You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ar...@apache.org on 2023/01/28 15:21:11 UTC

[openoffice] branch trunk updated: Scripts check their "Referer". Menu choices always set a trusted "Referer".

This is an automated email from the ASF dual-hosted git repository.

ardovm pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/openoffice.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 98c68b91f5 Scripts check their "Referer". Menu choices always set a trusted "Referer".
98c68b91f5 is described below

commit 98c68b91f53a89d44b8d4d563791eeb186d6d605
Author: Arrigo Marchiori <ar...@yahoo.it>
AuthorDate: Sat Jan 28 16:20:02 2023 +0100

    Scripts check their "Referer". Menu choices always set a trusted "Referer".
---
 main/framework/source/uielement/menubarmanager.cxx | 10 ++----
 .../source/protocolhandler/scripthandler.cxx       | 39 +++++++++++-----------
 2 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/main/framework/source/uielement/menubarmanager.cxx b/main/framework/source/uielement/menubarmanager.cxx
index 72a39ca9d5..8dea9c54f0 100644
--- a/main/framework/source/uielement/menubarmanager.cxx
+++ b/main/framework/source/uielement/menubarmanager.cxx
@@ -1132,13 +1132,9 @@ IMPL_LINK( MenuBarManager, Select, Menu *, pMenu )
 					aTargetURL.Complete = pMenuItemHandler->aMenuItemURL;
                     m_xURLTransformer->parseStrict( aTargetURL );
 
-                    if ( m_bIsBookmarkMenu )
-					{
-						// bookmark menu item selected
-						aArgs.realloc( 1 );
-						aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
-						aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
-					}
+                    aArgs.realloc( 1 );
+                    aArgs[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Referer" ));
+                    aArgs[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( SFX_REFERER_USER ));
 
 					xDispatch = pMenuItemHandler->xMenuItemDispatch;
 				}
diff --git a/main/scripting/source/protocolhandler/scripthandler.cxx b/main/scripting/source/protocolhandler/scripthandler.cxx
index 85643eebbb..61b68da2a4 100644
--- a/main/scripting/source/protocolhandler/scripthandler.cxx
+++ b/main/scripting/source/protocolhandler/scripthandler.cxx
@@ -156,15 +156,33 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
     Any invokeResult;
 	bool bCaughtException = sal_False;
 	Any aException;
+    Sequence< Any > inArgs( 0 );
 
     if ( m_bInitialised )
     {
+        ::rtl::OUString aReferer;
+        if ( lArgs.getLength() > 0 )
+        {
+            int argCount = 0;
+            for ( int index = 0; index < lArgs.getLength(); index++ )
+            {
+                // The propertyval named "Referer"
+                // is not an argument to be passed to script
+                if ( lArgs[ index ].Name.compareToAscii("Referer") == 0 ) {
+                    lArgs [ index ].Value >>= aReferer;
+                } else {
+                    inArgs.realloc( ++argCount );
+                    inArgs[ argCount - 1 ] = lArgs[ index ].Value;
+                }
+            }
+        }
         try
         {
             Reference< uri::XUriReferenceFactory > xFac( uri::UriReferenceFactory::create( m_xCtx ) );
             Reference< uri::XVndSunStarScriptUrlReference > xScriptUri( xFac->parse( aURL.Complete ), UNO_QUERY_THROW );
             ::rtl::OUString sLocation = xScriptUri->getParameter( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "location" ) ) );
             bool bIsDocumentScript = ( sLocation == ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "document" ) ) );
+            bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
 
             // obtain the component for our security check. We could check bIsDocumentScript but the "location" could be forged
             if ( getScriptInvocation() ) {
@@ -172,7 +190,8 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
                     xDocumentScripts.set( m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
 
                 OSL_ENSURE( xDocumentScripts.is(), "ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" );
-                if ( !xDocumentScripts.is() || !xDocumentScripts->getAllowMacroExecution() )
+                if ( !xDocumentScripts.is() ||
+                     ( !bRefererIsTrusted && !xDocumentScripts->getAllowMacroExecution() ) )
                 {
                     if ( xListener.is() )
                     {
@@ -206,27 +225,9 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
                 "ScriptProtocolHandler::dispatchWithNotification: validate xFunc - unable to obtain XScript interface" );
 
            
-            Sequence< Any > inArgs( 0 );
             Sequence< Any > outArgs( 0 );
             Sequence< sal_Int16 > outIndex;
 
-            if ( lArgs.getLength() > 0 )
-            {
-               int argCount = 0;
-               for ( int index = 0; index < lArgs.getLength(); index++ )
-               {
-                   // Sometimes we get a propertyval with name = "Referer"
-                   // this is not an argument to be passed to script, so
-                   // ignore.
-                   if ( lArgs[ index ].Name.compareToAscii("Referer") != 0  ||
-                        lArgs[ index ].Name.getLength() == 0 )
-                   {
-                       inArgs.realloc( ++argCount ); 
-                       inArgs[ argCount - 1 ] = lArgs[ index ].Value;
-                   }
-               }
-            }
-
             // attempt to protect the document against the script tampering with its Undo Context
             ::std::auto_ptr< ::framework::DocumentUndoGuard > pUndoGuard;
             if ( bIsDocumentScript )