tdf#87303: svtools: relax the security a bit for embedded objects

CVE-2014-3575 was about updating linked objects, there is no security
issue with embedded objects so always allow updating the preview image
for them.

(regression from d005acae3aa315921f2c331612131626c470bd22)

Change-Id: I6e4d013ddf4fbe08c5968c680bbe143dd0473a4b

1 files changed, 10 insertions, 3 deletions

diff --git a/svtools/source/misc/embedhlp.cxx b/svtools/source/misc/embedhlp.cxx
index eb2aea48fd50..5785701f0e89 100644
--- a/svtools/source/misc/embedhlp.cxx
+++ b/svtools/source/misc/embedhlp.cxx
@@ -44,6 +44,7 @@
 #include <com/sun/star/embed/NoVisualAreaSizeException.hpp>
 #include <com/sun/star/embed/XEmbeddedObject.hpp>
 #include <com/sun/star/embed/XStateChangeListener.hpp>
+#include <com/sun/star/embed/XLinkageSupport.hpp>
 #include <com/sun/star/datatransfer/XTransferable.hpp>
 #include <com/sun/star/chart2/XDefaultSizeTransmitter.hpp>
 #include <cppuhelper/implbase4.hxx>
@@ -604,15 +605,21 @@ SvStream* EmbeddedObjectRef::GetGraphicStream( bool bUpdate ) const
     if ( !xStream.is() )
     {
         SAL_INFO( "svtools.misc", "getting stream from object" );
-        bool bUserAllowsLinkUpdate(true);
+        bool bUpdateAllowed(true);
         const comphelper::EmbeddedObjectContainer* pContainer = GetContainer();
 
         if(pContainer)
         {
-            bUserAllowsLinkUpdate = pContainer->getUserAllowsLinkUpdate();
+            uno::Reference<embed::XLinkageSupport> const xLinkage(
+                    mpImpl->mxObj, uno::UNO_QUERY);
+            if (xLinkage.is() && xLinkage->isLink())
+            {
+                bUpdateAllowed = pContainer->getUserAllowsLinkUpdate();
+
+            }
         }
 
-        if(bUserAllowsLinkUpdate)
+        if (bUpdateAllowed)
         {
             // update wanted or no stream in container storage available
             xStream = GetGraphicReplacementStream(mpImpl->nViewAspect, mpImpl->mxObj, &mpImpl->aMediaType);