diff options
| -rw-r--r-- | scripting/source/protocolhandler/scripthandler.cxx | 56 | ||||
| -rw-r--r-- | sfx2/source/notify/eventsupplier.cxx | 39 |
2 files changed, 68 insertions, 27 deletions
diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx index 965827bbde6e..1fbf0c8bbc46 100644 --- a/scripting/source/protocolhandler/scripthandler.cxx +++ b/scripting/source/protocolhandler/scripthandler.cxx @@ -122,7 +122,6 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( const URL& aURL, const Sequence < PropertyValue >& lArgs, const Reference< XDispatchResultListener >& xListener ) { - bool bSuccess = false; Any invokeResult; bool bCaughtException = false; @@ -132,32 +131,42 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( { try { - // obtain the component for our security check - Reference< XEmbeddedScripts > xDocumentScripts; - if ( getScriptInvocation() ) - xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW ); - - OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" ); - if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() ) + css::uno::Reference<css::uri::XUriReferenceFactory> urifac( + css::uri::UriReferenceFactory::create(m_xContext)); + css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri( + urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW); + auto const loc = uri->getParameter("location"); + bool bIsDocumentScript = loc == "document"; + + if ( bIsDocumentScript ) { - if ( xListener.is() ) + // obtain the component for our security check + Reference< XEmbeddedScripts > xDocumentScripts; + if ( getScriptInvocation() ) + xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW ); + + OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" ); + if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() ) { - css::frame::DispatchResultEvent aEvent( - static_cast< ::cppu::OWeakObject* >( this ), - css::frame::DispatchResultState::FAILURE, - invokeResult ); - try - { - xListener->dispatchFinished( aEvent ) ; - } - catch(const RuntimeException &) + if ( xListener.is() ) { - TOOLS_WARN_EXCEPTION("scripting", - "ScriptProtocolHandler::dispatchWithNotification: caught RuntimeException" - "while dispatchFinished with failure of the execution"); + css::frame::DispatchResultEvent aEvent( + static_cast< ::cppu::OWeakObject* >( this ), + css::frame::DispatchResultState::FAILURE, + invokeResult ); + try + { + xListener->dispatchFinished( aEvent ) ; + } + catch(const RuntimeException &) + { + TOOLS_WARN_EXCEPTION("scripting", + "ScriptProtocolHandler::dispatchWithNotification: caught RuntimeException" + "while dispatchFinished with failure of the execution"); + } } + return; } - return; } // Creates a ScriptProvider ( if one is not created already ) @@ -194,7 +203,8 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( // attempt to protect the document against the script tampering with its Undo Context std::unique_ptr< ::framework::DocumentUndoGuard > pUndoGuard; - pUndoGuard.reset( new ::framework::DocumentUndoGuard( m_xScriptInvocation ) ); + if ( bIsDocumentScript ) + pUndoGuard.reset( new ::framework::DocumentUndoGuard( m_xScriptInvocation ) ); bSuccess = false; while ( !bSuccess ) diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx index 356d28c1430a..fffe1fe39de0 100644 --- a/sfx2/source/notify/eventsupplier.cxx +++ b/sfx2/source/notify/eventsupplier.cxx @@ -19,11 +19,13 @@ #include <com/sun/star/beans/PropertyValue.hpp> +#include <com/sun/star/document/XEmbeddedScripts.hpp> +#include <com/sun/star/document/XScriptInvocationContext.hpp> #include <com/sun/star/util/URL.hpp> - #include <com/sun/star/frame/Desktop.hpp> #include <com/sun/star/util/URLTransformer.hpp> #include <com/sun/star/util/XURLTransformer.hpp> +#include <com/sun/star/uno/XInterface.hpp> #include <tools/urlobj.hxx> #include <tools/diagnose_ex.h> #include <svl/macitem.hxx> @@ -48,6 +50,8 @@ #include <macroloader.hxx> using namespace css; +using namespace ::com::sun::star; + // --- XNameReplace --- @@ -151,6 +155,29 @@ sal_Bool SAL_CALL SfxEvents_Impl::hasElements() return maEventNames.hasElements(); } +namespace +{ + bool lcl_isScriptAccessAllowed_nothrow(const uno::Reference<uno::XInterface>& rxScriptContext) + { + try + { + uno::Reference<document::XEmbeddedScripts> xScripts(rxScriptContext, uno::UNO_QUERY); + if (!xScripts.is()) + { + uno::Reference<document::XScriptInvocationContext> xContext(rxScriptContext, uno::UNO_QUERY_THROW); + xScripts.set(xContext->getScriptContainer(), uno::UNO_SET_THROW); + } + + return xScripts->getAllowMacroExecution(); + } + catch( const uno::Exception& ) + { + DBG_UNHANDLED_EXCEPTION("sfx.doc"); + } + return false; + } +} + void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::DocumentEvent& aTrigger, SfxObjectShell* pDoc ) { uno::Sequence < beans::PropertyValue > aProperties; @@ -189,6 +216,12 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum if (aScript.isEmpty()) return; + if (!pDoc) + pDoc = SfxObjectShell::Current(); + + if (pDoc && !lcl_isScriptAccessAllowed_nothrow(pDoc->GetModel())) + return; + if (aType == STAR_BASIC) { uno::Any aAny; @@ -206,9 +239,7 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum if (bAllowed) { - SfxViewFrame* pView = pDoc ? - SfxViewFrame::GetFirst( pDoc ) : - SfxViewFrame::Current(); + SfxViewFrame* pView = SfxViewFrame::GetFirst(pDoc); uno::Reference < frame::XDispatchProvider > xProv; |