[Libreoffice-commits] core.git: include/sfx2 sfx2/source svx/source sw/source

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Tue Jul 17 10:35:03 UTC 2018


 include/sfx2/linkmgr.hxx            |    7 ++++---
 sfx2/source/appl/linkmgr2.cxx       |   11 +++++++----
 svx/source/svdraw/svdograf.cxx      |    2 +-
 sw/source/core/docnode/swbaslnk.cxx |    9 ++++++++-
 4 files changed, 20 insertions(+), 9 deletions(-)

New commits:
commit 77519d83eb796f75d73e872356e4100017673653
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Jul 17 09:08:51 2018 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Jul 17 12:34:40 2018 +0200

    bubble referer to LinkManager::GetGraphicFromAny
    
    Change-Id: Id2c6d629692a365f96f3f81c5686930668389a6a
    Reviewed-on: https://gerrit.libreoffice.org/57546
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/include/sfx2/linkmgr.hxx b/include/sfx2/linkmgr.hxx
index b1057aef5f1a..128dd47e4462 100644
--- a/include/sfx2/linkmgr.hxx
+++ b/include/sfx2/linkmgr.hxx
@@ -156,9 +156,10 @@ public:
 
     // if the mimetype says graphic/bitmap/gdimetafile then get the
     // graphic from the Any. Return says no errors
-    static bool GetGraphicFromAny( const OUString& rMimeType,
-                                const css::uno::Any & rValue,
-                                Graphic& rGrf );
+    static bool GetGraphicFromAny(const OUString& rMimeType,
+                                  const css::uno::Any & rValue,
+                                  const OUString& rReferer,
+                                  Graphic& rGrf);
 
 private:
                 LinkManager( const LinkManager& ) = delete;
diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx
index 64e89a927f12..b503e06f0cf6 100644
--- a/sfx2/source/appl/linkmgr2.cxx
+++ b/sfx2/source/appl/linkmgr2.cxx
@@ -40,6 +40,7 @@
 #include <sfx2/request.hxx>
 #include <vcl/dibtools.hxx>
 #include <unotools/charclass.hxx>
+#include <unotools/securityoptions.hxx>
 #include <vcl/GraphicLoader.hxx>
 
 #include "fileobj.hxx"
@@ -497,9 +498,10 @@ SotClipboardFormatId LinkManager::RegisterStatusInfoId()
     return nFormat;
 }
 
-bool LinkManager::GetGraphicFromAny( const OUString& rMimeType,
-                                const css::uno::Any & rValue,
-                                Graphic& rGraphic )
+bool LinkManager::GetGraphicFromAny(const OUString& rMimeType,
+                                    const css::uno::Any & rValue,
+                                    const OUString& rReferer,
+                                    Graphic& rGraphic )
 {
     bool bRet = false;
 
@@ -509,7 +511,8 @@ bool LinkManager::GetGraphicFromAny( const OUString& rMimeType,
     if (rValue.has<OUString>())
     {
         OUString sURL = rValue.get<OUString>();
-        rGraphic = vcl::graphic::loadFromURL(sURL);
+        if (!SvtSecurityOptions().isUntrustedReferer(rReferer))
+            rGraphic = vcl::graphic::loadFromURL(sURL);
         if (!rGraphic)
             rGraphic.SetDefaultType();
         rGraphic.setOriginURL(sURL);
diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx
index f4a68a78f22c..4a73f2bd8bb3 100644
--- a/svx/source/svdraw/svdograf.cxx
+++ b/svx/source/svdraw/svdograf.cxx
@@ -226,7 +226,7 @@ void SdrGraphicLink::RemoveGraphicUpdater()
         sfx2::LinkManager::GetDisplayNames( this, nullptr, &rGrafObj.aFileName, nullptr, &rGrafObj.aFilterName );
 
         Graphic aGraphic;
-        if( sfx2::LinkManager::GetGraphicFromAny( rMimeType, rValue, aGraphic ))
+        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, getReferer(), aGraphic))
         {
             rGrafObj.ImpSetLinkedGraphic(aGraphic);
         }
diff --git a/sw/source/core/docnode/swbaslnk.cxx b/sw/source/core/docnode/swbaslnk.cxx
index 1c5af6aabbe1..5d38d9371efb 100644
--- a/sw/source/core/docnode/swbaslnk.cxx
+++ b/sw/source/core/docnode/swbaslnk.cxx
@@ -141,7 +141,14 @@ static void lcl_CallModify( SwGrfNode& rGrfNd, SfxPoolItem& rItem )
 
         Graphic aGrf;
 
-        if( sfx2::LinkManager::GetGraphicFromAny( rMimeType, rValue, aGrf ) &&
+        OUString sReferer;
+        SfxObjectShell * sh = pDoc->GetPersist();
+        if (sh != nullptr && sh->HasName())
+        {
+            sReferer = sh->GetMedium()->GetName();
+        }
+
+        if( sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, sReferer, aGrf) &&
             ( GraphicType::Default != aGrf.GetType() ||
               GraphicType::Default != rGrfObj.GetType() ) )
         {


More information about the Libreoffice-commits mailing list