[Libreoffice-commits] core.git: Branch 'libreoffice-4-2' - sfx2/source
Herbert Dürr
hdu at apache.org
Fri Jul 11 01:33:33 PDT 2014
sfx2/source/appl/impldde.cxx | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
New commits:
commit 3d1cb5397d95bba5426ac5372bbd7644aac88409
Author: Herbert Dürr <hdu at apache.org>
Date: Wed Jul 9 15:23:59 2014 +0000
Related: #i125226# don't try to access known-bad DDE servers
(cherry picked from commit 88de6a59d9d7933b86fdcba733277aa4fbd5e132)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: If4dcd49cfe15188d06e4e06cd8e58cdcc66ed5a4
(cherry picked from commit b16f164650f8345e51bf0b0c73bf9c8eee775bc2)
Related: #i125226# some macro preferences are directly...
applicable to DDE servers
(cherry picked from commit 2c835e761e1e9ddb6794895e6f3538b918160dd1)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: Ic16b3df34ac1b003a8a5cabab15ea655d05bdd18
Related: #i125226# typo fix
(cherry picked from commit 727ea069c6342e01a50c8b068ec302574b251cbd)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I8db53b7e8529d05e660a2d69e669b44c9045712c
(cherry picked from commit 13b68e24db26374ca17572de9abb429edeac32e9)
Related: #i125226# disallow absolute and relative paths for DDE servers
(cherry picked from commit 6b64ada6e3a902ac4b44fe49476514d49138d4d4)
Conflicts:
sfx2/source/appl/impldde.cxx
Change-Id: I127add375a127dbbd0eaf12a10884e2636f1a332
(cherry picked from commit d1fc47793c1efbe9ff5271656283211647dd0b33)
Reviewed-on: https://gerrit.libreoffice.org/10202
Reviewed-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
Tested-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
diff --git a/sfx2/source/appl/impldde.cxx b/sfx2/source/appl/impldde.cxx
index cc6431d..b0b79a21 100644
--- a/sfx2/source/appl/impldde.cxx
+++ b/sfx2/source/appl/impldde.cxx
@@ -25,6 +25,7 @@
#include "impldde.hxx"
+#include <comphelper/string.hxx>
#include <vcl/svapp.hxx>
#include <vcl/fixed.hxx>
#include <vcl/edit.hxx>
@@ -45,6 +46,8 @@
#include <svl/svdde.hxx>
#include <sot/formats.hxx>
+#include <unotools/securityoptions.hxx>
+
#define DDELINK_ERROR_APP 1
#define DDELINK_ERROR_DATA 2
@@ -243,15 +246,23 @@ sal_Bool SvDDEObject::Connect( SvBaseLink * pSvLink )
}
#if defined(WNT)
-
- // Server not up, try once more to start it.
- if( !bInWinExec )
+ // check the suitability of starting the DDE server
+ const SvtSecurityOptions aSecOpts;
+ bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE);
+ bForbidden |= (comphelper::string::indexOfAny(sServer, L":./%\\") != -1);
+ static const char* aBadServers[] = { "cmd", "rundll32" };
+ for (size_t i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i)
+ bForbidden |= sServer.equalsAscii(aBadServers[i]);
+
+ // try to start the DDE server if it is not there already
+ bForbidden |= (bInWinExec != false);
+ if( !bForbidden )
{
OStringBuffer aCmdLine(OUStringToOString(sServer, RTL_TEXTENCODING_ASCII_US));
aCmdLine.append(".exe ");
aCmdLine.append(OUStringToOString(sTopic, RTL_TEXTENCODING_ASCII_US));
- if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 )
+ if( WinExec( aCmdLine.getStr(), SW_SHOWMINIMIZED ) < 32 ) // TODO: use CreateProcess() instead
nError = DDELINK_ERROR_APP;
else
{
More information about the Libreoffice-commits
mailing list