diff options
author | Herbert Dürr <hdu@apache.org> | 2014-07-09 15:23:59 +0000 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2014-08-26 06:10:07 -0700 |
commit | 2385e35558bb95d187dc15d92535e1db4b842f7b (patch) | |
tree | 375eaafb8419771ed3a39518e7b7b5d2ec93f763 | |
parent | 6674f71c693b16c07b1f46bc7b4971644daf70ba (diff) |
Related: #i125226# don't try to access known-bad DDE servers
(cherry picked from commit 88de6a59d9d7933b86fdcba733277aa4fbd5e132)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: If4dcd49cfe15188d06e4e06cd8e58cdcc66ed5a4
(cherry picked from commit b16f164650f8345e51bf0b0c73bf9c8eee775bc2)
Related: #i125226# some macro preferences are directly...
applicable to DDE servers
(cherry picked from commit 2c835e761e1e9ddb6794895e6f3538b918160dd1)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: Ic16b3df34ac1b003a8a5cabab15ea655d05bdd18
Related: #i125226# typo fix
(cherry picked from commit 727ea069c6342e01a50c8b068ec302574b251cbd)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I8db53b7e8529d05e660a2d69e669b44c9045712c
(cherry picked from commit 13b68e24db26374ca17572de9abb429edeac32e9)
Related: #i125226# disallow absolute and relative paths for DDE servers
(cherry picked from commit 6b64ada6e3a902ac4b44fe49476514d49138d4d4)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I127add375a127dbbd0eaf12a10884e2636f1a332
(cherry picked from commit d1fc47793c1efbe9ff5271656283211647dd0b33)
Reviewed-on: https://gerrit.libreoffice.org/10200
Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
Tested-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
-rw-r--r-- | sfx2/source/appl/impldde.cxx | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/sfx2/source/appl/impldde.cxx b/sfx2/source/appl/impldde.cxx index d81367d170fb..f1da6b4ff036 100644 --- a/sfx2/source/appl/impldde.cxx +++ b/sfx2/source/appl/impldde.cxx @@ -25,6 +25,7 @@ #include "impldde.hxx" +#include <comphelper/string.hxx> #include <vcl/svapp.hxx> #include <vcl/fixed.hxx> #include <vcl/edit.hxx> @@ -45,6 +46,8 @@ #include <svl/svdde.hxx> #include <sot/formats.hxx> +#include <unotools/securityoptions.hxx> + #define DDELINK_ERROR_APP 1 #define DDELINK_ERROR_DATA 2 #define DDELINK_ERROR_LINK 3 @@ -244,15 +247,23 @@ sal_Bool SvDDEObject::Connect( SvBaseLink * pSvLink ) } #if defined(WNT) - - // Server not up, try once more to start it. - if( !bInWinExec ) + // check the suitability of starting the DDE server + const SvtSecurityOptions aSecOpts; + bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE); + bForbidden |= (comphelper::string::indexOfAny(sServer, L":./%\\") != -1); + static const char* aBadServers[] = { "cmd", "rundll32" }; + for (size_t i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i) + bForbidden |= sServer.equalsAscii(aBadServers[i]); + + // try to start the DDE server if it is not there already + bForbidden |= (bInWinExec != false); + if( !bForbidden ) { rtl::OStringBuffer aCmdLine(rtl::OUStringToOString(sServer, RTL_TEXTENCODING_ASCII_US)); aCmdLine.append(RTL_CONSTASCII_STRINGPARAM(".exe ")); aCmdLine.append(rtl::OUStringToOString(sTopic, RTL_TEXTENCODING_ASCII_US)); - if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) + if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) // TODO: use CreateProcess() instead nError = DDELINK_ERROR_APP; else { |