You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2023/01/28 10:04:22 UTC
[openoffice] branch trunk updated: Trust the "Referer" parameter
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/trunk by this push:
new 8ff7eef772 Trust the "Referer" parameter
8ff7eef772 is described below
commit 8ff7eef7722d15f65826c2c58cd7ce4e768cb9e1
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 11:03:04 2023 +0100
Trust the "Referer" parameter
---
main/sfx2/inc/sfx2/appuno.hxx | 13 +++-
main/sfx2/source/appl/appuno.cxx | 112 ++++++++++++++++++------------
main/sfx2/source/notify/eventsupplier.cxx | 5 +-
3 files changed, 83 insertions(+), 47 deletions(-)
diff --git a/main/sfx2/inc/sfx2/appuno.hxx b/main/sfx2/inc/sfx2/appuno.hxx
index f64b2f4629..fecc36d9fe 100644
--- a/main/sfx2/inc/sfx2/appuno.hxx
+++ b/main/sfx2/inc/sfx2/appuno.hxx
@@ -90,7 +90,18 @@ public:
SfxMacroLoader( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& )
{}
- static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException );
+ /**
+ * Execute a BASIC macro.
+ *
+ * @param aURL URL pointing to the macro (in the form macro:...)
+ * @param rRetval will be set with the macro's return value.
+ * @param aReferer "Referer" identifying the source of this request. May be empty.
+ * @param pDoc shell to use. Default is NULL for using
+ * SfxObjectShell::Current().
+ *
+ * @return ERRCODE_NONE if all went smoothly.
+ */
+ static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException );
virtual ::com::sun::star::uno::Reference < ::com::sun::star::frame::XDispatch > SAL_CALL
queryDispatch( const ::com::sun::star::util::URL& aURL, const ::rtl::OUString& sTargetFrameName,
diff --git a/main/sfx2/source/appl/appuno.cxx b/main/sfx2/source/appl/appuno.cxx
index f1f2e2e5fd..b54e1ca2dd 100644
--- a/main/sfx2/source/appl/appuno.cxx
+++ b/main/sfx2/source/appl/appuno.cxx
@@ -1729,14 +1729,33 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
return lDispatcher;
}
-// -----------------------------------------------------------------------
-void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL ,
- const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs ,
- const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener )
- throw (::com::sun::star::uno::RuntimeException)
+/**
+ * @brief Check if a "Referer" is trusted.
+ *
+ * @param aReferer "Referer" to validate.
+ *
+ * @return sal_True if trusted.
+ */
+static sal_Bool refererIsTrusted(const ::rtl::OUString &aReferer)
{
- ::vos::OGuard aGuard( Application::GetSolarMutex() );
+ if (aReferer.compareToAscii("private:", 8) == 0) {
+ return sal_True;
+ } else {
+ return sal_False;
+ }
+}
+
+/**
+ * @brief Check if a sequence of parameters contains a "Referer" and
+ * returns it.
+ *
+ * @param lArgs sequence of parameters.
+ *
+ * @return the value of the "Referer" parameter, or an empty string.
+ */
+static ::rtl::OUString findReferer(const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs)
+{
sal_uInt32 nPropertyCount = lArgs.getLength();
::rtl::OUString aReferer;
for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty )
@@ -1747,9 +1766,20 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::
break;
}
}
+ return aReferer;
+}
+
+
+// -----------------------------------------------------------------------
+void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL ,
+ const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs ,
+ const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener )
+ throw (::com::sun::star::uno::RuntimeException)
+{
+ ::vos::OGuard aGuard( Application::GetSolarMutex() );
::com::sun::star::uno::Any aAny;
- ErrCode nErr = loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() );
+ ErrCode nErr = loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() );
if( xListener.is() )
{
// always call dispatchFinished(), because we didn't load a document but
@@ -1768,10 +1798,10 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::
::com::sun::star::uno::Any SAL_CALL SfxMacroLoader::dispatchWithReturnValue(
const ::com::sun::star::util::URL& aURL,
- const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& ) throw (::com::sun::star::uno::RuntimeException)
+ const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs) throw (::com::sun::star::uno::RuntimeException)
{
::com::sun::star::uno::Any aRet;
- /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, GetObjectShell_Impl() );
+ /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, findReferer(lArgs), GetObjectShell_Impl() );
return aRet;
}
@@ -1782,19 +1812,8 @@ void SAL_CALL SfxMacroLoader::dispatch( const ::com::sun::star::util::URL&
{
::vos::OGuard aGuard( Application::GetSolarMutex() );
- sal_uInt32 nPropertyCount = lArgs.getLength();
- ::rtl::OUString aReferer;
- for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty )
- {
- if( lArgs[nProperty].Name == ::rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("Referer")) )
- {
- lArgs[nProperty].Value >>= aReferer;
- break;
- }
- }
-
::com::sun::star::uno::Any aAny;
- /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() );
+ /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() );
}
// -----------------------------------------------------------------------
@@ -1817,7 +1836,7 @@ void SAL_CALL SfxMacroLoader::removeStatusListener(
{
}
-ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, SfxObjectShell* pSh )
+ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pSh )
throw ( ::com::sun::star::uno::RuntimeException )
{
SfxObjectShell* pCurrent = pSh;
@@ -1868,29 +1887,32 @@ ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::
const bool bIsAppBasic = ( pBasMgr == pAppMgr );
const bool bIsDocBasic = ( pBasMgr != pAppMgr );
- if ( pDoc )
- {
- // security check for macros from document basic if an SFX doc is given
- if ( !pDoc->AdjustMacroMode( String() ) )
- // check forbids execution
- return ERRCODE_IO_ACCESSDENIED;
- }
- /* XXX in the original sources this branch was present but its
- condition does not make sense.
- Let's keep it in case it may be useful for more in-depth checks.
- else if ( pDoc && pDoc->GetMedium() )
- {
- pDoc->AdjustMacroMode( String() );
- SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False);
- SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False);
- if ( pUpdateDocItem && pMacroExecModeItem
- && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE
- && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE )
- return ERRCODE_IO_ACCESSDENIED;
- }*/
- else if ( pCurrent ) {
- if ( !pCurrent->AdjustMacroMode( String() ) )
- return ERRCODE_IO_ACCESSDENIED;
+ if ( !refererIsTrusted(aReferer) ) {
+ // Not trusted
+ if ( pDoc )
+ {
+ // security check for macros from document basic if an SFX doc is given
+ if ( !pDoc->AdjustMacroMode( String() ) )
+ // check forbids execution
+ return ERRCODE_IO_ACCESSDENIED;
+ }
+ /* XXX in the original sources this branch was present but its
+ condition does not make sense.
+ Let's keep it in case it may be useful for more in-depth checks.
+ else if ( pDoc && pDoc->GetMedium() )
+ {
+ pDoc->AdjustMacroMode( String() );
+ SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False);
+ SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False);
+ if ( pUpdateDocItem && pMacroExecModeItem
+ && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE
+ && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE )
+ return ERRCODE_IO_ACCESSDENIED;
+ }*/
+ else if ( pCurrent ) {
+ if ( !pCurrent->AdjustMacroMode( String() ) )
+ return ERRCODE_IO_ACCESSDENIED;
+ }
}
// find BASIC method
diff --git a/main/sfx2/source/notify/eventsupplier.cxx b/main/sfx2/source/notify/eventsupplier.cxx
index 3c649c4ac2..4df4ca31b3 100644
--- a/main/sfx2/source/notify/eventsupplier.cxx
+++ b/main/sfx2/source/notify/eventsupplier.cxx
@@ -205,6 +205,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
OUSTRING aScript;
OUSTRING aLibrary;
OUSTRING aMacroName;
+ OUSTRING aReferer;
sal_Int32 nCount = aProperties.getLength();
@@ -222,6 +223,8 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
aProperties[ nIndex ].Value >>= aLibrary;
else if ( aProperties[ nIndex ].Name.compareToAscii( PROP_MACRO_NAME ) == 0 )
aProperties[ nIndex ].Value >>= aMacroName;
+ else if ( aProperties[ nIndex ].Name.compareToAscii( "Referer" ) == 0 )
+ aProperties[ nIndex ].Value >>= aReferer;
else {
DBG_ERROR("Unknown property value!");
}
@@ -231,7 +234,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg
if ( aType.compareToAscii( STAR_BASIC ) == 0 && aScript.getLength() )
{
com::sun::star::uno::Any aAny;
- SfxMacroLoader::loadMacro( aScript, aAny, pDoc );
+ SfxMacroLoader::loadMacro( aScript, aAny, aReferer, pDoc );
}
else if ( aType.compareToAscii( "Service" ) == 0 ||
aType.compareToAscii( "Script" ) == 0 )