diff options
| author | Vasily Melenchuk <vasily.melenchuk@cib.de> | 2022-12-05 20:32:41 +0300 |
|---|---|---|
| committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2022-12-30 04:24:27 +0000 |
| commit | b22bbfa25ab1f0b9cfa1dedc85b8f9874f0a5e5b (patch) | |
| tree | c2a7f32daf0c56448eebe60dc950d9f080441be7 /sfx2/source/doc | |
| parent | d5a9722874871576b864feb7bd815f9f8bfaac48 (diff) | |
Related: tdf#125093 Check Windows Security Zones for macros
In Windows, files get assigned security zones (local, from intranet,
from internet, etc) after download via browser or email client. This
is used by MS Word to decide in which mode it is safe to open file.
This patch implements basic support for similar feature: by default
there are no changes in macro behavior. But it is possible to use
expert configuration options to tweak default behavior, and for
example disable macros automatically, if a file is downloaded from
Internet or other unsafe locations.
Change-Id: I0bf1ae4e54d75dd5d07cab309124a67a85ef2d4d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143680
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Diffstat (limited to 'sfx2/source/doc')
| -rw-r--r-- | sfx2/source/doc/docmacromode.cxx | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index bdae350b22f5..cbd720132323 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -38,6 +38,10 @@ #include <comphelper/diagnose_ex.hxx> #include <tools/urlobj.hxx> +#if defined(_WIN32) +#include <systools/win32/comtools.hxx> +#include <urlmon.h> +#endif namespace sfx2 { @@ -284,6 +288,59 @@ namespace sfx2 } } +#if defined(_WIN32) + // Windows specific: try to decide macros loading depending on Windows Security Zones + // (is the file local, or it was downloaded from internet, etc?) + OUString sURL(m_xData->m_rDocumentAccess.getDocumentLocation()); + OUString sFilePath; + osl::FileBase::getSystemPathFromFileURL(sURL, sFilePath); + sal::systools::COMReference<IZoneIdentifier> pZoneId; + pZoneId.CoCreateInstance(CLSID_PersistentZoneIdentifier); + sal::systools::COMReference<IPersistFile> pPersist(pZoneId, sal::systools::COM_QUERY_THROW); + DWORD dwZone; + if (!SUCCEEDED(pPersist->Load(reinterpret_cast<LPCOLESTR>(sFilePath.getStr()), STGM_READ)) || + !SUCCEEDED(pZoneId->GetId(&dwZone))) + { + // no Security Zone info found -> assume a local file, not + // from the internet + dwZone = 0; + } + + // determine action from zone and settings + sal_Int32 nAction = 0; + switch (dwZone) { + case 0: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneLocal::get(); + break; + case 1: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneIntranet::get(); + break; + case 2: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneTrusted::get(); + break; + case 3: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneInternet::get(); + break; + case 4: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneUntrusted::get(); + break; + default: + // unknown zone, let's ask the user + nAction = 0; + break; + } + + // act on result + switch (nAction) + { + case 0: // Ask + break; + case 1: // Allow + return allowMacroExecution(); + case 2: // Deny + return disallowMacroExecution(); + } +#endif // confirmation is required bool bSecure = false; |