diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2013-11-11 17:44:57 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2013-11-14 11:13:23 +0100 |
| commit | 18be6f161de20f3b0e05d0dd494242eda16ee5c4 (patch) | |
| tree | 392721c5af7da358dec1875c340c9654a30f337d /unotools/source | |
| parent | 7d989aef3d073e67a4bdbb16f71c8cc38c0c60b0 (diff) | |
Add "block untrusted referer links" switch
Change-Id: Id2f2a3dafc3bb7ec6fada6bfda5843348dfac5a1
Diffstat (limited to 'unotools/source')
| -rw-r--r-- | unotools/source/config/securityoptions.cxx | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/unotools/source/config/securityoptions.cxx b/unotools/source/config/securityoptions.cxx index 0be832731378..20df661470b4 100644 --- a/unotools/source/config/securityoptions.cxx +++ b/unotools/source/config/securityoptions.cxx @@ -58,6 +58,7 @@ using namespace ::com::sun::star::uno ; #define PROPERTYNAME_DOCWARN_REMOVEPERSONALINFO "RemovePersonalInfoOnSaving" #define PROPERTYNAME_DOCWARN_RECOMMENDPASSWORD "RecommendPasswordProtection" #define PROPERTYNAME_CTRLCLICK_HYPERLINK "HyperlinksWithCtrlClick" +#define PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS "BlockUntrustedRefererLinks" #define PROPERTYNAME_MACRO_SECLEVEL "MacroSecurityLevel" #define PROPERTYNAME_MACRO_TRUSTEDAUTHORS "TrustedAuthors" #define PROPERTYNAME_MACRO_DISABLE "DisableMacrosExecution" @@ -89,11 +90,12 @@ using namespace ::com::sun::star::uno ; #define PROPERTYHANDLE_DOCWARN_REMOVEPERSONALINFO 9 #define PROPERTYHANDLE_DOCWARN_RECOMMENDPASSWORD 10 #define PROPERTYHANDLE_CTRLCLICK_HYPERLINK 11 -#define PROPERTYHANDLE_MACRO_SECLEVEL 12 -#define PROPERTYHANDLE_MACRO_TRUSTEDAUTHORS 13 -#define PROPERTYHANDLE_MACRO_DISABLE 14 +#define PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS 12 +#define PROPERTYHANDLE_MACRO_SECLEVEL 13 +#define PROPERTYHANDLE_MACRO_TRUSTEDAUTHORS 14 +#define PROPERTYHANDLE_MACRO_DISABLE 15 -#define PROPERTYCOUNT 15 +#define PROPERTYCOUNT 16 #define PROPERTYHANDLE_INVALID -1 #define CFG_READONLY_DEFAULT sal_False @@ -200,6 +202,7 @@ class SvtSecurityOptions_Impl : public ConfigItem sal_Bool m_bRemoveInfo; sal_Bool m_bRecommendPwd; sal_Bool m_bCtrlClickHyperlink; + sal_Bool m_bBlockUntrustedRefererLinks; sal_Int32 m_nSecLevel; Sequence< SvtSecurityOptions::Certificate > m_seqTrustedAuthors; sal_Bool m_bDisableMacros; @@ -212,6 +215,7 @@ class SvtSecurityOptions_Impl : public ConfigItem sal_Bool m_bRORemoveInfo; sal_Bool m_bRORecommendPwd; sal_Bool m_bROCtrlClickHyperlink; + sal_Bool m_bROBlockUntrustedRefererLinks; sal_Bool m_bROSecLevel; sal_Bool m_bROTrustedAuthors; sal_Bool m_bRODisableMacros; @@ -370,6 +374,13 @@ void SvtSecurityOptions_Impl::SetProperty( sal_Int32 nProperty, const Any& rValu } break; + case PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS: + { + rValue >>= m_bBlockUntrustedRefererLinks; + m_bROBlockUntrustedRefererLinks = bRO; + } + break; + case PROPERTYHANDLE_MACRO_SECLEVEL: { rValue >>= m_nSecLevel; @@ -499,6 +510,8 @@ sal_Int32 SvtSecurityOptions_Impl::GetHandle( const OUString& rName ) nHandle = PROPERTYHANDLE_DOCWARN_RECOMMENDPASSWORD; else if( rName == PROPERTYNAME_CTRLCLICK_HYPERLINK ) nHandle = PROPERTYHANDLE_CTRLCLICK_HYPERLINK; + else if( rName == PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS ) + nHandle = PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS; else if( rName == PROPERTYNAME_MACRO_SECLEVEL ) nHandle = PROPERTYHANDLE_MACRO_SECLEVEL; else if( rName == PROPERTYNAME_MACRO_TRUSTEDAUTHORS ) @@ -555,6 +568,10 @@ bool SvtSecurityOptions_Impl::GetOption( SvtSecurityOptions::EOption eOption, sa rpValue = &m_bCtrlClickHyperlink; rpRO = &m_bROCtrlClickHyperlink; break; + case SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS: + rpValue = &m_bBlockUntrustedRefererLinks; + rpRO = &m_bROBlockUntrustedRefererLinks; + break; default: rpValue = NULL; rpRO = NULL; @@ -669,6 +686,14 @@ void SvtSecurityOptions_Impl::Commit() } break; + case PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS: + { + bDone = !m_bROBlockUntrustedRefererLinks; + if( bDone ) + lValues[ nRealCount ] <<= m_bBlockUntrustedRefererLinks; + } + break; + case PROPERTYHANDLE_MACRO_SECLEVEL: { bDone = !m_bROSecLevel; @@ -805,7 +830,9 @@ sal_Bool SvtSecurityOptions_Impl::IsReadOnly( SvtSecurityOptions::EOption eOptio case SvtSecurityOptions::E_CTRLCLICK_HYPERLINK: bReadonly = m_bROCtrlClickHyperlink; break; - + case SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS: + bReadonly = m_bROBlockUntrustedRefererLinks; + break; // xmlsec05 deprecated case SvtSecurityOptions::E_BASICMODE: @@ -948,6 +975,7 @@ Sequence< OUString > SvtSecurityOptions_Impl::GetPropertyNames() OUString(PROPERTYNAME_DOCWARN_REMOVEPERSONALINFO), OUString(PROPERTYNAME_DOCWARN_RECOMMENDPASSWORD), OUString(PROPERTYNAME_CTRLCLICK_HYPERLINK), + OUString(PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS), OUString(PROPERTYNAME_MACRO_SECLEVEL), OUString(PROPERTYNAME_MACRO_TRUSTEDAUTHORS), OUString(PROPERTYNAME_MACRO_DISABLE) @@ -1033,6 +1061,13 @@ bool SvtSecurityOptions::isSecureMacroUri( } } +bool SvtSecurityOptions::isUntrustedReferer(OUString const & referer) const { + MutexGuard g(GetInitMutex()); + return m_pDataContainer->IsOptionSet(E_BLOCKUNTRUSTEDREFERERLINKS) + && !(referer.isEmpty() || referer.startsWithIgnoreAsciiCase("private:") + || isTrustedLocationUri(referer)); +} + bool SvtSecurityOptions::isTrustedLocationUri(OUString const & uri) const { MutexGuard g(GetInitMutex()); for (sal_Int32 i = 0; i != m_pDataContainer->m_seqSecureURLs.getLength(); |