diff options
Diffstat (limited to 'embeddedobj/source/commonembedding/persistence.cxx')
| -rw-r--r-- | embeddedobj/source/commonembedding/persistence.cxx | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/embeddedobj/source/commonembedding/persistence.cxx b/embeddedobj/source/commonembedding/persistence.cxx index 8922c4917760..e568b1232a71 100644 --- a/embeddedobj/source/commonembedding/persistence.cxx +++ b/embeddedobj/source/commonembedding/persistence.cxx @@ -54,10 +54,11 @@ #include <comphelper/storagehelper.hxx> #include <comphelper/mimeconfighelper.hxx> #include <comphelper/namedvaluecollection.hxx> +#include <unotools/configmgr.hxx> +#include <unotools/securityoptions.hxx> #include <tools/diagnose_ex.h> #include <sal/log.hxx> -#include <unotools/configmgr.hxx> #include "persistence.hxx" using namespace ::com::sun::star; @@ -78,7 +79,7 @@ uno::Sequence< beans::PropertyValue > GetValuableArgs_Impl( const uno::Sequence< || aMedDescr[nInd].Name == "StartPresentation" || aMedDescr[nInd].Name == "RepairPackage" || aMedDescr[nInd].Name == "StatusIndicator" || aMedDescr[nInd].Name == "ViewData" || aMedDescr[nInd].Name == "ViewId" || aMedDescr[nInd].Name == "MacroExecutionMode" - || aMedDescr[nInd].Name == "UpdateDocMode" + || aMedDescr[nInd].Name == "UpdateDocMode" || aMedDescr[nInd].Name == "Referer" || (aMedDescr[nInd].Name == "DocumentBaseURL" && bCanUseDocumentBaseURL) ) { aResult.realloc( ++nResLen ); @@ -362,14 +363,8 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::InitNewDocument_Impl() return xDocument; } - uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl() { - uno::Reference< util::XCloseable > xDocument( CreateDocument( m_xContext, GetDocumentServiceName(), - m_bEmbeddedScriptSupport, m_bDocumentRecoverySupport ) ); - - uno::Reference< frame::XLoadable > xLoadable( xDocument, uno::UNO_QUERY_THROW ); - sal_Int32 nLen = 2; uno::Sequence< beans::PropertyValue > aArgs( nLen ); @@ -392,10 +387,22 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl() aArgs.realloc( m_aDocMediaDescriptor.getLength() + nLen ); for ( sal_Int32 nInd = 0; nInd < m_aDocMediaDescriptor.getLength(); nInd++ ) { + // return early if this document is not trusted to open links + if (m_aDocMediaDescriptor[nInd].Name == "Referer") + { + OUString referer; + m_aDocMediaDescriptor[nInd].Value >>= referer; + if (SvtSecurityOptions().isUntrustedReferer(referer)) + return nullptr; + } aArgs[nInd+nLen].Name = m_aDocMediaDescriptor[nInd].Name; aArgs[nInd+nLen].Value = m_aDocMediaDescriptor[nInd].Value; } + uno::Reference< util::XCloseable > xDocument( CreateDocument( m_xContext, GetDocumentServiceName(), + m_bEmbeddedScriptSupport, m_bDocumentRecoverySupport ) ); + uno::Reference< frame::XLoadable > xLoadable( xDocument, uno::UNO_QUERY_THROW ); + try { // the document is not really an embedded one, it is a link @@ -437,7 +444,6 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl() } - OUString OCommonEmbeddedObject::GetFilterName( sal_Int32 nVersion ) const { OUString aFilterName = GetPresetFilterName(); |