rhbz#887420 Implement "block untrusted referer links" feature

For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and SvxBrushItem::GetGraphicObject. Checking in additional places will probably be necessary to block /all/ unwanted communication. Also, some places marked /*TODO?*/ currently pass in an empty referer (which is always considered trusted) and will probably need to be adapted. Ideally, Referer URIs would never be empty (and consistently use something like <private:user> for cases where access is explicitly initiated by the user and should never be blocked), but that's a very daunting task, so start small by identifying the places that potentially need blocking and adding appropriate Referer URIs there. Also, Referer information should always be computed as freshly as possible from the context in which an access attempt is made, but, again, always carrying the information from the context all the way to the relevant functions is a very daunting task, so for now store the information upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...). The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already used to track macro execution, and there is one place in SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked by the user) is done that needs the current document's URI as Referer to check execution of macro URIs but needs an empty (or <private:user>, see above) Referer to not block non-macro URIs. Special code has been added there to handle that. Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9
author: Stephan Bergmann <sbergman@redhat.com> 2013-11-14 10:39:27 +0100
committer: Stephan Bergmann <sbergman@redhat.com> 2013-11-14 11:13:25 +0100
commit: f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch)
tree: 5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 /sw
parent: 96aca98168cba4b9055f2e2a16bb1a8f6f6e57ce (diff)
8 files changed, 36 insertions, 17 deletions
diff --git a/sw/source/core/docnode/retrieveinputstream.cxx b/sw/source/core/docnode/retrieveinputstream.cxx
index 1e4fa27535cb..6e609f6c1e13 100644
--- a/sw/source/core/docnode/retrieveinputstream.cxx
+++ b/sw/source/core/docnode/retrieveinputstream.cxx
@@ -27,19 +27,21 @@
 */
 ::rtl::Reference< ObservableThread > SwAsyncRetrieveInputStreamThread::createThread(
                         const SwRetrievedInputStreamDataManager::tDataKey nDataKey,
-                        const OUString& rLinkedURL )
+                        const OUString& rLinkedURL, const OUString& rReferer )
 {
     SwAsyncRetrieveInputStreamThread* pNewThread =
-            new SwAsyncRetrieveInputStreamThread( nDataKey, rLinkedURL );
+        new SwAsyncRetrieveInputStreamThread( nDataKey, rLinkedURL, rReferer );
     return pNewThread;
 }
 
 SwAsyncRetrieveInputStreamThread::SwAsyncRetrieveInputStreamThread(
                             const SwRetrievedInputStreamDataManager::tDataKey nDataKey,
-                            const OUString& rLinkedURL )
+                            const OUString& rLinkedURL,
+                            const OUString& rReferer )
     : ObservableThread(),
       mnDataKey( nDataKey ),
-      mrLinkedURL( rLinkedURL )
+      mrLinkedURL( rLinkedURL ),
+      mrReferer( rReferer )
 {
 }
 
@@ -49,9 +51,11 @@ SwAsyncRetrieveInputStreamThread::~SwAsyncRetrieveInputStreamThread()
 
 void SwAsyncRetrieveInputStreamThread::threadFunction()
 {
-    com::sun::star::uno::Sequence < com::sun::star::beans::PropertyValue > xProps( 1 );
+    com::sun::star::uno::Sequence < com::sun::star::beans::PropertyValue > xProps( 2 );
     xProps[0].Name = "URL";
-    xProps[0].Value <<= OUString( mrLinkedURL );
+    xProps[0].Value <<= mrLinkedURL;
+    xProps[1].Name = "Referer";
+    xProps[1].Value <<= mrReferer;
     utl::MediaDescriptor aMedium( xProps );
 
     aMedium.addInputStream();
diff --git a/sw/source/core/docnode/retrieveinputstreamconsumer.cxx b/sw/source/core/docnode/retrieveinputstreamconsumer.cxx
index efd6b4544e4c..f621fd8b2ee2 100644
--- a/sw/source/core/docnode/retrieveinputstreamconsumer.cxx
+++ b/sw/source/core/docnode/retrieveinputstreamconsumer.cxx
@@ -39,7 +39,7 @@ SwAsyncRetrieveInputStreamThreadConsumer::~SwAsyncRetrieveInputStreamThreadConsu
     SwThreadManager::GetThreadManager().RemoveThread( mnThreadID );
 }
 
-void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rURL )
+void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rURL, const OUString& rReferer )
 {
     // Get new data container for input stream data
     SwRetrievedInputStreamDataManager::tDataKey nDataKey =
@@ -47,7 +47,7 @@ void SwAsyncRetrieveInputStreamThreadConsumer::CreateThread( const OUString& rUR
                                                 mrGrfNode.GetThreadConsumer() );
 
     rtl::Reference< ObservableThread > pNewThread =
-        SwAsyncRetrieveInputStreamThread::createThread( nDataKey, rURL );
+        SwAsyncRetrieveInputStreamThread::createThread( nDataKey, rURL, rReferer );
 
     // Add thread to thread manager and pass ownership of thread to thread manager.
     mnThreadID = SwThreadManager::GetThreadManager().AddThread( pNewThread );
diff --git a/sw/source/core/graphic/ndgrf.cxx b/sw/source/core/graphic/ndgrf.cxx
index 25946bbd2940..87b81dee61ea 100644
--- a/sw/source/core/graphic/ndgrf.cxx
+++ b/sw/source/core/graphic/ndgrf.cxx
@@ -25,6 +25,7 @@
 #include <svtools/imap.hxx>
 #include <vcl/graphicfilter.hxx>
 #include <sot/storage.hxx>
+#include <sfx2/docfile.hxx>
 #include <sfx2/linkmgr.hxx>
 #include <editeng/boxitem.hxx>
 #include <sot/formats.hxx>
@@ -1157,8 +1158,13 @@ void SwGrfNode::TriggerAsyncRetrieveInputStream()
 
         OUString sGrfNm;
         refLink->GetLinkManager()->GetDisplayNames( refLink, 0, &sGrfNm, 0, 0 );
-
-        mpThreadConsumer->CreateThread( sGrfNm );
+        OUString sReferer;
+        SfxObjectShell * sh = GetDoc()->GetPersist();
+        if (sh != 0 && sh->HasName())
+        {
+            sReferer = sh->GetMedium()->GetName();
+        }
+        mpThreadConsumer->CreateThread( sGrfNm, sReferer );
     }
 }
 
diff --git a/sw/source/core/inc/retrieveinputstream.hxx b/sw/source/core/inc/retrieveinputstream.hxx
index 267d5fe56494..d2237a256753 100644
--- a/sw/source/core/inc/retrieveinputstream.hxx
+++ b/sw/source/core/inc/retrieveinputstream.hxx
@@ -36,7 +36,7 @@ class SwAsyncRetrieveInputStreamThread : public ObservableThread
 
         static ::rtl::Reference< ObservableThread > createThread(
                     const SwRetrievedInputStreamDataManager::tDataKey nDataKey,
-                    const OUString& rLinkedURL );
+                    const OUString& rLinkedURL, const OUString& rReferer );
 
         virtual ~SwAsyncRetrieveInputStreamThread();
 
@@ -47,10 +47,12 @@ class SwAsyncRetrieveInputStreamThread : public ObservableThread
     private:
 
         SwAsyncRetrieveInputStreamThread( const SwRetrievedInputStreamDataManager::tDataKey nDataKey,
-                                          const OUString& rLinkedURL );
+                                          const OUString& rLinkedURL,
+                                          const OUString& rReferer );
 
         const SwRetrievedInputStreamDataManager::tDataKey mnDataKey;
         const OUString mrLinkedURL;
+        const OUString mrReferer;
 };
 #endif
 
diff --git a/sw/source/core/inc/retrieveinputstreamconsumer.hxx b/sw/source/core/inc/retrieveinputstreamconsumer.hxx
index e56f664a72a8..64f660c4e315 100644
--- a/sw/source/core/inc/retrieveinputstreamconsumer.hxx
+++ b/sw/source/core/inc/retrieveinputstreamconsumer.hxx
@@ -40,7 +40,7 @@ class SwAsyncRetrieveInputStreamThreadConsumer
 
         /** method to create thread
         */
-        void CreateThread( const OUString& rURL );
+        void CreateThread( const OUString& rURL, const OUString& rReferer );
 
         /** method called to provide the retrieved input stream to the thread Consumer
         */
diff --git a/sw/source/core/unocore/unosett.cxx b/sw/source/core/unocore/unosett.cxx
index cea2d9e26b84..9aae7dbb790a 100644
--- a/sw/source/core/unocore/unosett.cxx
+++ b/sw/source/core/unocore/unosett.cxx
@@ -1991,7 +1991,7 @@ void SwXNumberingRules::SetNumberingRuleByIndex(
                             pSetBrush = new SvxBrushItem(*pOrigBrush);
                         }
                         else
-                            pSetBrush = new SvxBrushItem(aEmptyOUStr, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND);
+                            pSetBrush = new SvxBrushItem(aEmptyOUStr, ""/*TODO?*/, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND);
                     }
                     pSetBrush->PutValue( pData->aVal, MID_GRAPHIC_URL );
                 }
@@ -2010,7 +2010,7 @@ void SwXNumberingRules::SetNumberingRuleByIndex(
                                 pSetBrush = new SvxBrushItem(*pOrigBrush);
                             }
                             else
-                                pSetBrush = new SvxBrushItem(aEmptyOUStr, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND);
+                                pSetBrush = new SvxBrushItem(aEmptyOUStr, ""/*TODO?*/, aEmptyOUStr, GPOS_AREA, RES_BACKGROUND);
                         }
 
                         BitmapEx aBmp = VCLUnoHelper::GetBitmap( *pBitmap );
diff --git a/sw/source/ui/frmdlg/frmpage.cxx b/sw/source/ui/frmdlg/frmpage.cxx
index ca224be6e09f..b6a06690c66c 100644
--- a/sw/source/ui/frmdlg/frmpage.cxx
+++ b/sw/source/ui/frmdlg/frmpage.cxx
@@ -2499,7 +2499,7 @@ sal_Bool SwGrfExtPage::FillItemSet( SfxItemSet &rSet )
     {
         bModified = sal_True;
         aGrfName = m_pConnectED->GetText();
-        rSet.Put( SvxBrushItem( aGrfName, aFilterName, GPOS_LT,
+        rSet.Put( SvxBrushItem( aGrfName, ""/*TODO?*/, aFilterName, GPOS_LT,
                                 SID_ATTR_GRAF_GRAPHIC ));
     }
     return bModified;
diff --git a/sw/source/ui/shells/grfsh.cxx b/sw/source/ui/shells/grfsh.cxx
index cf21daafd252..c6dadbfbbe35 100644
--- a/sw/source/ui/shells/grfsh.cxx
+++ b/sw/source/ui/shells/grfsh.cxx
@@ -66,6 +66,7 @@
 #include <popup.hrc>
 #include <svx/extedit.hxx>
 #include <svx/graphichelper.hxx>
+#include <doc.hxx>
 
 #define SwGrfShell
 
@@ -261,11 +262,17 @@ void SwGrfShell::Execute(SfxRequest &rReq)
             rSh.GetGrfNms( &sGrfNm, &sFilterNm );
             if( !sGrfNm.isEmpty() )
             {
+                OUString sReferer;
+                SfxObjectShell * sh = rSh.GetDoc()->GetPersist();
+                if (sh != 0 && sh->HasName())
+                {
+                    sReferer = sh->GetMedium()->GetName();
+                }
                 aSet.Put( SvxBrushItem( INetURLObject::decode( sGrfNm,
                                         INET_HEX_ESCAPE,
                                            INetURLObject::DECODE_UNAMBIGUOUS,
                                         RTL_TEXTENCODING_UTF8 ),
-                                        sFilterNm, GPOS_LT,
+                                        sReferer, sFilterNm, GPOS_LT,
                                         SID_ATTR_GRAF_GRAPHIC ));
             }
             else
author	Stephan Bergmann <sbergman@redhat.com>	2013-11-14 10:39:27 +0100
committer	Stephan Bergmann <sbergman@redhat.com>	2013-11-14 11:13:25 +0100
commit	f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch)
tree	5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 /sw
parent	96aca98168cba4b9055f2e2a16bb1a8f6f6e57ce (diff)