From f8de3dc7b906150eb9f345100ee48715b75d38d1 Mon Sep 17 00:00:00 2001 From: Mike Kaganski Date: Tue, 7 Nov 2023 13:38:33 +0300 Subject: Add a description comment Basically describing commit 71c6f438cecc3ce5e8060efe1df840652885701c (tdf#129311 don't allow temporary trusted certs, 2019-12-17). Change-Id: I4d947014b09412638560e9249f242cf6ff222cc2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159069 Tested-by: Jenkins Reviewed-by: Mike Kaganski Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159266 Reviewed-by: Miklos Vajna --- sfx2/source/doc/docmacromode.cxx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 1a311de7a1b6..50487b657101 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -230,6 +230,13 @@ namespace sfx2 // check whether the document is signed with trusted certificate if ( nMacroExecutionMode != MacroExecMode::FROM_LIST ) { + // At this point, the possible values of nMacroExecutionMode are: ALWAYS_EXECUTE, + // FROM_LIST_AND_SIGNED_WARN (the default), FROM_LIST_AND_SIGNED_NO_WARN. + // ALWAYS_EXECUTE corresponds to the Medium security level; it should ask for + // confirmation when macros are unsigned or untrusted. FROM_LIST_AND_SIGNED_NO_WARN + // should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN should only allow + // trusted signed macros at this point; so it may only ask for confirmation to add + // certificates to trusted, and shouldn't show UI when trusted list is read-only. // the trusted macro check will also retrieve the signature state ( small optimization ) const bool bAllowUI = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE -- cgit