diff options
-rw-r--r-- | officecfg/registry/schema/org/openoffice/Office/Common.xcs | 125 | ||||
-rw-r--r-- | sfx2/source/doc/docmacromode.cxx | 56 |
2 files changed, 180 insertions, 1 deletions
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index fb627eba4317..8c9add931d14 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -2707,6 +2707,131 @@ <desc>List with trusted authors.</desc> </info> </set> + <group oor:name="WindowsSecurityZone"> + <info> + <desc>Contains security settings regarding Basic scripts.</desc> + </info> + <prop oor:name="ZoneLocal" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Action needed for opening document with macro with Windows zone + identifier URLZONE_LOCAL_MACHINE (0, local machine).</desc> + </info> + <constraints> + <enumeration oor:value="0"> + <info> + <desc>Ask</desc> + </info> + </enumeration> + <enumeration oor:value="1"> + <info> + <desc>Allow</desc> + </info> + </enumeration> + <enumeration oor:value="2"> + <info> + <desc>Deny</desc> + </info> + </enumeration> + </constraints> + <value>0</value> + </prop> + <prop oor:name="ZoneIntranet" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Action needed for opening document with macro with Windows zone + identifier URLZONE_INTRANET (1, local machine).</desc> + </info> + <constraints> + <enumeration oor:value="0"> + <info> + <desc>Ask</desc> + </info> + </enumeration> + <enumeration oor:value="1"> + <info> + <desc>Allow</desc> + </info> + </enumeration> + <enumeration oor:value="2"> + <info> + <desc>Deny</desc> + </info> + </enumeration> + </constraints> + <value>0</value> + </prop> + <prop oor:name="ZoneTrusted" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Action needed for opening document with macro with Windows zone + identifier URLZONE_TRUSTED (2, trusted).</desc> + </info> + <constraints> + <enumeration oor:value="0"> + <info> + <desc>Ask</desc> + </info> + </enumeration> + <enumeration oor:value="1"> + <info> + <desc>Allow</desc> + </info> + </enumeration> + <enumeration oor:value="2"> + <info> + <desc>Deny</desc> + </info> + </enumeration> + </constraints> + <value>0</value> + </prop> + <prop oor:name="ZoneInternet" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Action needed for opening document with macro with Windows zone + identifier URLZONE_INTERNET (3, internet).</desc> + </info> + <constraints> + <enumeration oor:value="0"> + <info> + <desc>Ask</desc> + </info> + </enumeration> + <enumeration oor:value="1"> + <info> + <desc>Allow</desc> + </info> + </enumeration> + <enumeration oor:value="2"> + <info> + <desc>Deny</desc> + </info> + </enumeration> + </constraints> + <value>2</value> + </prop> + <prop oor:name="ZoneUntrusted" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Action needed for opening document with macro with Windows zone + identifier URLZONE_UNTRUSTED (3, untrusted source).</desc> + </info> + <constraints> + <enumeration oor:value="0"> + <info> + <desc>Ask</desc> + </info> + </enumeration> + <enumeration oor:value="1"> + <info> + <desc>Allow</desc> + </info> + </enumeration> + <enumeration oor:value="2"> + <info> + <desc>Deny</desc> + </info> + </enumeration> + </constraints> + <value>2</value> + </prop> + </group> </group> </group> <group oor:name="View"> diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index ea0d46babdfa..58edfba428c9 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -38,6 +38,10 @@ #include <tools/diagnose_ex.h> #include <tools/urlobj.hxx> +#if defined(_WIN32) +#include <systools/win32/comtools.hxx> +#include <urlmon.h> +#endif namespace sfx2 { @@ -286,7 +290,57 @@ namespace sfx2 } } - // conformation is required +#if defined(_WIN32) + // Windows specific: try to decide macros loading depending on Windows Security Zones + // (file is local, or it was downloaded from internet, etc) + OUString sURL(m_xData->m_rDocumentAccess.getDocumentLocation()); + sal::systools::COMReference<IZoneIdentifier> pZoneId; + auto e1 = CoCreateInstance( + CLSID_PersistentZoneIdentifier, nullptr, CLSCTX_ALL, IID_PPV_ARGS(&pZoneId)); + if (FAILED(e1)) + return disallowMacroExecution(); + sal::systools::COMReference<IPersistFile> pPersist(pZoneId.QueryInterface<IPersistFile>(IID_IPersistFile)); + DWORD dwZone; + OUString sFilePath; + osl::FileBase::getSystemPathFromFileURL(sURL, sFilePath); + if (SUCCEEDED(pPersist->Load(reinterpret_cast<LPCOLESTR>(sFilePath.getStr()), STGM_READ)) && + SUCCEEDED(pZoneId->GetId(&dwZone))) { + // We got zone id + sal_Int32 nAction = 0; + switch (dwZone) { + case 0: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneLocal::get(); + break; + case 1: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneIntranet::get(); + break; + case 2: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneTrusted::get(); + break; + case 3: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneInternet::get(); + break; + case 4: + nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneUntrusted::get(); + break; + default: + nAction = 0; + break; + } + switch (nAction) + { + case 0: // Ask + break; + case 1: // Allow + return allowMacroExecution(); + default: + [[fallthrough]]; + case 2: // Deny + return disallowMacroExecution(); + } + } +#endif + // confirmation is required bool bSecure = false; if ( eAutoConfirm == eNoAutoConfirm ) |