summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <mstahl@redhat.com>2015-02-11 14:42:51 +0100
committerCaolán McNamara <caolanm@redhat.com>2015-02-11 21:01:46 +0000
commitcbcfc31b124921d225323370f51f8eb8552d329a (patch)
tree17464fa7808a7d4e217601db16461af4e0b90736
parent64fe9d34c6bae221309a037fc1ca399076a53de9 (diff)
tdf#87303: svtools: relax the security a bit for embedded objects
CVE-2014-3575 was about updating linked objects, there is no security issue with embedded objects so always allow updating the preview image for them. (regression from d005acae3aa315921f2c331612131626c470bd22) Change-Id: I6e4d013ddf4fbe08c5968c680bbe143dd0473a4b (cherry picked from commit 6aea0829f8650922f5422f2f2b2e432968d11b9b) Reviewed-on: https://gerrit.libreoffice.org/14424 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r--svtools/source/misc/embedhlp.cxx13
1 files changed, 10 insertions, 3 deletions
diff --git a/svtools/source/misc/embedhlp.cxx b/svtools/source/misc/embedhlp.cxx
index eb2aea48fd50..5785701f0e89 100644
--- a/svtools/source/misc/embedhlp.cxx
+++ b/svtools/source/misc/embedhlp.cxx
@@ -44,6 +44,7 @@
#include <com/sun/star/embed/NoVisualAreaSizeException.hpp>
#include <com/sun/star/embed/XEmbeddedObject.hpp>
#include <com/sun/star/embed/XStateChangeListener.hpp>
+#include <com/sun/star/embed/XLinkageSupport.hpp>
#include <com/sun/star/datatransfer/XTransferable.hpp>
#include <com/sun/star/chart2/XDefaultSizeTransmitter.hpp>
#include <cppuhelper/implbase4.hxx>
@@ -604,15 +605,21 @@ SvStream* EmbeddedObjectRef::GetGraphicStream( bool bUpdate ) const
if ( !xStream.is() )
{
SAL_INFO( "svtools.misc", "getting stream from object" );
- bool bUserAllowsLinkUpdate(true);
+ bool bUpdateAllowed(true);
const comphelper::EmbeddedObjectContainer* pContainer = GetContainer();
if(pContainer)
{
- bUserAllowsLinkUpdate = pContainer->getUserAllowsLinkUpdate();
+ uno::Reference<embed::XLinkageSupport> const xLinkage(
+ mpImpl->mxObj, uno::UNO_QUERY);
+ if (xLinkage.is() && xLinkage->isLink())
+ {
+ bUpdateAllowed = pContainer->getUserAllowsLinkUpdate();
+
+ }
}
- if(bUserAllowsLinkUpdate)
+ if (bUpdateAllowed)
{
// update wanted or no stream in container storage available
xStream = GetGraphicReplacementStream(mpImpl->nViewAspect, mpImpl->mxObj, &mpImpl->aMediaType);