diff options
author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2023-11-03 17:14:26 +0000 |
---|---|---|
committer | Caolán McNamara <caolan.mcnamara@collabora.com> | 2023-11-29 15:03:34 +0000 |
commit | eb42c9ad6473fb84fb5c02e522efe01e68e3ce43 (patch) | |
tree | af38180810807610fb6acb785a982300d7cc7f88 | |
parent | 714e464631533901314f3189ce293dca47bec20e (diff) |
add some protocols that don't make sense as floating frame targets
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158901
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 73e90d15c48a8f148e4e8f024cdf1b397efbcc53)
(cherry picked from commit b35aa37a5d1f32a419e7f311e415615808731acd)
(cherry picked from commit 421be99a6b101ac4ec91ad95b48c50fa17e47d36)
(cherry picked from commit fa390145228c9b9a044698fe4b7636c05210fda3)
(cherry picked from commit e549b65636b31971d8fb7fafc92e683bdef35cb6)
-rw-r--r-- | include/tools/urlobj.hxx | 5 | ||||
-rw-r--r-- | sfx2/source/doc/iframe.cxx | 6 | ||||
-rw-r--r-- | tools/source/fsys/urlobj.cxx | 8 |
3 files changed, 18 insertions, 1 deletions
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx index 1fb5f4e86aea..66c562f90062 100644 --- a/include/tools/urlobj.hxx +++ b/include/tools/urlobj.hxx @@ -920,6 +920,11 @@ public: void changeScheme(INetProtocol eTargetScheme); + // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot, + // vnd.sun.star.script, etc. All the types of URLs which shouldn't + // be accepted from an outside controlled source + bool IsExoticProtocol() const; + private: // General Structure: diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index e73fb1f1f2d1..dec4ac8dc3f7 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -37,6 +37,7 @@ #include <cppuhelper/implbase.hxx> #include <cppuhelper/supportsservice.hxx> #include <officecfg/Office/Common.hxx> +#include <sal/log.hxx> #include <svl/itemprop.hxx> #include <sfx2/docfile.hxx> #include <sfx2/frmdescr.hxx> @@ -167,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load( xTrans->parseStrict( aTargetURL ); INetURLObject aURLObject(aTargetURL.Complete); - if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script")) + if (aURLObject.IsExoticProtocol()) + { + SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete); return false; + } uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index d52edb1d2f2a..23a1e757d590 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4762,4 +4762,12 @@ OUString INetURLObject::CutExtension() ? aTheExtension : OUString(); } +bool INetURLObject::IsExoticProtocol() const +{ + return m_eScheme == INetProtocol::Slot || + m_eScheme == INetProtocol::Macro || + m_eScheme == INetProtocol::Uno || + isSchemeEqualTo(u"vnd.sun.star.script"); +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |