diff options
| -rw-r--r-- | include/sfx2/linkmgr.hxx | 7 | ||||
| -rw-r--r-- | sfx2/source/appl/linkmgr2.cxx | 11 | ||||
| -rw-r--r-- | svx/source/svdraw/svdograf.cxx | 2 | ||||
| -rw-r--r-- | sw/source/core/docnode/swbaslnk.cxx | 9 |
4 files changed, 20 insertions, 9 deletions
diff --git a/include/sfx2/linkmgr.hxx b/include/sfx2/linkmgr.hxx index b1057aef5f1a..128dd47e4462 100644 --- a/include/sfx2/linkmgr.hxx +++ b/include/sfx2/linkmgr.hxx @@ -156,9 +156,10 @@ public: // if the mimetype says graphic/bitmap/gdimetafile then get the // graphic from the Any. Return says no errors - static bool GetGraphicFromAny( const OUString& rMimeType, - const css::uno::Any & rValue, - Graphic& rGrf ); + static bool GetGraphicFromAny(const OUString& rMimeType, + const css::uno::Any & rValue, + const OUString& rReferer, + Graphic& rGrf); private: LinkManager( const LinkManager& ) = delete; diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx index 64e89a927f12..b503e06f0cf6 100644 --- a/sfx2/source/appl/linkmgr2.cxx +++ b/sfx2/source/appl/linkmgr2.cxx @@ -40,6 +40,7 @@ #include <sfx2/request.hxx> #include <vcl/dibtools.hxx> #include <unotools/charclass.hxx> +#include <unotools/securityoptions.hxx> #include <vcl/GraphicLoader.hxx> #include "fileobj.hxx" @@ -497,9 +498,10 @@ SotClipboardFormatId LinkManager::RegisterStatusInfoId() return nFormat; } -bool LinkManager::GetGraphicFromAny( const OUString& rMimeType, - const css::uno::Any & rValue, - Graphic& rGraphic ) +bool LinkManager::GetGraphicFromAny(const OUString& rMimeType, + const css::uno::Any & rValue, + const OUString& rReferer, + Graphic& rGraphic ) { bool bRet = false; @@ -509,7 +511,8 @@ bool LinkManager::GetGraphicFromAny( const OUString& rMimeType, if (rValue.has<OUString>()) { OUString sURL = rValue.get<OUString>(); - rGraphic = vcl::graphic::loadFromURL(sURL); + if (!SvtSecurityOptions().isUntrustedReferer(rReferer)) + rGraphic = vcl::graphic::loadFromURL(sURL); if (!rGraphic) rGraphic.SetDefaultType(); rGraphic.setOriginURL(sURL); diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx index f4a68a78f22c..4a73f2bd8bb3 100644 --- a/svx/source/svdraw/svdograf.cxx +++ b/svx/source/svdraw/svdograf.cxx @@ -226,7 +226,7 @@ void SdrGraphicLink::RemoveGraphicUpdater() sfx2::LinkManager::GetDisplayNames( this, nullptr, &rGrafObj.aFileName, nullptr, &rGrafObj.aFilterName ); Graphic aGraphic; - if( sfx2::LinkManager::GetGraphicFromAny( rMimeType, rValue, aGraphic )) + if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, getReferer(), aGraphic)) { rGrafObj.ImpSetLinkedGraphic(aGraphic); } diff --git a/sw/source/core/docnode/swbaslnk.cxx b/sw/source/core/docnode/swbaslnk.cxx index 1c5af6aabbe1..5d38d9371efb 100644 --- a/sw/source/core/docnode/swbaslnk.cxx +++ b/sw/source/core/docnode/swbaslnk.cxx @@ -141,7 +141,14 @@ static void lcl_CallModify( SwGrfNode& rGrfNd, SfxPoolItem& rItem ) Graphic aGrf; - if( sfx2::LinkManager::GetGraphicFromAny( rMimeType, rValue, aGrf ) && + OUString sReferer; + SfxObjectShell * sh = pDoc->GetPersist(); + if (sh != nullptr && sh->HasName()) + { + sReferer = sh->GetMedium()->GetName(); + } + + if( sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, sReferer, aGrf) && ( GraphicType::Default != aGrf.GetType() || GraphicType::Default != rGrfObj.GetType() ) ) { |