set Referer on loading IFrames

so tools, options, security, options,
"block any links from document not..."
applies to their contents.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150751
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit acff9ca0579333b45d10ae5f8cd48172f563dddd)

Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79

1 files changed, 11 insertions, 3 deletions

diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 6dca7bcddb56..6e14f5f254e1 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -38,6 +38,7 @@
 #include <svtools/miscopt.hxx>
 #include <svl/ownlist.hxx>
 #include <svl/itemprop.hxx>
+#include <sfx2/docfile.hxx>
 #include <sfx2/frmdescr.hxx>
 #include <sfx2/objsh.hxx>
 #include <sfx2/sfxdlg.hxx>
@@ -196,10 +197,11 @@ sal_Bool SAL_CALL IFrameObject::load(
         uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
         xTrans->parseStrict( aTargetURL );
 
+        uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
+        SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
+
         if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
         {
-            uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
-            SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
             if (pDoc && !pDoc->AdjustMacroMode())
                 return false;
         }
@@ -207,6 +209,10 @@ sal_Bool SAL_CALL IFrameObject::load(
         if (!lcl_isScriptURLAllowed(aTargetURL.Complete))
             return false;
 
+        OUString sReferer;
+        if (pDoc && pDoc->HasName())
+            sReferer = pDoc->GetMedium()->GetName();
+
         DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
         VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
         VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
@@ -229,11 +235,13 @@ sal_Bool SAL_CALL IFrameObject::load(
         if ( xFramesSupplier.is() )
             mxFrame->setCreator( xFramesSupplier );
 
-        uno::Sequence < beans::PropertyValue > aProps(2);
+        uno::Sequence < beans::PropertyValue > aProps(3);
         aProps[0].Name = "PluginMode";
         aProps[0].Value <<= sal_Int16(2);
         aProps[1].Name = "ReadOnly";
         aProps[1].Value <<= true;
+        aProps[2].Name = "Referer";
+        aProps[2].Value <<= sReferer;
         uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 );
         if ( xDisp.is() )
             xDisp->dispatch( aTargetURL, aProps );