diff options
author | Caolán McNamara <caolanm@redhat.com> | 2022-02-22 20:27:18 +0000 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2022-02-23 15:41:41 +0100 |
commit | 4751853b19dabfb57963c58183b0c3557328b3b8 (patch) | |
tree | 6ac3ed256f1240e0113b7db2dd716f691670b51d /shell | |
parent | ebd508e1664fc13c8305ead62346f9fdf3a2b37e (diff) |
add to suffix denylist
mostly https: //support.google.com/mail/answer/6590?hl=en#zippy=%2Cmessages-that-have-attachments
but see also:
https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows
Change-Id: Ibe3abbdcdb6f82a73d245318ef97d86789d00523
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130394
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'shell')
-rw-r--r-- | shell/source/win32/SysShExec.cxx | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index 27243b1c5dc3..d01c01f839ea 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -343,8 +343,12 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa if (!(checkExtension(ext, env) && checkExtension( ext, - ".APPLICATION;.BAT;.CLASS;.CMD;.COM;.EXE;.JAR;.JS;" - ".JSE;.LNK;.MSC;.MSI;.PY;.SCR;.VBE;.VBS;.WSF;.WSH;"))) + ".ADE;.ADP;.APK;.APPLICATION;.APPX;.APPXBUNDLE;.BAT;.CAB;.CHM;.CLASS;" + ".CMD;.COM;.CPL;.DLL;.DMG;.EX;.EX_;.EXE;.GADGET;.HTA;.INF;.INS;.IPA;" + ".ISO;.ISP;.JAR;.JS;.JSE;.LIB;.LNK;.MDE;.MSC;.MSH;.MSH1;.MSH2;.MSHXML;" + ".MSH1XML;.MSH2XML;.MSI;.MSIX;.MSIXBUNDLE;.MSP;.MST;.NSH;.PIF;.PS1;" + ".PS1XML;.PS2;.PS2XML;.PSC1;.PSC2;.PY;.REG;.SCF;.SCR;.SCT;.SHB;.SYS;" + ".VB;.VBE;.VBS;.VXD;.WS;.WSC;.WSF;.WSH;"))) { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, |