Some missing "block untrusted referer links" for form controls

...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a document

Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176796
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176921
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>

5 files changed, 15 insertions, 6 deletions

diff --git a/toolkit/inc/helper/property.hxx b/toolkit/inc/helper/property.hxx
index 013f73496482..9a26e06a9902 100644
--- a/toolkit/inc/helper/property.hxx
+++ b/toolkit/inc/helper/property.hxx
@@ -205,6 +205,7 @@ namespace com::sun::star::uno {
 #define BASEPROPERTY_HIGHLIGHT_COLOR                169
 #define BASEPROPERTY_HIGHLIGHT_TEXT_COLOR           170
 #define BASEPROPERTY_TYPEDITEMLIST                  171 // AnySequence
+#define BASEPROPERTY_REFERER                        172
 
 
 // These properties are not bound, they are always extracted from the BASEPROPERTY_FONTDESCRIPTOR property
diff --git a/toolkit/source/awt/vclxwindows.cxx b/toolkit/source/awt/vclxwindows.cxx
index d6ba5e48a6e8..e156cd21b69d 100644
--- a/toolkit/source/awt/vclxwindows.cxx
+++ b/toolkit/source/awt/vclxwindows.cxx
@@ -206,6 +206,7 @@ namespace toolkit
 
 void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds )
 {
+    PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0);
     VCLXWindow::ImplGetPropertyIds( rIds );
 }
 
diff --git a/toolkit/source/controls/dialogcontrol.cxx b/toolkit/source/controls/dialogcontrol.cxx
index ba954a15412a..6326d76bc581 100644
--- a/toolkit/source/controls/dialogcontrol.cxx
+++ b/toolkit/source/controls/dialogcontrol.cxx
@@ -418,7 +418,7 @@ void UnoDialogControl::PrepareWindowDescriptor( css::awt::WindowDescriptor& rDes
         ( !aImageURL.isEmpty() ))
     {
         OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL), uno::Any(aImageURL));
-        xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+        xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
         ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::Any( xGraphic ), true );
     }
 }
@@ -633,7 +633,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const Sequence< PropertyChang
                 ( !aImageURL.isEmpty() ))
             {
                 OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)), uno::Any(aImageURL));
-                xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+                xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
             }
             ImplSetPropertyValue(  GetPropertyName( BASEPROPERTY_GRAPHIC), uno::Any( xGraphic ), true );
             break;
diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx
index d9bc55f8cb45..9a4f19e7481b 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
 #include <toolkit/controls/unocontrols.hxx>
 #include <helper/property.hxx>
 #include <toolkit/helper/macros.hxx>
+#include <unotools/securityoptions.hxx>
 
 // for introspection
 #include <awt/vclxwindows.hxx>
@@ -61,14 +62,14 @@ uno::Reference< graphic::XGraphic >
 ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference< graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL )
 {
     xOutGraphicObj = nullptr;
-    return ImageHelper::getGraphicFromURL_nothrow( _rURL );
+    return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" );
 }
 
 css::uno::Reference< css::graphic::XGraphic >
-ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL )
+ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
 {
     uno::Reference< graphic::XGraphic > xGraphic;
-    if ( _rURL.isEmpty() )
+    if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
         return xGraphic;
 
     try
@@ -605,7 +606,11 @@ void GraphicControlModel::setFastPropertyValue_NoBroadcast( std::unique_lock<std
                 mbAdjustingGraphic = true;
                 OUString sImageURL;
                 OSL_VERIFY( rValue >>= sImageURL );
-                setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC, uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) );
+                css::uno::Any any;
+                getFastPropertyValue(rGuard, any, BASEPROPERTY_REFERER);
+                OUString referer;
+                any >>= referer;
+                setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC, uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) );
                 mbAdjustingGraphic = false;
             }
             break;
diff --git a/toolkit/source/helper/property.cxx b/toolkit/source/helper/property.cxx
index 945c4b016a64..db33e8a28ba6 100644
--- a/toolkit/source/helper/property.cxx
+++ b/toolkit/source/helper/property.cxx
@@ -271,6 +271,8 @@ static const ImpPropertyInfoMap & ImplGetPropertyInfos()
         DECL_PROP_3     ( "InactiveSelectionBackgroundColor", INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
         DECL_PROP_3     ( "ActiveSelectionTextColor",         ACTIVE_SEL_TEXT_COLOR,         sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
         DECL_PROP_3     ( "InactiveSelectionTextColor",       INACTIVE_SEL_TEXT_COLOR,       sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
+
+        DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID),
     };
     return aImplPropertyInfos;
 }