From acc2d319cd1063383baa764622f17515be9d876e Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Tue, 22 Feb 2022 09:41:26 +0000 Subject: add to suffix denylist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mostly https: //support.google.com/mail/answer/6590?hl=en#zippy=%2Cmessages-that-have-attachments but see also: https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows Change-Id: Ibe3abbdcdb6f82a73d245318ef97d86789d00523 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130394 Tested-by: Jenkins Reviewed-by: Caolán McNamara Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130382 Reviewed-by: Adolfo Jayme Barrientos (cherry picked from commit 8b72ddb734e0f4457d0233ae9e56dd76526f1dc9) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130492 Tested-by: Michael Stahl Reviewed-by: Michael Stahl --- shell/source/win32/SysShExec.cxx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index ec61e96f762b..8e8237dd12af 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -425,8 +425,12 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa if (!(checkExtension(ext, env) && checkExtension( ext, - ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.MSI;.PY;.CLASS;" - ".JAR;.APPLICATION;.LNK;.SCR"))) + ".ADE;.ADP;.APK;.APPLICATION;.APPX;.APPXBUNDLE;.BAT;.CAB;.CHM;.CLASS;" + ".CMD;.COM;.CPL;.DLL;.DMG;.EX;.EX_;.EXE;.GADGET;.HTA;.INF;.INS;.IPA;" + ".ISO;.ISP;.JAR;.JS;.JSE;.LIB;.LNK;.MDE;.MSC;.MSH;.MSH1;.MSH2;.MSHXML;" + ".MSH1XML;.MSH2XML;.MSI;.MSIX;.MSIXBUNDLE;.MSP;.MST;.NSH;.PIF;.PS1;" + ".PS1XML;.PS2;.PS2XML;.PSC1;.PSC2;.PY;.REG;.SCF;.SCR;.SCT;.SHB;.SYS;" + ".VB;.VBE;.VBS;.VXD;.WS;.WSC;.WSF;.WSH;"))) { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, -- cgit