diff options
Diffstat (limited to 'sfx2/source/notify/eventsupplier.cxx')
| -rw-r--r-- | sfx2/source/notify/eventsupplier.cxx | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx index e21130d6022c..12bf1ce828e5 100644 --- a/sfx2/source/notify/eventsupplier.cxx +++ b/sfx2/source/notify/eventsupplier.cxx @@ -23,6 +23,7 @@ #include <com/sun/star/document/XScriptInvocationContext.hpp> #include <com/sun/star/util/URL.hpp> #include <com/sun/star/frame/Desktop.hpp> +#include <com/sun/star/uno/Sequence.hxx> #include <com/sun/star/util/URLTransformer.hpp> #include <com/sun/star/util/XURLTransformer.hpp> #include <com/sun/star/uno/XInterface.hpp> @@ -39,6 +40,7 @@ #include <comphelper/processfactory.hxx> #include <comphelper/namedvaluecollection.hxx> #include <comphelper/sequence.hxx> +#include <officecfg/Office/Common.hxx> #include <eventsupplier.hxx> #include <sfx2/app.hxx> @@ -49,6 +51,10 @@ #include <sfx2/frame.hxx> #include <macroloader.hxx> +#include <unicode/errorcode.h> +#include <unicode/regex.h> +#include <unicode/unistr.h> + using namespace css; using namespace ::com::sun::star; @@ -178,6 +184,31 @@ namespace } } +bool SfxEvents_Impl::isScriptURLAllowed(const OUString& aScriptURL) +{ + boost::optional<css::uno::Sequence<OUString>> allowedEvents( + officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get()); + // When AllowedDocumentEventURLs is empty, all event URLs are allowed + if (!allowedEvents) + return true; + + icu::ErrorCode status; + const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE; + icu::UnicodeString usInput(aScriptURL.getStr()); + const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents; + for (auto const& allowedEvent : rAllowedEvents) + { + icu::UnicodeString usRegex(allowedEvent.getStr()); + icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status); + if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status)) + { + return true; + } + } + + return false; +} + void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::DocumentEvent& aTrigger, SfxObjectShell* pDoc ) { uno::Sequence < beans::PropertyValue > aProperties; @@ -216,6 +247,9 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum if (aScript.isEmpty()) return; + if (!isScriptURLAllowed(aScript)) + return; + if (!pDoc) pDoc = SfxObjectShell::Current(); |