diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2019-08-06 13:29:22 +0200 |
---|---|---|
committer | Michael Stahl <Michael.Stahl@cib.de> | 2019-08-07 12:48:54 +0200 |
commit | a15bbe14bf89db5316e99100a1aaeb323c6ce5c6 (patch) | |
tree | b5575a5b71c03d8a94728400410f170c37db0619 | |
parent | 50abe4ad4744281db160c0e52d5875ed8dc3de57 (diff) |
Properly obtain location
Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77023
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 28c6af3ddc283ca9c5712359a9abcb385c1575b4)
-rw-r--r-- | scripting/source/protocolhandler/scripthandler.cxx | 9 | ||||
-rw-r--r-- | sfx2/source/doc/objmisc.cxx | 21 |
2 files changed, 19 insertions, 11 deletions
diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx index 150ffa052509..751099d92ce8 100644 --- a/scripting/source/protocolhandler/scripthandler.cxx +++ b/scripting/source/protocolhandler/scripthandler.cxx @@ -47,6 +47,7 @@ #include <com/sun/star/uno/XComponentContext.hpp> #include <com/sun/star/uri/XUriReference.hpp> +#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp> #include <com/sun/star/uri/UriReferenceFactory.hpp> #include <memory> @@ -133,8 +134,12 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( { try { - bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) !=-1 ); - // TODO: isn't this somewhat strange? This should be a test for a location=document parameter, shouldn't it? + css::uno::Reference<css::uri::XUriReferenceFactory> urifac( + css::uri::UriReferenceFactory::create(m_xContext)); + css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri( + urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW); + auto const loc = uri->getParameter("location"); + bool bIsDocumentScript = loc == "document"; if ( bIsDocumentScript ) { diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index a66eeefc1d45..13d338f3b14e 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1386,19 +1386,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon SAL_INFO("sfx", "in CallXScript" ); ErrCode nErr = ERRCODE_NONE; - bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 ); - // TODO: we should parse the URL, and check whether there is a parameter with this name. - // Otherwise, we might find too much. - if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) - return ERRCODE_IO_ACCESSDENIED; - - if ( UnTrustedScript(_rScriptURL) ) - return ERRCODE_IO_ACCESSDENIED; - bool bCaughtException = false; Any aException; try { + css::uno::Reference<css::uri::XUriReferenceFactory> urifac( + css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())); + css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri( + urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW); + auto const loc = uri->getParameter("location"); + bool bIsDocumentScript = loc == "document"; + if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) + return ERRCODE_IO_ACCESSDENIED; + + if ( UnTrustedScript(_rScriptURL) ) + return ERRCODE_IO_ACCESSDENIED; + // obtain/create a script provider Reference< provider::XScriptProvider > xScriptProvider; Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY ); |