diff options
| author | Carsten Driesner <cd@openoffice.org> | 2001-06-25 15:27:41 +0000 |
|---|---|---|
| committer | Carsten Driesner <cd@openoffice.org> | 2001-06-25 15:27:41 +0000 |
| commit | aab073ee3c0f00d10e646816d5c5397be3f1a8f1 (patch) | |
| tree | 7fdc80feb9c93f73ec50d4be4b8387ad83e51b31 /sfx2 | |
| parent | c40b75b1a22b13db31d215b66f56256a7be31313 (diff) | |
#88295# security problem fixed
Diffstat (limited to 'sfx2')
| -rw-r--r-- | sfx2/source/appl/appopen.cxx | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx index c764ce520919..b63d89657001 100644 --- a/sfx2/source/appl/appopen.cxx +++ b/sfx2/source/appl/appopen.cxx @@ -2,9 +2,9 @@ * * $RCSfile: appopen.cxx,v $ * - * $Revision: 1.22 $ + * $Revision: 1.23 $ * - * last change: $Author: cd $ $Date: 2001-06-13 06:50:09 $ + * last change: $Author: cd $ $Date: 2001-06-25 16:27:41 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -1154,22 +1154,38 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq ) } else if ( aINetProtocol == INET_PROT_FILE ) { - ::rtl::OUString aSysPathFileName; - ::osl::FileBase::RC nError = ::osl::FileBase::getSystemPathFromFileURL( aURL.Complete, aSysPathFileName ); - if ( nError == ::osl::FileBase::E_None ) + String aReferer; + SfxApplication* pApp = SFX_APP(); + + SFX_REQUEST_ARG( rReq, pRefererItem, SfxStringItem, SID_REFERER, FALSE ); + if ( pRefererItem ) + aReferer = pRefererItem->GetValue(); + + // security => we have to check the url before executing! + if ( pApp->IsSecureURL( aObj, &aReferer ) ) { - try - { - // give os this file - xSystemShellExecute->execute( aSysPathFileName, ::rtl::OUString(), SystemShellExecuteFlags::DEFAULTS ); - } - catch ( ::com::sun::star::lang::IllegalArgumentException& ) - { - } - catch ( ::com::sun::star::system::SystemShellExecuteException& ) + ::rtl::OUString aSysPathFileName; + ::osl::FileBase::RC nError = ::osl::FileBase::getSystemPathFromFileURL( aURL.Complete, aSysPathFileName ); + if ( nError == ::osl::FileBase::E_None ) { + try + { + // give os this file + xSystemShellExecute->execute( aSysPathFileName, ::rtl::OUString(), SystemShellExecuteFlags::DEFAULTS ); + } + catch ( ::com::sun::star::lang::IllegalArgumentException& ) + { + } + catch ( ::com::sun::star::system::SystemShellExecuteException& ) + { + } } } + else + { + SfxErrorContext aCtx( ERRCTX_SFX_OPENDOC, aURL.Complete ); + ErrorHandler::HandleError( ERRCODE_IO_ACCESSDENIED ); + } return; } |