You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by da...@apache.org on 2018/10/04 17:49:10 UTC
svn commit: r1842836 -
/openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx
Author: damjan
Date: Thu Oct 4 17:49:09 2018
New Revision: 1842836
URL: http://svn.apache.org/viewvc?rev=1842836&view=rev
Log:
Set up our own libxslt security context in xmlhelp, as per #117643.
Patch by: me
Modified:
openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx
Modified: openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx?rev=1842836&r1=1842835&r2=1842836&view=diff
==============================================================================
--- openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx (original)
+++ openoffice/trunk/main/xmlhelp/source/cxxhelp/provider/urlparameter.cxx Thu Oct 4 17:49:09 2018
@@ -45,6 +45,7 @@
#include <libxslt/xslt.h>
#include <libxslt/transform.h>
#include <libxslt/xsltutils.h>
+#include <libxslt/security.h>
#include "db.hxx"
#include <com/sun/star/io/XActiveDataSink.hpp>
#include <com/sun/star/io/XInputStream.hpp>
@@ -1060,14 +1061,29 @@ InputStreamTransformer::InputStreamTrans
xmlDocPtr doc = xmlParseFile("vnd.sun.star.zip:/");
- xmlDocPtr res = xsltApplyStylesheet(cur, doc, parameter);
- if (res)
- {
- xmlChar *doc_txt_ptr=0;
- int doc_txt_len;
- xsltSaveResultToString(&doc_txt_ptr, &doc_txt_len, res, cur);
- addToBuffer((const char*)doc_txt_ptr, doc_txt_len);
- xmlFree(doc_txt_ptr);
+ xmlDocPtr res = NULL;
+ xsltTransformContextPtr transformContext = xsltNewTransformContext(cur, doc);
+ if (transformContext)
+ {
+ xsltSecurityPrefsPtr securityPrefs = xsltNewSecurityPrefs();
+ if (securityPrefs)
+ {
+ xsltSetSecurityPrefs(securityPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityAllow);
+ if (xsltSetCtxtSecurityPrefs(securityPrefs, transformContext) == 0)
+ {
+ res = xsltApplyStylesheetUser(cur, doc, parameter, NULL, NULL, transformContext);
+ if (res)
+ {
+ xmlChar *doc_txt_ptr=0;
+ int doc_txt_len;
+ xsltSaveResultToString(&doc_txt_ptr, &doc_txt_len, res, cur);
+ addToBuffer((const char*)doc_txt_ptr, doc_txt_len);
+ xmlFree(doc_txt_ptr);
+ }
+ }
+ xsltFreeSecurityPrefs(securityPrefs);
+ }
+ xsltFreeTransformContext(transformContext);
}
xmlPopInputCallbacks(); //filePatch
xmlPopInputCallbacks(); //helpPatch