From a1140054b4031fe64e073bb4a5c443018c8532c2 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 14 Aug 2019 15:24:05 +0100
Subject: revert part of 'warn on load when a document binds an event to a
 macro'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

i.e.
commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
Author: Caolán McNamara <caolanm@redhat.com>
Date:   Wed Aug 7 17:37:11 2019 +0100

because then extensions that add a entry to menus results in menu
entries that cannot run in the start center where there is no document.

If allowed when there is no document, it would still result in the
odd behaviour that such menu entries would not work in a document which
contained macros or macro-calls if permission was denied to run them

Add a similar check instead to SfxEvents_Impl::Execute

Change-Id: I8084ab2dc66bb95e2562a3dba188c721d44a5676
Reviewed-on: https://gerrit.libreoffice.org/77465
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
---
 scripting/source/protocolhandler/scripthandler.cxx | 56 +++++++++++++---------
 1 file changed, 33 insertions(+), 23 deletions(-)

(limited to 'scripting/source')

diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx
index 965827bbde6e..1fbf0c8bbc46 100644
--- a/scripting/source/protocolhandler/scripthandler.cxx
+++ b/scripting/source/protocolhandler/scripthandler.cxx
@@ -122,7 +122,6 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
     const URL& aURL, const Sequence < PropertyValue >& lArgs,
     const Reference< XDispatchResultListener >& xListener )
 {
-
     bool bSuccess = false;
     Any invokeResult;
     bool bCaughtException = false;
@@ -132,32 +131,42 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
     {
         try
         {
-            // obtain the component for our security check
-            Reference< XEmbeddedScripts > xDocumentScripts;
-            if ( getScriptInvocation() )
-                xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
-
-            OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
-            if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() )
+            css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+                css::uri::UriReferenceFactory::create(m_xContext));
+            css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+                urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW);
+            auto const loc = uri->getParameter("location");
+            bool bIsDocumentScript = loc == "document";
+
+            if ( bIsDocumentScript )
             {
-                if ( xListener.is() )
+                // obtain the component for our security check
+                Reference< XEmbeddedScripts > xDocumentScripts;
+                if ( getScriptInvocation() )
+                    xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
+
+                OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
+                if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() )
                 {
-                    css::frame::DispatchResultEvent aEvent(
-                            static_cast< ::cppu::OWeakObject* >( this ),
-                            css::frame::DispatchResultState::FAILURE,
-                            invokeResult );
-                    try
-                    {
-                        xListener->dispatchFinished( aEvent ) ;
-                    }
-                    catch(const RuntimeException &)
+                    if ( xListener.is() )
                     {
-                        TOOLS_WARN_EXCEPTION("scripting",
-                            "ScriptProtocolHandler::dispatchWithNotification: caught RuntimeException"
-                            "while dispatchFinished with failure of the execution");
+                        css::frame::DispatchResultEvent aEvent(
+                                static_cast< ::cppu::OWeakObject* >( this ),
+                                css::frame::DispatchResultState::FAILURE,
+                                invokeResult );
+                        try
+                        {
+                            xListener->dispatchFinished( aEvent ) ;
+                        }
+                        catch(const RuntimeException &)
+                        {
+                            TOOLS_WARN_EXCEPTION("scripting",
+                                "ScriptProtocolHandler::dispatchWithNotification: caught RuntimeException"
+                                "while dispatchFinished with failure of the execution");
+                        }
                     }
+                    return;
                 }
-                return;
             }
 
             // Creates a ScriptProvider ( if one is not created already )
@@ -194,7 +203,8 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
 
             // attempt to protect the document against the script tampering with its Undo Context
             std::unique_ptr< ::framework::DocumentUndoGuard > pUndoGuard;
-            pUndoGuard.reset( new ::framework::DocumentUndoGuard( m_xScriptInvocation ) );
+            if ( bIsDocumentScript )
+                pUndoGuard.reset( new ::framework::DocumentUndoGuard( m_xScriptInvocation ) );
 
             bSuccess = false;
             while ( !bSuccess )
-- 
cgit v1.2.3