diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2013-11-08 17:25:45 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2013-11-08 17:34:44 +0100 |
commit | ea1a7ba72e1bd50a12faff1f8180a5a44745715d (patch) | |
tree | 2c59c7de5cce89a42338836d718581da0bd846a0 /sfx2/source | |
parent | 81eba5c49dae5ba9efcdc8632044dc853afbf7b6 (diff) |
Clean up IsSecureURL
...to not use WildCard (in case a trusted location URI already contains an
unescaped "*"), be specific about matching only past a final "/", and rename to
isSecureMacroUri for clarification.
The check with an INET_PROT_NOT_VALID default INetURLObject in
SfxApplication::OpenDocExec_Impl ("we have to check the referer before
executing") had efficiently been dead since its inception in
14237ac4bf497decdde8b742acea23780833ba12 "#90880#: security checks corrected,"
as INET_PROT_NOT_VALID is considered secure regardless of referer anyway.
Change-Id: I03bca5e6dac89bb2aac52909aff273ea640228d8
Diffstat (limited to 'sfx2/source')
-rw-r--r-- | sfx2/source/appl/appcfg.cxx | 6 | ||||
-rw-r--r-- | sfx2/source/appl/appopen.cxx | 27 |
2 files changed, 8 insertions, 25 deletions
diff --git a/sfx2/source/appl/appcfg.cxx b/sfx2/source/appl/appcfg.cxx index be93509b931c..18476481066a 100644 --- a/sfx2/source/appl/appcfg.cxx +++ b/sfx2/source/appl/appcfg.cxx @@ -494,12 +494,6 @@ sal_Bool SfxApplication::GetOptions( SfxItemSet& rSet ) return bRet; } -//-------------------------------------------------------------------- -sal_Bool SfxApplication::IsSecureURL( const INetURLObject& rURL, const OUString* pReferer ) const -{ - return SvtSecurityOptions().IsSecureURL( rURL.GetMainURL( INetURLObject::NO_DECODE ), *pReferer ); -} -//-------------------------------------------------------------------- // TODO/CLEANUP: Why two SetOptions Methods? void SfxApplication::SetOptions_Impl( const SfxItemSet& rSet ) { diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx index 111257331899..e37692935b5e 100644 --- a/sfx2/source/appl/appopen.cxx +++ b/sfx2/source/appl/appopen.cxx @@ -931,28 +931,17 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq ) if ( !bFound ) { sal_Bool bLoadInternal = sal_False; - - // security reservation: => we have to check the referer before executing - if (SFX_APP()->IsSecureURL(INetURLObject(), &aReferer)) + try { - try - { - sfx2::openUriExternally( - aURL.Complete, pFilter == 0); - } - catch ( ::com::sun::star::system::SystemShellExecuteException& ) - { - rReq.RemoveItem( SID_TARGETNAME ); - rReq.AppendItem( SfxStringItem( SID_TARGETNAME, OUString("_default") ) ); - bLoadInternal = sal_True; - } + sfx2::openUriExternally( + aURL.Complete, pFilter == 0); } - else + catch ( ::com::sun::star::system::SystemShellExecuteException& ) { - SfxErrorContext aCtx( ERRCTX_SFX_OPENDOC, aURL.Complete ); - ErrorHandler::HandleError( ERRCODE_IO_ACCESSDENIED ); + rReq.RemoveItem( SID_TARGETNAME ); + rReq.AppendItem( SfxStringItem( SID_TARGETNAME, OUString("_default") ) ); + bLoadInternal = sal_True; } - if ( !bLoadInternal ) return; } @@ -967,7 +956,7 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq ) } } - if ( !SFX_APP()->IsSecureURL( INetURLObject(aFileName), &aReferer ) ) + if (!SvtSecurityOptions().isSecureMacroUri(aFileName, aReferer)) { SfxErrorContext aCtx( ERRCTX_SFX_OPENDOC, aFileName ); ErrorHandler::HandleError( ERRCODE_IO_ACCESSDENIED ); |