You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2022/03/17 19:44:32 UTC
[openoffice] branch AOO41X updated (fc33a8e -> 417e128)
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a change to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git.
from fc33a8e Produce expat-2.2.13, derived from 2.4.7
new b42dd17 Do not allow macros by default when there are none
new 57221d7 All scripts must be subject to checks
new 417e128 Check if scripts are allowed, regardless of location
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../source/protocolhandler/scripthandler.cxx | 8 +--
main/sfx2/source/doc/docmacromode.cxx | 80 +++++++++++++++-------
main/sfx2/source/doc/objmisc.cxx | 9 +--
3 files changed, 60 insertions(+), 37 deletions(-)
[openoffice] 02/03: All scripts must be subject to checks
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 57221d74ec27db61efcf416a9f0e37ad824b5ccc
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Tue Oct 19 20:24:17 2021 +0200
All scripts must be subject to checks
(cherry picked from commit fb9ad7aa17549019ccdd2762a97d104449abf45d)
---
main/scripting/source/protocolhandler/scripthandler.cxx | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/main/scripting/source/protocolhandler/scripthandler.cxx b/main/scripting/source/protocolhandler/scripthandler.cxx
index fbb5a2f..1d8d267 100644
--- a/main/scripting/source/protocolhandler/scripthandler.cxx
+++ b/main/scripting/source/protocolhandler/scripthandler.cxx
@@ -163,11 +163,9 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8 );
bool bIsDocumentScript = ( xStringUri.indexOfAsciiL( RTL_CONSTASCII_STRINGPARAM( "document" ) ) !=-1 );
- if ( bIsDocumentScript )
- {
- // obtain the component for our security check
- Reference< XEmbeddedScripts > xDocumentScripts;
- if ( getScriptInvocation() )
+ // obtain the component for our security check. We could check bIsDocumentScript but the "location" could be forged
+ if ( getScriptInvocation() ) {
+ Reference< XEmbeddedScripts > xDocumentScripts;
xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
[openoffice] 03/03: Check if scripts are allowed, regardless of location
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 417e12810c61e06dae9a3df49a2e1860863ccceb
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Oct 23 14:26:30 2021 +0200
Check if scripts are allowed, regardless of location
(cherry picked and adapted from commit aea5254635d14376dd83e528769fd1dec8f7dbd7)
---
main/sfx2/source/doc/objmisc.cxx | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/main/sfx2/source/doc/objmisc.cxx b/main/sfx2/source/doc/objmisc.cxx
index ebe26d8..ce2fe33 100644
--- a/main/sfx2/source/doc/objmisc.cxx
+++ b/main/sfx2/source/doc/objmisc.cxx
@@ -1695,16 +1695,13 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon
OSL_TRACE( "in CallXScript" );
ErrCode nErr = ERRCODE_NONE;
- bool bIsDocumentScript = ( _rScriptURL.indexOfAsciiL( RTL_CONSTASCII_STRINGPARAM( "location=document" ) ) >= 0 );
- // TODO: we should parse the URL, and check whether there is a parameter with this name.
- // Otherwise, we might find too much.
- if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
- return ERRCODE_IO_ACCESSDENIED;
-
bool bCaughtException = false;
Any aException;
try
{
+ if ( !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+ return ERRCODE_IO_ACCESSDENIED;
+
// obtain/create a script provider
Reference< provider::XScriptProvider > xScriptProvider;
Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY );
[openoffice] 01/03: Do not allow macros by default when there are none
Posted by ar...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch AOO41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit b42dd17c7ad2f25b3e10e8cdee9dd5292510f975
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Tue Oct 19 20:23:01 2021 +0200
Do not allow macros by default when there are none
(cherry picked from commit 4018d3b8a14b17c2bbe7eaec1ac3a460adc072cb)
---
main/sfx2/source/doc/docmacromode.cxx | 80 +++++++++++++++++++++++------------
1 file changed, 54 insertions(+), 26 deletions(-)
diff --git a/main/sfx2/source/doc/docmacromode.cxx b/main/sfx2/source/doc/docmacromode.cxx
index f27893f..03b542c 100644
--- a/main/sfx2/source/doc/docmacromode.cxx
+++ b/main/sfx2/source/doc/docmacromode.cxx
@@ -159,27 +159,14 @@ namespace sfx2
return sal_False;
}
- //--------------------------------------------------------------------
- sal_Bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction )
+ /** Change the indicated macro execution mode depending on the current macro security level.
+ *
+ * @param nMacroExecutionMode current execution mode (must be one of MacroExecMode::USE_XXX).
+ *
+ * Changes nMacroExecutionMode according to the current security options, if applicable.
+ */
+ static void adjustMacroExecModeSecurity(sal_uInt16 &nMacroExecutionMode)
{
- sal_uInt16 nMacroExecutionMode = m_pData->m_rDocumentAccess.getCurrentMacroExecMode();
-
- if ( SvtSecurityOptions().IsMacroDisabled() )
- {
- // no macro should be executed at all
- lcl_showMacrosDisabledError( rxInteraction, m_pData->m_bMacroDisabledMessageShown );
- return disallowMacroExecution();
- }
-
- // get setting from configuration if required
- enum AutoConfirmation
- {
- eNoAutoConfirm,
- eAutoConfirmApprove,
- eAutoConfirmReject
- };
- AutoConfirmation eAutoConfirm( eNoAutoConfirm );
-
if ( ( nMacroExecutionMode == MacroExecMode::USE_CONFIG )
|| ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_REJECT_CONFIRMATION )
|| ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_APPROVE_CONFIRMATION )
@@ -205,12 +192,36 @@ namespace sfx2
nMacroExecutionMode = MacroExecMode::NEVER_EXECUTE;
}
- if ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_REJECT_CONFIRMATION )
- eAutoConfirm = eAutoConfirmReject;
- else if ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_APPROVE_CONFIRMATION )
- eAutoConfirm = eAutoConfirmApprove;
+ }
+ }
+
+ //--------------------------------------------------------------------
+ sal_Bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction )
+ {
+ sal_uInt16 nMacroExecutionMode = m_pData->m_rDocumentAccess.getCurrentMacroExecMode();
+
+ if ( SvtSecurityOptions().IsMacroDisabled() )
+ {
+ // no macro should be executed at all
+ lcl_showMacrosDisabledError( rxInteraction, m_pData->m_bMacroDisabledMessageShown );
+ return disallowMacroExecution();
}
+ // get setting from configuration if required
+ enum AutoConfirmation
+ {
+ eNoAutoConfirm,
+ eAutoConfirmApprove,
+ eAutoConfirmReject
+ };
+ AutoConfirmation eAutoConfirm( eNoAutoConfirm );
+
+ adjustMacroExecModeSecurity(nMacroExecutionMode);
+ if ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_REJECT_CONFIRMATION )
+ eAutoConfirm = eAutoConfirmReject;
+ else if ( nMacroExecutionMode == MacroExecMode::USE_CONFIG_APPROVE_CONFIRMATION )
+ eAutoConfirm = eAutoConfirmApprove;
+
if ( nMacroExecutionMode == MacroExecMode::NEVER_EXECUTE )
return sal_False;
@@ -420,8 +431,25 @@ namespace sfx2
}
else if ( !isMacroExecutionDisallowed() )
{
- // if macros will be added by the user later, the security check is obsolete
- bAllow = allowMacroExecution();
+ // There are no macros (yet) but we want to be careful anyway
+ sal_uInt16 nMacroExecutionMode = m_pData->m_rDocumentAccess.getCurrentMacroExecMode();
+ adjustMacroExecModeSecurity(nMacroExecutionMode);
+ switch (nMacroExecutionMode) {
+ case MacroExecMode::NEVER_EXECUTE:
+ case MacroExecMode::USE_CONFIG:
+ case MacroExecMode::USE_CONFIG_REJECT_CONFIRMATION:
+ case MacroExecMode::FROM_LIST_NO_WARN:
+ case MacroExecMode::FROM_LIST_AND_SIGNED_WARN:
+ case MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN:
+ bAllow = sal_False;
+ break;
+ case MacroExecMode::FROM_LIST:
+ case MacroExecMode::ALWAYS_EXECUTE:
+ case MacroExecMode::ALWAYS_EXECUTE_NO_WARN:
+ case MacroExecMode::USE_CONFIG_APPROVE_CONFIRMATION:
+ bAllow = sal_True;
+ break;
+ }
}
}
return bAllow;