rhbz#887420 Implement "block untrusted referer links" feature

For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and SvxBrushItem::GetGraphicObject. Checking in additional places will probably be necessary to block /all/ unwanted communication. Also, some places marked /*TODO?*/ currently pass in an empty referer (which is always considered trusted) and will probably need to be adapted. Ideally, Referer URIs would never be empty (and consistently use something like <private:user> for cases where access is explicitly initiated by the user and should never be blocked), but that's a very daunting task, so start small by identifying the places that potentially need blocking and adding appropriate Referer URIs there. Also, Referer information should always be computed as freshly as possible from the context in which an access attempt is made, but, again, always carrying the information from the context all the way to the relevant functions is a very daunting task, so for now store the information upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...). The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already used to track macro execution, and there is one place in SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked by the user) is done that needs the current document's URI as Referer to check execution of macro URIs but needs an empty (or <private:user>, see above) Referer to not block non-macro URIs. Special code has been added there to handle that. Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9
author: Stephan Bergmann <sbergman@redhat.com> 2013-11-14 10:39:27 +0100
committer: Stephan Bergmann <sbergman@redhat.com> 2013-11-14 11:13:25 +0100
commit: f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch)
tree: 5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 /svx/source/unodraw
parent: 96aca98168cba4b9055f2e2a16bb1a8f6f6e57ce (diff)
4 files changed, 28 insertions, 12 deletions
diff --git a/svx/source/unodraw/unoctabl.cxx b/svx/source/unodraw/unoctabl.cxx
index e059060b3d11..37c34c5e554e 100644
--- a/svx/source/unodraw/unoctabl.cxx
+++ b/svx/source/unodraw/unoctabl.cxx
@@ -77,7 +77,7 @@ public:
 
 SvxUnoColorTable::SvxUnoColorTable() throw()
 {
-    pList = XPropertyList::CreatePropertyList( XCOLOR_LIST, SvtPathOptions().GetPalettePath() )->AsColorList();
+    pList = XPropertyList::CreatePropertyList( XCOLOR_LIST, SvtPathOptions().GetPalettePath(), "" )->AsColorList();
 }
 
 SvxUnoColorTable::~SvxUnoColorTable() throw()
diff --git a/svx/source/unodraw/unomod.cxx b/svx/source/unodraw/unomod.cxx
index 0c9eddea63c9..782f3d0309aa 100644
--- a/svx/source/unodraw/unomod.cxx
+++ b/svx/source/unodraw/unomod.cxx
@@ -168,8 +168,10 @@ sal_Bool SvxUnoDrawMSFactory::createEvent( const SdrModel* pDoc, const SdrHint*
     return sal_True;
 }
 
-uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( const OUString& rServiceSpecifier )
-    throw( uno::Exception, uno::RuntimeException )
+namespace {
+
+css::uno::Reference<css::uno::XInterface> create(
+    OUString const & rServiceSpecifier, OUString const & referer)
 {
     if( rServiceSpecifier.startsWith("com.sun.star.drawing.") )
     {
@@ -179,7 +181,7 @@ uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance(
             sal_uInt16 nT = (sal_uInt16)(nType & ~E3D_INVENTOR_FLAG);
             sal_uInt32 nI = (nType & E3D_INVENTOR_FLAG)?E3dInventor:SdrInventor;
 
-            return uno::Reference< uno::XInterface >( (drawing::XShape*) SvxDrawPage::CreateShapeByTypeAndInventor( nT, nI ) );
+            return uno::Reference< uno::XInterface >( (drawing::XShape*) SvxDrawPage::CreateShapeByTypeAndInventor( nT, nI, 0, 0, referer ) );
         }
     }
     else if ( rServiceSpecifier == "com.sun.star.document.ImportGraphicObjectResolver" )
@@ -190,21 +192,35 @@ uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance(
         return xRet;
     }
 
-    uno::Reference< uno::XInterface > xRet( createTextField( rServiceSpecifier ) );
+    uno::Reference< uno::XInterface > xRet( SvxUnoDrawMSFactory::createTextField( rServiceSpecifier ) );
     if( !xRet.is() )
         throw lang::ServiceNotRegisteredException();
 
     return xRet;
 }
 
+}
+
+uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstance( const OUString& rServiceSpecifier )
+    throw( uno::Exception, uno::RuntimeException )
+{
+    return create(rServiceSpecifier, "");
+}
+
 uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createTextField( const OUString& ServiceSpecifier ) throw(::com::sun::star::uno::Exception, ::com::sun::star::uno::RuntimeException)
 {
     return SvxUnoTextCreateTextField( ServiceSpecifier );
 }
 
-uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstanceWithArguments( const OUString&, const uno::Sequence< ::com::sun::star::uno::Any >& )
+uno::Reference< uno::XInterface > SAL_CALL SvxUnoDrawMSFactory::createInstanceWithArguments( const OUString& ServiceSpecifier, const uno::Sequence< ::com::sun::star::uno::Any >& Arguments )
     throw( uno::Exception, uno::RuntimeException )
 {
+    OUString arg;
+    if (ServiceSpecifier == "com.sun.star.drawing.GraphicObjectShape"
+        && Arguments.getLength() == 1 && (Arguments[0] >>= arg))
+    {
+        return create(ServiceSpecifier, arg);
+    }
     throw lang::NoSupportException();
 }
 
diff --git a/svx/source/unodraw/unopage.cxx b/svx/source/unodraw/unopage.cxx
index ee6ba75547ea..acf0ce864dd7 100644
--- a/svx/source/unodraw/unopage.cxx
+++ b/svx/source/unodraw/unopage.cxx
@@ -565,7 +565,7 @@ void SvxDrawPage::GetTypeAndInventor( sal_uInt16& rType, sal_uInt32& rInventor,
     }
 }
 
-SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj, SvxDrawPage *mpPage ) throw()
+SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj, SvxDrawPage *mpPage, OUString const & referer ) throw()
 {
     SvxShape* pRet = NULL;
     switch( nInventor )
@@ -647,7 +647,7 @@ SvxShape* SvxDrawPage::CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt3
                     pRet = new SvxShapeText( pObj );
                     break;
                 case OBJ_GRAF:
-                    pRet = new SvxGraphicObject( pObj );
+                    pRet = new SvxGraphicObject( pObj, referer );
                     break;
                 case OBJ_FRAME:
                     pRet = new SvxFrameShape( pObj );
diff --git a/svx/source/unodraw/unoshap2.cxx b/svx/source/unodraw/unoshap2.cxx
index 62b842d3946f..cc6ee03089b7 100644
--- a/svx/source/unodraw/unoshap2.cxx
+++ b/svx/source/unodraw/unoshap2.cxx
@@ -1443,8 +1443,8 @@ uno::Sequence< OUString > SAL_CALL SvxShapePolyPolygonBezier::getSupportedServic
 #include <toolkit/helper/vclunohelper.hxx>
 
 //----------------------------------------------------------------------
-SvxGraphicObject::SvxGraphicObject( SdrObject* pObj ) throw()
-:   SvxShapeText( pObj, getSvxMapProvider().GetMap(SVXMAP_GRAPHICOBJECT), getSvxMapProvider().GetPropertySet(SVXMAP_GRAPHICOBJECT, SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxGraphicObject::SvxGraphicObject( SdrObject* pObj, OUString const & referer ) throw()
+:   SvxShapeText( pObj, getSvxMapProvider().GetMap(SVXMAP_GRAPHICOBJECT), getSvxMapProvider().GetPropertySet(SVXMAP_GRAPHICOBJECT, SdrObject::GetGlobalDrawObjectItemPool()) ), referer_(referer)
 {
 }
 
@@ -1529,7 +1529,7 @@ bool SvxGraphicObject::setPropertyValueImpl( const OUString& rName, const SfxIte
                 // normal link
                 OUString            aFilterName;
                 const SfxFilter*    pSfxFilter = NULL;
-                SfxMedium           aSfxMedium( aURL, STREAM_READ | STREAM_SHARE_DENYNONE );
+                SfxMedium           aSfxMedium( aURL, referer_, STREAM_READ | STREAM_SHARE_DENYNONE );
 
                 SFX_APP()->GetFilterMatcher().GuessFilter( aSfxMedium, &pSfxFilter, SFX_FILTER_IMPORT, SFX_FILTER_NOTINSTALLED | SFX_FILTER_EXECUTABLE );
 
@@ -1558,7 +1558,7 @@ bool SvxGraphicObject::setPropertyValueImpl( const OUString& rName, const SfxIte
                 //          it is possible that our shape is removed while where in this
                 //          method.
                 if( mpObj.is() )
-                    static_cast<SdrGrafObj*>(mpObj.get())->SetGraphicLink( aURL, aFilterName );
+                    static_cast<SdrGrafObj*>(mpObj.get())->SetGraphicLink( aURL, referer_, aFilterName );
 
             }
             bOk = true;
author	Stephan Bergmann <sbergman@redhat.com>	2013-11-14 10:39:27 +0100
committer	Stephan Bergmann <sbergman@redhat.com>	2013-11-14 11:13:25 +0100
commit	f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch)
tree	5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 /svx/source/unodraw
parent	96aca98168cba4b9055f2e2a16bb1a8f6f6e57ce (diff)