
-        if (!SvtSecurityOptions::isUntrustedReferer(sReferer))
+        if (!SvtSecurityOptions::isUntrustedReferer(sReferer) &&
+            !INetURLObject(sURL).IsExoticProtocol())
+        {
             rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
+        }
         if (rGraphic.IsNone())
             rGraphic.SetDefaultType();
         rGraphic.setOriginURL(sURL);
diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index 9282b7b8c175..be46359ae39f 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -680,7 +680,8 @@ IMAGE_SETEVENT:
     bool bNeedWidth = (!bPercentWidth && !nWidth) || bRelWidthScale;
     bool bRelHeightScale = bPercentHeight && nHeight == SwFormatFrameSize::SYNCED;
     bool bNeedHeight = (!bPercentHeight && !nHeight) || bRelHeightScale;
-    if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc))
+    if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc) &&
+        !aGraphicURL.IsExoticProtocol())
     {
         GraphicDescriptor aDescriptor(aGraphicURL);
         if (aDescriptor.Detect(/*bExtendedInfo=*/true))
diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx
index 2fff360fc88b..ea328276bf3c 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -31,6 +31,7 @@
 #include <o3tl/safeint.hxx>
 #include <controls/formattedcontrol.hxx>
 #include <toolkit/controls/unocontrols.hxx>
+#include <tools/urlobj.hxx>
 #include <helper/property.hxx>
 #include <toolkit/helper/macros.hxx>
 #include <unotools/securityoptions.hxx>
@@ -69,7 +70,7 @@ css::uno::Reference< css::graphic::XGraphic >
 ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
 {
     uno::Reference< graphic::XGraphic > xGraphic;
-    if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
+    if (_rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol())
         return xGraphic;
 
     try
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 84a89cd32808..d09b0d547d7e 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4892,6 +4892,7 @@ bool INetURLObject::IsExoticProtocol() const
     return m_eScheme == INetProtocol::Slot ||
            m_eScheme == INetProtocol::Macro ||
            m_eScheme == INetProtocol::Uno ||
+           m_eScheme == INetProtocol::VndSunStarExpand ||
            isSchemeEqualTo(u"vnd.sun.star.script") ||
            isSchemeEqualTo(u"service");
 }
diff --git a/unotools/source/misc/mediadescriptor.cxx b/unotools/source/misc/mediadescriptor.cxx
index 87dcbab0cbf1..f1f192149086 100644
--- a/unotools/source/misc/mediadescriptor.cxx
+++ b/unotools/source/misc/mediadescriptor.cxx
@@ -337,6 +337,10 @@ bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFi
     if (sURL.matchIgnoreAsciiCase(".component:") || sURL.matchIgnoreAsciiCase("private:factory/"))
         return false; // No UCB content for .component URLs and factory URLs
 
+
+    if (INetURLObject(sURL).IsExoticProtocol())
+        return false;
+
     OUString referer(getUnpackedValueOrDefault(PROP_REFERRER, OUString()));
     if (SvtSecurityOptions::isUntrustedReferer(referer)) {
         return false;
diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx
index c265c16866af..af9b2b774b4b 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -446,10 +446,16 @@ ErrCode GraphicFilter::CanImportGraphic( std::u16string_view rMainUrl, SvStream&
 ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath,
                                      sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
 {
-    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
 
     OUString    aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) );
+    if (rPath.IsExoticProtocol())
+    {
+        SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl);
+        return ERRCODE_GRFILTER_FORMATERROR;
+    }
+
+    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
     if (xStream)
     {