[Libreoffice-commits] core.git: 2 commits - sfx2/source
Herbert Dürr
hdu at apache.org
Thu Jul 10 06:05:30 PDT 2014
sfx2/source/appl/impldde.cxx | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
New commits:
commit d1fc47793c1efbe9ff5271656283211647dd0b33
Author: Herbert Dürr <hdu at apache.org>
Date: Thu Jul 10 09:11:07 2014 +0000
Related: #i125226# disallow absolute and relative paths for DDE servers
(cherry picked from commit 6b64ada6e3a902ac4b44fe49476514d49138d4d4)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I127add375a127dbbd0eaf12a10884e2636f1a332
diff --git a/sfx2/source/appl/impldde.cxx b/sfx2/source/appl/impldde.cxx
index 8a93a7e..7ec637a 100644
--- a/sfx2/source/appl/impldde.cxx
+++ b/sfx2/source/appl/impldde.cxx
@@ -25,6 +25,7 @@
#include "impldde.hxx"
+#include <comphelper/string.hxx>
#include <vcl/svapp.hxx>
#include <vcl/fixed.hxx>
#include <vcl/edit.hxx>
@@ -248,19 +249,20 @@ bool SvDDEObject::Connect( SvBaseLink * pSvLink )
// check the suitability of starting the DDE server
const SvtSecurityOptions aSecOpts;
bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE);
- bForbidden |= (bInWinExec != false);
+ bForbidden |= (comphelper::string::indexOfAny(sServer, L":./%\\") != -1);
static const char* aBadServers[] = { "cmd", "rundll32" };
for (size_t i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i)
bForbidden |= sServer.equalsAscii(aBadServers[i]);
// try to start the DDE server if it is not there already
+ bForbidden |= (bInWinExec != false);
if( !bForbidden )
{
OStringBuffer aCmdLine(OUStringToOString(sServer, RTL_TEXTENCODING_ASCII_US));
aCmdLine.append(".exe ");
aCmdLine.append(OUStringToOString(sTopic, RTL_TEXTENCODING_ASCII_US));
- if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 )
+ if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) // TODO: use CreateProcess() instead
nError = DDELINK_ERROR_APP;
else
{
commit 13b68e24db26374ca17572de9abb429edeac32e9
Author: Herbert Dürr <hdu at apache.org>
Date: Wed Jul 9 15:51:49 2014 +0000
Related: #i125226# some macro preferences are directly...
applicable to DDE servers
(cherry picked from commit 2c835e761e1e9ddb6794895e6f3538b918160dd1)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: Ic16b3df34ac1b003a8a5cabab15ea655d05bdd18
Related: #i125226# typo fix
(cherry picked from commit 727ea069c6342e01a50c8b068ec302574b251cbd)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I8db53b7e8529d05e660a2d69e669b44c9045712c
diff --git a/sfx2/source/appl/impldde.cxx b/sfx2/source/appl/impldde.cxx
index 3bb38ba..8a93a7e 100644
--- a/sfx2/source/appl/impldde.cxx
+++ b/sfx2/source/appl/impldde.cxx
@@ -45,6 +45,8 @@
#include <svl/svdde.hxx>
#include <sot/formats.hxx>
+#include <unotools/securityoptions.hxx>
+
#define DDELINK_ERROR_APP 1
#define DDELINK_ERROR_DATA 2
@@ -243,13 +245,15 @@ bool SvDDEObject::Connect( SvBaseLink * pSvLink )
}
#if defined(WNT)
- bool bForbidden = bInWinExec;
- // TODO: also check the security level
- static const char* aBadServers[] = { "cmd" };
+ // check the suitability of starting the DDE server
+ const SvtSecurityOptions aSecOpts;
+ bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE);
+ bForbidden |= (bInWinExec != false);
+ static const char* aBadServers[] = { "cmd", "rundll32" };
for (size_t i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i)
bForbidden |= sServer.equalsAscii(aBadServers[i]);
- // try to start the DDE server if it is not there
+ // try to start the DDE server if it is not there already
if( !bForbidden )
{
OStringBuffer aCmdLine(OUStringToOString(sServer, RTL_TEXTENCODING_ASCII_US));
More information about the Libreoffice-commits
mailing list