bubble referer to LinkManager::GetGraphicFromAny

Change-Id: Id2c6d629692a365f96f3f81c5686930668389a6a
Reviewed-on: https://gerrit.libreoffice.org/57546
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

1 files changed, 7 insertions, 4 deletions

diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx
index 64e89a927f12..b503e06f0cf6 100644
--- a/sfx2/source/appl/linkmgr2.cxx
+++ b/sfx2/source/appl/linkmgr2.cxx
@@ -40,6 +40,7 @@
 #include <sfx2/request.hxx>
 #include <vcl/dibtools.hxx>
 #include <unotools/charclass.hxx>
+#include <unotools/securityoptions.hxx>
 #include <vcl/GraphicLoader.hxx>
 
 #include "fileobj.hxx"
@@ -497,9 +498,10 @@ SotClipboardFormatId LinkManager::RegisterStatusInfoId()
     return nFormat;
 }
 
-bool LinkManager::GetGraphicFromAny( const OUString& rMimeType,
-                                const css::uno::Any & rValue,
-                                Graphic& rGraphic )
+bool LinkManager::GetGraphicFromAny(const OUString& rMimeType,
+                                    const css::uno::Any & rValue,
+                                    const OUString& rReferer,
+                                    Graphic& rGraphic )
 {
     bool bRet = false;
 
@@ -509,7 +511,8 @@ bool LinkManager::GetGraphicFromAny( const OUString& rMimeType,
     if (rValue.has<OUString>())
     {
         OUString sURL = rValue.get<OUString>();
-        rGraphic = vcl::graphic::loadFromURL(sURL);
+        if (!SvtSecurityOptions().isUntrustedReferer(rReferer))
+            rGraphic = vcl::graphic::loadFromURL(sURL);
         if (!rGraphic)
             rGraphic.SetDefaultType();
         rGraphic.setOriginURL(sURL);