diff options
author | Michael Stahl <mstahl@redhat.com> | 2015-02-11 14:42:51 +0100 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2015-02-11 21:01:46 +0000 |
commit | cbcfc31b124921d225323370f51f8eb8552d329a (patch) | |
tree | 17464fa7808a7d4e217601db16461af4e0b90736 | |
parent | 64fe9d34c6bae221309a037fc1ca399076a53de9 (diff) |
tdf#87303: svtools: relax the security a bit for embedded objects
CVE-2014-3575 was about updating linked objects, there is no security
issue with embedded objects so always allow updating the preview image
for them.
(regression from d005acae3aa315921f2c331612131626c470bd22)
Change-Id: I6e4d013ddf4fbe08c5968c680bbe143dd0473a4b
(cherry picked from commit 6aea0829f8650922f5422f2f2b2e432968d11b9b)
Reviewed-on: https://gerrit.libreoffice.org/14424
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | svtools/source/misc/embedhlp.cxx | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/svtools/source/misc/embedhlp.cxx b/svtools/source/misc/embedhlp.cxx index eb2aea48fd50..5785701f0e89 100644 --- a/svtools/source/misc/embedhlp.cxx +++ b/svtools/source/misc/embedhlp.cxx @@ -44,6 +44,7 @@ #include <com/sun/star/embed/NoVisualAreaSizeException.hpp> #include <com/sun/star/embed/XEmbeddedObject.hpp> #include <com/sun/star/embed/XStateChangeListener.hpp> +#include <com/sun/star/embed/XLinkageSupport.hpp> #include <com/sun/star/datatransfer/XTransferable.hpp> #include <com/sun/star/chart2/XDefaultSizeTransmitter.hpp> #include <cppuhelper/implbase4.hxx> @@ -604,15 +605,21 @@ SvStream* EmbeddedObjectRef::GetGraphicStream( bool bUpdate ) const if ( !xStream.is() ) { SAL_INFO( "svtools.misc", "getting stream from object" ); - bool bUserAllowsLinkUpdate(true); + bool bUpdateAllowed(true); const comphelper::EmbeddedObjectContainer* pContainer = GetContainer(); if(pContainer) { - bUserAllowsLinkUpdate = pContainer->getUserAllowsLinkUpdate(); + uno::Reference<embed::XLinkageSupport> const xLinkage( + mpImpl->mxObj, uno::UNO_QUERY); + if (xLinkage.is() && xLinkage->isLink()) + { + bUpdateAllowed = pContainer->getUserAllowsLinkUpdate(); + + } } - if(bUserAllowsLinkUpdate) + if (bUpdateAllowed) { // update wanted or no stream in container storage available xStream = GetGraphicReplacementStream(mpImpl->nViewAspect, mpImpl->mxObj, &mpImpl->aMediaType); |