You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2023/02/07 20:39:04 UTC
[openoffice] branch AOO41X updated (d1836b6227 -> 419755b056)
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a change to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
from d1836b6227 In ODF (19.679.2 of ODF 1.3), the <table:covered-table-cell> element's table:number-columns-repeated attribute has a default value of 1, meaning the cell spans the cell to its right. However when the XSLT import filter converts from SpreadsheetML's ss:MergeAcross to ODF's table:number-columns-repeated, it always inserts a <table:covered-table-cell> element, and then adds the table:number-columns-repeated attribute only if it is greater than 1. This breaks when ss:Merge [...]
new 4fdfc99e27 Trust the "Referer" parameter
new 5e03f7d339 Scripts check their "Referer". Menu choices always set a trusted "Referer".
new e2d7a903ee Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
new 419755b056 Add a "Referer" to toolbars
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
main/filter/source/msfilter/msvbahelper.cxx | 2 +-
.../source/uielement/generictoolbarcontroller.cxx | 5 +-
main/framework/source/uielement/menubarmanager.cxx | 10 +-
.../source/protocolhandler/scripthandler.cxx | 39 +++----
main/scripting/source/vbaevents/eventhelper.cxx | 2 +-
main/sfx2/inc/sfx2/appuno.hxx | 13 ++-
main/sfx2/inc/sfx2/objsh.hxx | 23 +++++
main/sfx2/source/appl/appserv.cxx | 3 +-
main/sfx2/source/appl/appuno.cxx | 112 ++++++++++++---------
main/sfx2/source/doc/objmisc.cxx | 13 ++-
main/sfx2/source/notify/eventsupplier.cxx | 5 +-
11 files changed, 145 insertions(+), 82 deletions(-)
[openoffice] 04/04: Add a "Referer" to toolbars
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 419755b05637afdce1d57affda07e0f98a50de2d
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Feb 4 07:38:44 2023 +0100
Add a "Referer" to toolbars
---
main/framework/source/uielement/generictoolbarcontroller.cxx | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/main/framework/source/uielement/generictoolbarcontroller.cxx b/main/framework/source/uielement/generictoolbarcontroller.cxx
index 63e5959b67..10f236b0fd 100644
--- a/main/framework/source/uielement/generictoolbarcontroller.cxx
+++ b/main/framework/source/uielement/generictoolbarcontroller.cxx
@@ -186,11 +186,14 @@ throw ( RuntimeException )
if ( xDispatch.is() && xURLTransformer.is() )
{
com::sun::star::util::URL aTargetURL;
- Sequence<PropertyValue> aArgs( 1 );
+ Sequence<PropertyValue> aArgs( 2 );
// Add key modifier to argument list
aArgs[0].Name = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "KeyModifier" ));
aArgs[0].Value <<= KeyModifier;
+ // Add "Referer" to identify the source of this request
+ aArgs[1].Name = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
+ aArgs[1].Value <<= rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "private:user" ));
aTargetURL.Complete = aCommandURL;
xURLTransformer->parseStrict( aTargetURL );
[openoffice] 03/04: Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit e2d7a903ee836415727f689e4285ec664ec3653c
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 20:48:26 2023 +0100
Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
(cherry picked and adapted from commit 9112548547be8d3a47281bcef5925a60e1435527)
---
main/filter/source/msfilter/msvbahelper.cxx | 2 +-
main/scripting/source/vbaevents/eventhelper.cxx | 2 +-
main/sfx2/inc/sfx2/objsh.hxx | 23 +++++++++++++++++++++++
main/sfx2/source/appl/appserv.cxx | 3 ++-
main/sfx2/source/doc/objmisc.cxx | 13 ++++++++-----
5 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/main/filter/source/msfilter/msvbahelper.cxx b/main/filter/source/msfilter/msvbahelper.cxx
index e4380dea71..b0b9428f5b 100644
--- a/main/filter/source/msfilter/msvbahelper.cxx
+++ b/main/filter/source/msfilter/msvbahelper.cxx
@@ -439,7 +439,7 @@ sal_Bool executeMacro( SfxObjectShell* pShell, const String& sMacroName, uno::Se
if ( pShell )
{
nErr = pShell->CallXScript( sUrl,
- aArgs, aRet, aOutArgsIndex, aOutArgs, false );
+ aArgs, aRet, aOutArgsIndex, aOutArgs, ::rtl::OUString(), false );
sal_Int32 nLen = aOutArgs.getLength();
// convert any out params to seem like they were inouts
if ( nLen )
diff --git a/main/scripting/source/vbaevents/eventhelper.cxx b/main/scripting/source/vbaevents/eventhelper.cxx
index eaeab738ec..2d6bd2f479 100644
--- a/main/scripting/source/vbaevents/eventhelper.cxx
+++ b/main/scripting/source/vbaevents/eventhelper.cxx
@@ -975,7 +975,7 @@ EventListener::firing_Impl(const ScriptEvent& evt, Any* /*pRet*/ ) throw(Runtime
{
uno::Any aRet;
mpShell->CallXScript( url,
- aArguments, aRet, aOutArgsIndex, aOutArgs, false );
+ aArguments, aRet, aOutArgsIndex, aOutArgs, ::rtl::OUString(), false );
}
}
catch ( uno::Exception& e )
diff --git a/main/sfx2/inc/sfx2/objsh.hxx b/main/sfx2/inc/sfx2/objsh.hxx
index d048f77583..0ac2382040 100644
--- a/main/sfx2/inc/sfx2/objsh.hxx
+++ b/main/sfx2/inc/sfx2/objsh.hxx
@@ -369,15 +369,37 @@ public:
ErrCode CallBasic( const String& rMacro, const String& rBasicName,
SbxArray* pArgs = 0, SbxValue* pRet = 0 );
+ /** Execute a script URL.
+ *
+ * @param rScriptURL URL of the script.
+ * @param aParams parameters for the macro.
+ * @param aRet variable that will hold the return value.
+ * @param aOutParamIndex index of output parameters.
+ * @param aOutParam output parameters.
+ * @param aReferer "Referer" calling the script.
+ * @param bRaiseError true to show a dialog in case of error.
+ */
ErrCode CallXScript(
const String& rScriptURL,
const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aParams,
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer = ::rtl::OUString(),
bool bRaiseError = true
);
+ /** Execute a script URL.
+ *
+ * @param _rxScriptContext script context.
+ * @param rScriptURL URL of the script.
+ * @param aParams parameters for the macro.
+ * @param aRet variable that will hold the return value.
+ * @param aOutParamIndex index of output parameters.
+ * @param aOutParam output parameters.
+ * @param aReferer "Referer" calling the script.
+ * @param bRaiseError true to show a dialog in case of error.
+ */
static ErrCode CallXScript(
const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface >& _rxScriptContext,
const ::rtl::OUString& rScriptURL,
@@ -385,6 +407,7 @@ public:
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer = ::rtl::OUString(),
bool bRaiseError = true
);
diff --git a/main/sfx2/source/appl/appserv.cxx b/main/sfx2/source/appl/appserv.cxx
index 7a46261276..e506013613 100644
--- a/main/sfx2/source/appl/appserv.cxx
+++ b/main/sfx2/source/appl/appserv.cxx
@@ -1037,7 +1037,8 @@ void SfxApplication::OfaExec_Impl( SfxRequest& rReq )
if ( !xScriptContext.is() )
xScriptContext = xController;
- SfxObjectShell::CallXScript( xScriptContext, pDlg->GetScriptURL(), args, ret, outIndex, outArgs );
+ SfxObjectShell::CallXScript( xScriptContext, pDlg->GetScriptURL(), args, ret, outIndex, outArgs,
+ ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "private:user" ) ) );
}
while ( false );
rReq.Done();
diff --git a/main/sfx2/source/doc/objmisc.cxx b/main/sfx2/source/doc/objmisc.cxx
index c9e91465d0..80cae2ec4e 100644
--- a/main/sfx2/source/doc/objmisc.cxx
+++ b/main/sfx2/source/doc/objmisc.cxx
@@ -1694,16 +1694,18 @@ namespace
}
ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const ::rtl::OUString& _rScriptURL,
- const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError )
+ const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam,
+ const ::rtl::OUString& aReferer, bool bRaiseError )
{
OSL_TRACE( "in CallXScript" );
ErrCode nErr = ERRCODE_NONE;
bool bCaughtException = false;
Any aException;
+ bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
try
{
- if ( !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+ if ( !bRefererIsTrusted && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
return ERRCODE_IO_ACCESSDENIED;
// obtain/create a script provider
@@ -1757,10 +1759,11 @@ ErrCode SfxObjectShell::CallXScript( const String& rScriptURL,
aParams,
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
- ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam
- , bool bRaiseError )
+ ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer,
+ bool bRaiseError )
{
- return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, aOutParam, bRaiseError );
+ return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, aOutParam, aReferer, bRaiseError );
}
//-------------------------------------------------------------------------
[openoffice] 02/04: Scripts check their "Referer". Menu choices always set a trusted "Referer".
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 5e03f7d3398f7cf7aaf22757ea3027ff261aa360
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 16:20:02 2023 +0100
Scripts check their "Referer". Menu choices always set a trusted "Referer".
(cherry picked and adapted from commit 98c68b91f53a89d44b8d4d563791eeb186d6d605)
---
main/framework/source/uielement/menubarmanager.cxx | 10 ++----
.../source/protocolhandler/scripthandler.cxx | 39 +++++++++++-----------
2 files changed, 23 insertions(+), 26 deletions(-)
diff --git a/main/framework/source/uielement/menubarmanager.cxx b/main/framework/source/uielement/menubarmanager.cxx
index 5c32b20c94..ef6c2dc87b 100644
--- a/main/framework/source/uielement/menubarmanager.cxx
+++ b/main/framework/source/uielement/menubarmanager.cxx
@@ -1133,13 +1133,9 @@ IMPL_LINK( MenuBarManager, Select, Menu *, pMenu )
aTargetURL.Complete = pMenuItemHandler->aMenuItemURL;
m_xURLTransformer->parseStrict( aTargetURL );
- if ( m_bIsBookmarkMenu )
- {
- // bookmark menu item selected
- aArgs.realloc( 1 );
- aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
- aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
- }
+ aArgs.realloc( 1 );
+ aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
+ aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
xDispatch = pMenuItemHandler->xMenuItemDispatch;
}
diff --git a/main/scripting/source/protocolhandler/scripthandler.cxx b/main/scripting/source/protocolhandler/scripthandler.cxx
index 1d8d267b7a..3de168b659 100644
--- a/main/scripting/source/protocolhandler/scripthandler.cxx
+++ b/main/scripting/source/protocolhandler/scripthandler.cxx
@@ -154,14 +154,32 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
Any invokeResult;
bool bCaughtException = sal_False;
Any aException;
+ Sequence< Any > inArgs( 0 );
if ( m_bInitialised )
{
+ ::rtl::OUString aReferer;
+ if ( lArgs.getLength() > 0 )
+ {
+ int argCount = 0;
+ for ( int index = 0; index < lArgs.getLength(); index++ )
+ {
+ // The propertyval named "Referer"
+ // is not an argument to be passed to script
+ if ( lArgs[ index ].Name.compareToAscii("Referer") == 0 ) {
+ lArgs [ index ].Value >>= aReferer;
+ } else {
+ inArgs.realloc( ++argCount );
+ inArgs[ argCount - 1 ] = lArgs[ index ].Value;
+ }
+ }
+ }
try
{
::rtl::OUString xStringUri = ::rtl::Uri::decode( aURL.Complete,
rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8 );
bool bIsDocumentScript = ( xStringUri.indexOfAsciiL( RTL_CONSTASCII_STRINGPARAM( "document" ) ) !=-1 );
+ bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
// obtain the component for our security check. We could check bIsDocumentScript but the "location" could be forged
if ( getScriptInvocation() ) {
@@ -169,7 +187,8 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
- if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() )
+ if ( !xDocumentScripts.is() ||
+ ( !bRefererIsTrusted && !xDocumentScripts->getAllowMacroExecution() ) )
return;
}
@@ -182,27 +201,9 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
"ScriptProtocolHandler::dispatchWithNotification: validate xFunc - unable to obtain XScript interface" );
- Sequence< Any > inArgs( 0 );
Sequence< Any > outArgs( 0 );
Sequence< sal_Int16 > outIndex;
- if ( lArgs.getLength() > 0 )
- {
- int argCount = 0;
- for ( int index = 0; index < lArgs.getLength(); index++ )
- {
- // Sometimes we get a propertyval with name = "Referer"
- // this is not an argument to be passed to script, so
- // ignore.
- if ( lArgs[ index ].Name.compareToAscii("Referer") != 0 ||
- lArgs[ index ].Name.getLength() == 0 )
- {
- inArgs.realloc( ++argCount );
- inArgs[ argCount - 1 ] = lArgs[ index ].Value;
- }
- }
- }
-
// attempt to protect the document against the script tampering with its Undo Context
::std::auto_ptr< ::framework::DocumentUndoGuard > pUndoGuard;
if ( bIsDocumentScript )
[openoffice] 01/04: Trust the "Referer" parameter
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 4fdfc99e276c066496314e08318b29a2e579c87c
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 11:03:04 2023 +0100
Trust the "Referer" parameter
(cherry picked from commit 8ff7eef7722d15f65826c2c58cd7ce4e768cb9e1)
---
main/sfx2/inc/sfx2/appuno.hxx | 13 +++-
main/sfx2/source/appl/appuno.cxx | 112 ++++++++++++++++++------------
main/sfx2/source/notify/eventsupplier.cxx | 5 +-
3 files changed, 83 insertions(+), 47 deletions(-)
diff --git a/main/sfx2/inc/sfx2/appuno.hxx b/main/sfx2/inc/sfx2/appuno.hxx
index f64b2f4629..fecc36d9fe 100644
--- a/main/sfx2/inc/sfx2/appuno.hxx
+++ b/main/sfx2/inc/sfx2/appuno.hxx
@@ -90,7 +90,18 @@ public:
SfxMacroLoader( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& )
{}
- static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException );
+ /**
+ * Execute a BASIC macro.
+ *
+ * @param aURL URL pointing to the macro (in the form macro:...)
+ * @param rRetval will be set with the macro's return value.
+ * @param aReferer "Referer" identifying the source of this request. May be empty.
+ * @param pDoc shell to use. Default is NULL for using
+ * SfxObjectShell::Current().
+ *
+ * @return ERRCODE_NONE if all went smoothly.
+ */
+ static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException );
virtual ::com::sun::star::uno::Reference < ::com::sun::star::frame::XDispatch > SAL_CALL
queryDispatch( const ::com::sun::star::util::URL& aURL, const ::rtl::OUString& sTargetFrameName,
diff --git a/main/sfx2/source/appl/appuno.cxx b/main/sfx2/source/appl/appuno.cxx
index f1f2e2e5fd..b54e1ca2dd 100644
--- a/main/sfx2/source/appl/appuno.cxx
+++ b/main/sfx2/source/appl/appuno.cxx
@@ -1729,14 +1729,33 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
return lDispatcher;
}
-// -----------------------------------------------------------------------
-void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL ,
- const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs ,
- const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener )
- throw (::com::sun::star::uno::RuntimeException)
+/**
+ * @brief Check if a "Referer" is trusted.
+ *
+ * @param aReferer "Referer" to validate.
+ *
+ * @return sal_True if trusted.
+ */
+static sal_Bool refererIsTrusted(const ::rtl::OUString &aReferer)
{
- ::vos::OGuard aGuard( Application::GetSolarMutex() );
+ if (aReferer.compareToAscii("private:", 8) == 0) {
+ return sal_True;
+ } else {
+ return sal_False;
+ }
+}
+
+/**
+ * @brief Check if a sequence of parameters contains a "Referer" and
+ * returns it.
+ *
+ * @param lArgs sequence of parameters.
+ *
+ * @return the value of the "Referer" parameter, or an empty string.
+ */
+static ::rtl::OUString findReferer(const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs)
+{
sal_uInt32 nPropertyCount = lArgs.getLength();
::rtl::OUString aReferer;
for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty )
@@ -1747,9 +1766,20 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::
break;
}
}
+ return aReferer;
+}
+
+
+// -----------------------------------------------------------------------
+void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL ,
+ const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs ,
+ const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener )
+ throw (::com::sun::star::uno::RuntimeException)
+{
+ ::vos::OGuard aGuard( Application::GetSolarMutex() );
::com::sun::star::uno::Any aAny;
- ErrCode nErr = loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() );
+ ErrCode nErr = loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() );
if( xListener.is() )
{
// always call dispatchFinished(), because we didn't load a document but
@@ -1768,10 +1798,10 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::
::com::sun::star::uno::Any SAL_CALL SfxMacroLoader::dispatchWithReturnValue(
const ::com::sun::star::util::URL& aURL,
- const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& ) throw (::com::sun::star::uno::RuntimeException)
+ const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs) throw (::com::sun::star::uno::RuntimeException)
{
::com::sun::star::uno::Any aRet;
- /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, GetObjectShell_Impl() );
+ /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, findReferer(lArgs), GetObjectShell_Impl() );
return aRet;
}
@@ -1782,19 +1812,8 @@ void SAL_CALL SfxMacroLoader::dispatch( const ::com::sun::star::util::URL&
{
::vos::OGuard aGuard( Application::GetSolarMutex() );
- sal_uInt32 nPropertyCount = lArgs.getLength();
- ::rtl::OUString aReferer;
- for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty )
- {
- if( lArgs[nProperty].Name == ::rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("Referer")) )
- {
- lArgs[nProperty].Value >>= aReferer;
- break;
- }
- }
-
::com::sun::star::uno::Any aAny;
- /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() );
+ /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() );
}
// -----------------------------------------------------------------------
@@ -1817,7 +1836,7 @@ void SAL_CALL SfxMacroLoader::removeStatusListener(
{
}
-ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, SfxObjectShell* pSh )
+ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pSh )
throw ( ::com::sun::star::uno::RuntimeException )
{
SfxObjectShell* pCurrent = pSh;
@@ -1868,29 +1887,32 @@ ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::
const bool bIsAppBasic = ( pBasMgr == pAppMgr );
const bool bIsDocBasic = ( pBasMgr != pAppMgr );
- if ( pDoc )
- {
- // security check for macros from document basic if an SFX doc is given
- if ( !pDoc->AdjustMacroMode( String() ) )
- // check forbids execution
- return ERRCODE_IO_ACCESSDENIED;
- }
- /* XXX in the original sources this branch was present but its
- condition does not make sense.
- Let's keep it in case it may be useful for more in-depth checks.
- else if ( pDoc && pDoc->GetMedium() )
- {
- pDoc->AdjustMacroMode( String() );
- SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False);
- SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False);
- if ( pUpdateDocItem && pMacroExecModeItem
- && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE
- && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE )
- return ERRCODE_IO_ACCESSDENIED;
- }*/
- else if ( pCurrent ) {
- if ( !pCurrent->AdjustMacroMode( String() ) )
- return ERRCODE_IO_ACCESSDENIED;
+ if ( !refererIsTrusted(aReferer) ) {
+ // Not trusted
+ if ( pDoc )
+ {
+ // security check for macros from document basic if an SFX doc is given
+ if ( !pDoc->AdjustMacroMode( String() ) )
+ // check forbids execution
+ return ERRCODE_IO_ACCESSDENIED;
+ }
+ /* XXX in the original sources this branch was present but its
+ condition does not make sense.
+ Let's keep it in case it may be useful for more in-depth checks.
+ else if ( pDoc && pDoc->GetMedium() )
+ {
+ pDoc->AdjustMacroMode( String() );
+ SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False);
+ SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False);
+ if ( pUpdateDocItem && pMacroExecModeItem
+ && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE
+ && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE )
+ return ERRCODE_IO_ACCESSDENIED;
+ }*/
+ else if ( pCurrent ) {
+ if ( !pCurrent->AdjustMacroMode( String() ) )
+ return ERRCODE_IO_ACCESSDENIED;
+ }
}
// find BASIC method
diff --git a/main/sfx2/source/notify/eventsupplier.cxx b/main/sfx2/source/notify/eventsupplier.cxx
index 73a7eb97a2..6577dab059 100644
--- a/main/sfx2/source/notify/eventsupplier.cxx
+++ b/main/sfx2/source/notify/eventsupplier.cxx
@@ -205,6 +205,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
OUSTRING aScript;
OUSTRING aLibrary;
OUSTRING aMacroName;
+ OUSTRING aReferer;
sal_Int32 nCount = aProperties.getLength();
@@ -222,6 +223,8 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
aProperties[ nIndex ].Value >>= aLibrary;
else if ( aProperties[ nIndex ].Name.compareToAscii( PROP_MACRO_NAME ) == 0 )
aProperties[ nIndex ].Value >>= aMacroName;
+ else if ( aProperties[ nIndex ].Name.compareToAscii( "Referer" ) == 0 )
+ aProperties[ nIndex ].Value >>= aReferer;
else {
DBG_ERROR("Unknown property value!");
}
@@ -231,7 +234,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
if ( aType.compareToAscii( STAR_BASIC ) == 0 && aScript.getLength() )
{
com::sun::star::uno::Any aAny;
- SfxMacroLoader::loadMacro( aScript, aAny, pDoc );
+ SfxMacroLoader::loadMacro( aScript, aAny, aReferer, pDoc );
}
else if ( aType.compareToAscii( "Service" ) == 0 ||
aType.compareToAscii( "Script" ) == 0 )