You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2023/01/28 19:51:58 UTC
[openoffice] branch trunk updated: Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/trunk by this push:
new 9112548547 Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
9112548547 is described below
commit 9112548547be8d3a47281bcef5925a60e1435527
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 20:48:26 2023 +0100
Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user
---
main/filter/source/msfilter/msvbahelper.cxx | 2 +-
main/scripting/source/vbaevents/eventhelper.cxx | 2 +-
main/sfx2/inc/sfx2/objsh.hxx | 23 +++++++++++++++++++++++
main/sfx2/source/appl/appserv.cxx | 3 ++-
main/sfx2/source/doc/objmisc.cxx | 13 ++++++++-----
5 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/main/filter/source/msfilter/msvbahelper.cxx b/main/filter/source/msfilter/msvbahelper.cxx
index f51f552cc6..f26b718b8c 100644
--- a/main/filter/source/msfilter/msvbahelper.cxx
+++ b/main/filter/source/msfilter/msvbahelper.cxx
@@ -439,7 +439,7 @@ sal_Bool executeMacro( SfxObjectShell* pShell, const String& sMacroName, uno::Se
if ( pShell )
{
nErr = pShell->CallXScript( sUrl,
- aArgs, aRet, aOutArgsIndex, aOutArgs, false );
+ aArgs, aRet, aOutArgsIndex, aOutArgs, ::rtl::OUString(), false );
sal_Int32 nLen = aOutArgs.getLength();
// convert any out params to seem like they were inouts
if ( nLen )
diff --git a/main/scripting/source/vbaevents/eventhelper.cxx b/main/scripting/source/vbaevents/eventhelper.cxx
index 4a56cb2004..f3088120b6 100644
--- a/main/scripting/source/vbaevents/eventhelper.cxx
+++ b/main/scripting/source/vbaevents/eventhelper.cxx
@@ -975,7 +975,7 @@ EventListener::firing_Impl(const ScriptEvent& evt, Any* /*pRet*/ ) throw(Runtime
{
uno::Any aRet;
mpShell->CallXScript( url,
- aArguments, aRet, aOutArgsIndex, aOutArgs, false );
+ aArguments, aRet, aOutArgsIndex, aOutArgs, ::rtl::OUString(), false );
}
}
catch ( uno::Exception& e )
diff --git a/main/sfx2/inc/sfx2/objsh.hxx b/main/sfx2/inc/sfx2/objsh.hxx
index d048f77583..0ac2382040 100644
--- a/main/sfx2/inc/sfx2/objsh.hxx
+++ b/main/sfx2/inc/sfx2/objsh.hxx
@@ -369,15 +369,37 @@ public:
ErrCode CallBasic( const String& rMacro, const String& rBasicName,
SbxArray* pArgs = 0, SbxValue* pRet = 0 );
+ /** Execute a script URL.
+ *
+ * @param rScriptURL URL of the script.
+ * @param aParams parameters for the macro.
+ * @param aRet variable that will hold the return value.
+ * @param aOutParamIndex index of output parameters.
+ * @param aOutParam output parameters.
+ * @param aReferer "Referer" calling the script.
+ * @param bRaiseError true to show a dialog in case of error.
+ */
ErrCode CallXScript(
const String& rScriptURL,
const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aParams,
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer = ::rtl::OUString(),
bool bRaiseError = true
);
+ /** Execute a script URL.
+ *
+ * @param _rxScriptContext script context.
+ * @param rScriptURL URL of the script.
+ * @param aParams parameters for the macro.
+ * @param aRet variable that will hold the return value.
+ * @param aOutParamIndex index of output parameters.
+ * @param aOutParam output parameters.
+ * @param aReferer "Referer" calling the script.
+ * @param bRaiseError true to show a dialog in case of error.
+ */
static ErrCode CallXScript(
const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface >& _rxScriptContext,
const ::rtl::OUString& rScriptURL,
@@ -385,6 +407,7 @@ public:
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer = ::rtl::OUString(),
bool bRaiseError = true
);
diff --git a/main/sfx2/source/appl/appserv.cxx b/main/sfx2/source/appl/appserv.cxx
index 1e3b4284c2..29672586d2 100644
--- a/main/sfx2/source/appl/appserv.cxx
+++ b/main/sfx2/source/appl/appserv.cxx
@@ -1037,7 +1037,8 @@ void SfxApplication::OfaExec_Impl( SfxRequest& rReq )
if ( !xScriptContext.is() )
xScriptContext = xController;
- SfxObjectShell::CallXScript( xScriptContext, pDlg->GetScriptURL(), args, ret, outIndex, outArgs );
+ SfxObjectShell::CallXScript( xScriptContext, pDlg->GetScriptURL(), args, ret, outIndex, outArgs,
+ ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "private:user" ) ) );
}
while ( false );
rReq.Done();
diff --git a/main/sfx2/source/doc/objmisc.cxx b/main/sfx2/source/doc/objmisc.cxx
index 76efcf1fc8..17bfb6f776 100644
--- a/main/sfx2/source/doc/objmisc.cxx
+++ b/main/sfx2/source/doc/objmisc.cxx
@@ -1697,13 +1697,15 @@ namespace
}
ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const ::rtl::OUString& _rScriptURL,
- const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError )
+ const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam,
+ const ::rtl::OUString& aReferer, bool bRaiseError )
{
OSL_TRACE( "in CallXScript" );
ErrCode nErr = ERRCODE_NONE;
bool bCaughtException = false;
Any aException;
+ bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
try
{
uno::Reference< lang::XMultiServiceFactory > xServiceManager( ::comphelper::getProcessServiceFactory(), uno::UNO_SET_THROW );
@@ -1711,7 +1713,7 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon
xServiceManager->createInstance( rtl::OUString::createFromAscii(
"com.sun.star.uri.UriReferenceFactory") ) , UNO_QUERY_THROW );
Reference< uri::XVndSunStarScriptUrlReference > xScriptUri( xFac->parse( _rScriptURL ), UNO_QUERY_THROW );
- if ( !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+ if ( !bRefererIsTrusted && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
return ERRCODE_IO_ACCESSDENIED;
// obtain/create a script provider
@@ -1765,10 +1767,11 @@ ErrCode SfxObjectShell::CallXScript( const String& rScriptURL,
aParams,
::com::sun::star::uno::Any& aRet,
::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
- ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam
- , bool bRaiseError )
+ ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aOutParam,
+ const ::rtl::OUString& aReferer,
+ bool bRaiseError )
{
- return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, aOutParam, bRaiseError );
+ return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, aOutParam, aReferer, bRaiseError );
}
//-------------------------------------------------------------------------