datastreams: for security, ask before executing a script when importing

Change-Id: I76a11dae2569eb7e0c791c9f1fb20626c4ff7528
author: Matúš Kukan <matus.kukan@collabora.com> 2013-11-27 15:48:32 +0100
committer: Matúš Kukan <matus.kukan@collabora.com> 2013-12-02 11:13:44 +0100
commit: 3428ccb269d752bcfcb96228b8fb432fcb883924 (patch)
tree: 1b4f6fb6900ec154a49347cf0358092f90cd7b5b
parent: 01e8167a7e89961b5a985d18dab5b8af34f8b97e (diff)
3 files changed, 57 insertions, 9 deletions
diff --git a/sc/UIConfig_scalc.mk b/sc/UIConfig_scalc.mk
index 23c49726e58b..8f28b6154e8f 100644
--- a/sc/UIConfig_scalc.mk
+++ b/sc/UIConfig_scalc.mk
@@ -109,6 +109,7 @@ $(eval $(call gb_UIConfig_add_uifiles,modules/scalc,\
 	sc/uiconfig/scalc/ui/printareasdialog \
 	sc/uiconfig/scalc/ui/printeroptions \
 	sc/uiconfig/scalc/ui/protectsheetdlg \
+	sc/uiconfig/scalc/ui/queryrunstreamscriptdialog \
 	sc/uiconfig/scalc/ui/randomnumbergenerator \
 	sc/uiconfig/scalc/ui/rightfooterdialog \
 	sc/uiconfig/scalc/ui/rightheaderdialog \
diff --git a/sc/source/ui/docshell/datastream.cxx b/sc/source/ui/docshell/datastream.cxx
index 4305d3fbc403..88c2ae40b45c 100644
--- a/sc/source/ui/docshell/datastream.cxx
+++ b/sc/source/ui/docshell/datastream.cxx
@@ -11,6 +11,7 @@
 
 #include <com/sun/star/frame/XLayoutManager.hpp>
 #include <com/sun/star/ui/XUIElement.hpp>
+#include <officecfg/Office/Common.hxx>
 #include <osl/conditn.hxx>
 #include <rtl/strbuf.hxx>
 #include <salhelper/thread.hxx>
@@ -237,14 +238,6 @@ void DataStream::Decode(const OUString& rURL, const OUString& rRange,
     mnSettings = nSettings;
     mpEndRange.reset( NULL );
 
-    SvStream *pStream = 0;
-    if (mnSettings & SCRIPT_STREAM)
-        pStream = new SvScriptStream(msURL);
-    else
-        pStream = new SvFileStream(msURL, STREAM_READ);
-    mxReaderThread = new datastreams::ReaderThread( pStream );
-    mxReaderThread->launch();
-
     mbValuesInLine = mnSettings & VALUES_IN_LINE;
 
     if (msMove == "NO_MOVE")
@@ -271,6 +264,16 @@ void DataStream::StartImport()
         return;
     mbIsUndoEnabled = mpScDocument->IsUndoEnabled();
     mpScDocument->EnableUndo(false);
+    if (!mxReaderThread.is())
+    {
+        SvStream *pStream = 0;
+        if (mnSettings & SCRIPT_STREAM)
+            pStream = new SvScriptStream(msURL);
+        else
+            pStream = new SvFileStream(msURL, STREAM_READ);
+        mxReaderThread = new datastreams::ReaderThread( pStream );
+        mxReaderThread->launch();
+    }
     mbRunning = true;
     AutoTimer::Start();
 }
@@ -378,7 +381,18 @@ sfx2::SvBaseLink::UpdateResult DataStream::DataChanged(
         const OUString& , const css::uno::Any& )
 {
     MakeToolbarVisible();
-    StartImport();
+    StopImport();
+    bool bStart = true;
+    if (mnSettings & SCRIPT_STREAM && !mxReaderThread.is() &&
+        officecfg::Office::Common::Security::Scripting::MacroSecurityLevel::get() >= 1)
+    {
+        MessageDialog aQBox( NULL, "QueryRunStreamScriptDialog", "modules/scalc/ui/queryrunstreamscriptdialog.ui");
+        aQBox.set_primary_text( aQBox.get_primary_text().replaceFirst("%URL", msURL) );
+        if (RET_YES != aQBox.Execute())
+            bStart = false;
+    }
+    if (bStart)
+        StartImport();
     return SUCCESS;
 }
 
diff --git a/sc/uiconfig/scalc/ui/queryrunstreamscriptdialog.ui b/sc/uiconfig/scalc/ui/queryrunstreamscriptdialog.ui
new file mode 100644
index 000000000000..ca7fbe65c00b
--- /dev/null
+++ b/sc/uiconfig/scalc/ui/queryrunstreamscriptdialog.ui
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<interface>
+  <!-- interface-requires gtk+ 3.0 -->
+  <object class="GtkMessageDialog" id="QueryRunStreamScriptDialog">
+    <property name="can_focus">False</property>
+    <property name="border_width">12</property>
+    <property name="resizable">False</property>
+    <property name="type_hint">dialog</property>
+    <property name="skip_taskbar_hint">True</property>
+    <property name="message_type">question</property>
+    <property name="buttons">yes-no</property>
+    <property name="text" translatable="yes">This data stream is generated by a script. Do you want to execute %URL?</property>
+    <child internal-child="vbox">
+      <object class="GtkBox" id="messagedialog-vbox">
+        <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
+        <property name="spacing">24</property>
+        <child internal-child="action_area">
+          <object class="GtkButtonBox" id="messagedialog-action_area">
+            <property name="can_focus">False</property>
+            <property name="layout_style">center</property>
+          </object>
+          <packing>
+            <property name="expand">False</property>
+            <property name="fill">True</property>
+            <property name="pack_type">end</property>
+            <property name="position">0</property>
+          </packing>
+        </child>
+      </object>
+    </child>
+  </object>
+</interface>
author	Matúš Kukan <matus.kukan@collabora.com>	2013-11-27 15:48:32 +0100
committer	Matúš Kukan <matus.kukan@collabora.com>	2013-12-02 11:13:44 +0100
commit	3428ccb269d752bcfcb96228b8fb432fcb883924 (patch)
tree	1b4f6fb6900ec154a49347cf0358092f90cd7b5b
parent	01e8167a7e89961b5a985d18dab5b8af34f8b97e (diff)