summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2019-07-26 13:25:31 +0100
committerSamuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>2019-11-29 07:51:49 +0100
commit49e2a26758f4e19da4a7bfccd792e0583fb6c1c1 (patch)
treea36dd238e355cff02ccae3c5eec85a8a3cbce614
parent6bf9364177cb66ef511cc3342201066289201db1 (diff)
decode url escape codes and check each path segment
Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1 Reviewed-on: https://gerrit.libreoffice.org/76378 Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Tested-by: Jenkins (cherry picked from commit 7942929685fafb0f9c82feb8da7279e5103c87f0) Reviewed-on: https://gerrit.libreoffice.org/76451 Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> (cherry picked from commit aab62f2b21c331ff8c31b7c856d5e59080b9d64a) (cherry picked from commit 3098810911ccf76da1591d8f6cfceebfda13dcbd)
-rw-r--r--sfx2/source/doc/objmisc.cxx29
1 files changed, 28 insertions, 1 deletions
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 657a7a80777e..2bb7b143a6bc 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -53,6 +53,8 @@
#include <com/sun/star/script/provider/XScriptProvider.hpp>
#include <com/sun/star/script/provider/XScriptProviderSupplier.hpp>
#include <com/sun/star/ucb/SimpleFileAccess.hpp>
+#include <com/sun/star/uri/UriReferenceFactory.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
#include <com/sun/star/util/XModifiable.hpp>
#include <toolkit/helper/vclunohelper.hxx>
@@ -1360,7 +1362,32 @@ namespace
// don't allow LibreLogo to be used with our mouseover/etc dom-alike events
bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
{
- return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
+ if (!rScriptURL.startsWith("vnd.sun.star.script:"))
+ return false;
+
+ // ensure URL Escape Codes are decoded
+ css::uno::Reference<css::uri::XUriReference> uri(
+ css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())->parse(rScriptURL));
+ css::uno::Reference<css::uri::XVndSunStarScriptUrl> sfUri(uri, css::uno::UNO_QUERY);
+
+ if (!sfUri.is())
+ return false;
+
+ OUString sScript = sfUri->getName();
+
+ // check if any path portion matches LibreLogo and ban it if it does
+ sal_Int32 nIndex = 0;
+ do
+ {
+ OUString aToken = sScript.getToken(0, '/', nIndex);
+ if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
+ {
+ return true;
+ }
+ }
+ while (nIndex >= 0);
+
+ return false;
}
ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,