summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2019-07-23 15:31:05 +0100
committerThorsten Behrens <Thorsten.Behrens@CIB.de>2019-08-30 22:53:58 +0200
commitb86d2c4a114385c16a93f6aa0339570d8bc698ce (patch)
treef3237d9bb010221344eb295351d952f6ed46115a
parentc8e7cbcf716097f45c7e9447de4263cb683abedb (diff)
expand LibreLogo check to global events
Reviewed-on: https://gerrit.libreoffice.org/76189 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 4a66c7eda6ccde26a42c4e31725248c59940255d) Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f (cherry picked from commit e5702eefdfe6d44a92fdfb3c6a3ff47fec83ee49) Reviewed-on: https://gerrit.libreoffice.org/76452 Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> (cherry picked from commit 29d5fcb1bd034f99cb9153c99d58ab70d69980c5)
-rw-r--r--include/sfx2/objsh.hxx2
-rw-r--r--sfx2/source/doc/objmisc.cxx6
-rw-r--r--sfx2/source/notify/eventsupplier.cxx18
3 files changed, 15 insertions, 11 deletions
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 05aa6a7404a9..3c6658b44a03 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -402,6 +402,8 @@ public:
*/
bool AdjustMacroMode( const OUString& rScriptType, bool _bSuppressUI = false );
+ static bool UnTrustedScript(const OUString& rScriptURL);
+
SvKeyValueIterator* GetHeaderAttributes();
void ClearHeaderAttributesForSourceViewHack();
void SetHeaderAttributesForSourceViewHack();
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 9e5116521038..a2db44260005 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1506,16 +1506,12 @@ namespace
}
}
-namespace {
-
// don't allow LibreLogo to be used with our mouseover/etc dom-alike events
-bool UnTrustedScript(const OUString& rScriptURL)
+bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
{
return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
}
-}
-
ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,
const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const ::com::sun::star::uno::Any* pCaller )
{
diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx
index 67c2743b5847..1ba96ae88e69 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -219,18 +219,24 @@ static void Execute( uno::Any& aEventData, const document::DocumentEvent& aTrigg
else if (aType == "Service" ||
aType == "Script")
{
- if ( !aScript.isEmpty() )
+ bool bAllowed = false;
+ util::URL aURL;
+ if (!aScript.isEmpty())
{
- SfxViewFrame* pView = pDoc ?
- SfxViewFrame::GetFirst( pDoc ) :
- SfxViewFrame::Current();
-
uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) );
- util::URL aURL;
aURL.Complete = aScript;
xTrans->parseStrict( aURL );
+ bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete);
+ }
+
+ if (bAllowed)
+ {
+ SfxViewFrame* pView = pDoc ?
+ SfxViewFrame::GetFirst( pDoc ) :
+ SfxViewFrame::Current();
+
uno::Reference
< frame::XDispatchProvider > xProv;