You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2023/01/28 15:21:11 UTC
[openoffice] branch trunk updated: Scripts check their "Referer". Menu choices always set a trusted "Referer".
This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/trunk by this push:
new 98c68b91f5 Scripts check their "Referer". Menu choices always set a trusted "Referer".
98c68b91f5 is described below
commit 98c68b91f53a89d44b8d4d563791eeb186d6d605
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 16:20:02 2023 +0100
Scripts check their "Referer". Menu choices always set a trusted "Referer".
---
main/framework/source/uielement/menubarmanager.cxx | 10 ++----
.../source/protocolhandler/scripthandler.cxx | 39 +++++++++++-----------
2 files changed, 23 insertions(+), 26 deletions(-)
diff --git a/main/framework/source/uielement/menubarmanager.cxx b/main/framework/source/uielement/menubarmanager.cxx
index 72a39ca9d5..8dea9c54f0 100644
--- a/main/framework/source/uielement/menubarmanager.cxx
+++ b/main/framework/source/uielement/menubarmanager.cxx
@@ -1132,13 +1132,9 @@ IMPL_LINK( MenuBarManager, Select, Menu *, pMenu )
aTargetURL.Complete = pMenuItemHandler->aMenuItemURL;
m_xURLTransformer->parseStrict( aTargetURL );
- if ( m_bIsBookmarkMenu )
- {
- // bookmark menu item selected
- aArgs.realloc( 1 );
- aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
- aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
- }
+ aArgs.realloc( 1 );
+ aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
+ aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
xDispatch = pMenuItemHandler->xMenuItemDispatch;
}
diff --git a/main/scripting/source/protocolhandler/scripthandler.cxx b/main/scripting/source/protocolhandler/scripthandler.cxx
index 85643eebbb..61b68da2a4 100644
--- a/main/scripting/source/protocolhandler/scripthandler.cxx
+++ b/main/scripting/source/protocolhandler/scripthandler.cxx
@@ -156,15 +156,33 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
Any invokeResult;
bool bCaughtException = sal_False;
Any aException;
+ Sequence< Any > inArgs( 0 );
if ( m_bInitialised )
{
+ ::rtl::OUString aReferer;
+ if ( lArgs.getLength() > 0 )
+ {
+ int argCount = 0;
+ for ( int index = 0; index < lArgs.getLength(); index++ )
+ {
+ // The propertyval named "Referer"
+ // is not an argument to be passed to script
+ if ( lArgs[ index ].Name.compareToAscii("Referer") == 0 ) {
+ lArgs [ index ].Value >>= aReferer;
+ } else {
+ inArgs.realloc( ++argCount );
+ inArgs[ argCount - 1 ] = lArgs[ index ].Value;
+ }
+ }
+ }
try
{
Reference< uri::XUriReferenceFactory > xFac( uri::UriReferenceFactory::create( m_xCtx ) );
Reference< uri::XVndSunStarScriptUrlReference > xScriptUri( xFac->parse( aURL.Complete ), UNO_QUERY_THROW );
::rtl::OUString sLocation = xScriptUri->getParameter( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "location" ) ) );
bool bIsDocumentScript = ( sLocation == ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "document" ) ) );
+ bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
// obtain the component for our security check. We could check bIsDocumentScript but the "location" could be forged
if ( getScriptInvocation() ) {
@@ -172,7 +190,8 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
- if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() )
+ if ( !xDocumentScripts.is() ||
+ ( !bRefererIsTrusted && !xDocumentScripts->getAllowMacroExecution() ) )
{
if ( xListener.is() )
{
@@ -206,27 +225,9 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
"ScriptProtocolHandler::dispatchWithNotification: validate xFunc - unable to obtain XScript interface" );
- Sequence< Any > inArgs( 0 );
Sequence< Any > outArgs( 0 );
Sequence< sal_Int16 > outIndex;
- if ( lArgs.getLength() > 0 )
- {
- int argCount = 0;
- for ( int index = 0; index < lArgs.getLength(); index++ )
- {
- // Sometimes we get a propertyval with name = "Referer"
- // this is not an argument to be passed to script, so
- // ignore.
- if ( lArgs[ index ].Name.compareToAscii("Referer") != 0 ||
- lArgs[ index ].Name.getLength() == 0 )
- {
- inArgs.realloc( ++argCount );
- inArgs[ argCount - 1 ] = lArgs[ index ].Value;
- }
- }
- }
-
// attempt to protect the document against the script tampering with its Undo Context
::std::auto_ptr< ::framework::DocumentUndoGuard > pUndoGuard;
if ( bIsDocumentScript )