diff options
author | Herbert Dürr <hdu@apache.org> | 2014-07-09 15:23:59 +0000 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2014-07-11 15:29:40 +0000 |
commit | 77e980c5afc845bbfa075bdf934d424655e594f6 (patch) | |
tree | 6a610680b4f80a3119504565e3029cbcab29c043 | |
parent | d1ed906b4cf0ab46a975f3caab8dfd1b5c7f4118 (diff) |
Related: #i125226# don't try to access known-bad DDE servers
(cherry picked from commit 88de6a59d9d7933b86fdcba733277aa4fbd5e132)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: If4dcd49cfe15188d06e4e06cd8e58cdcc66ed5a4
(cherry picked from commit b16f164650f8345e51bf0b0c73bf9c8eee775bc2)
Related: #i125226# some macro preferences are directly...
applicable to DDE servers
(cherry picked from commit 2c835e761e1e9ddb6794895e6f3538b918160dd1)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: Ic16b3df34ac1b003a8a5cabab15ea655d05bdd18
Related: #i125226# typo fix
(cherry picked from commit 727ea069c6342e01a50c8b068ec302574b251cbd)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I8db53b7e8529d05e660a2d69e669b44c9045712c
(cherry picked from commit 13b68e24db26374ca17572de9abb429edeac32e9)
Related: #i125226# disallow absolute and relative paths for DDE servers
(cherry picked from commit 6b64ada6e3a902ac4b44fe49476514d49138d4d4)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I127add375a127dbbd0eaf12a10884e2636f1a332
(cherry picked from commit d1fc47793c1efbe9ff5271656283211647dd0b33)
Reviewed-on: https://gerrit.libreoffice.org/10201
Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
Reviewed-by: Eike Rathke <erack@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | sfx2/source/appl/impldde.cxx | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/sfx2/source/appl/impldde.cxx b/sfx2/source/appl/impldde.cxx index 501346addc9c..7ec637a825ca 100644 --- a/sfx2/source/appl/impldde.cxx +++ b/sfx2/source/appl/impldde.cxx @@ -25,6 +25,7 @@ #include "impldde.hxx" +#include <comphelper/string.hxx> #include <vcl/svapp.hxx> #include <vcl/fixed.hxx> #include <vcl/edit.hxx> @@ -45,6 +46,8 @@ #include <svl/svdde.hxx> #include <sot/formats.hxx> +#include <unotools/securityoptions.hxx> + #define DDELINK_ERROR_APP 1 #define DDELINK_ERROR_DATA 2 @@ -243,15 +246,23 @@ bool SvDDEObject::Connect( SvBaseLink * pSvLink ) } #if defined(WNT) - - // Server not up, try once more to start it. - if( !bInWinExec ) + // check the suitability of starting the DDE server + const SvtSecurityOptions aSecOpts; + bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE); + bForbidden |= (comphelper::string::indexOfAny(sServer, L":./%\\") != -1); + static const char* aBadServers[] = { "cmd", "rundll32" }; + for (size_t i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i) + bForbidden |= sServer.equalsAscii(aBadServers[i]); + + // try to start the DDE server if it is not there already + bForbidden |= (bInWinExec != false); + if( !bForbidden ) { OStringBuffer aCmdLine(OUStringToOString(sServer, RTL_TEXTENCODING_ASCII_US)); aCmdLine.append(".exe "); aCmdLine.append(OUStringToOString(sTopic, RTL_TEXTENCODING_ASCII_US)); - if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) + if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) // TODO: use CreateProcess() instead nError = DDELINK_ERROR_APP; else { |