[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - sw/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Wed Jul 18 19:18:30 UTC 2018
sw/source/filter/html/htmlgrin.cxx | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
New commits:
commit 72dc4c2633fb866cc8b42dc742bffc57c23e9889
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Jul 17 09:58:56 2018 +0100
Commit: Eike Rathke <erack at redhat.com>
CommitDate: Wed Jul 18 21:18:02 2018 +0200
put load of html images (to measure dimensions) under referer control
Change-Id: I1de4a5214ef48394dcafa97e4ea12bb460f2fba2
Reviewed-on: https://gerrit.libreoffice.org/57566
Tested-by: Jenkins
Reviewed-by: Eike Rathke <erack at redhat.com>
diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index 0a9050f3475a..8e61296d5389 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -299,6 +299,20 @@ void SwHTMLParser::GetDefaultScriptType( ScriptType& rType,
rTypeStr = GetScriptTypeString( pHeaderAttrs );
}
+namespace
+{
+ bool allowAccessLink(SwDoc& rDoc)
+ {
+ OUString sReferer;
+ SfxObjectShell * sh = rDoc.GetPersist();
+ if (sh != nullptr && sh->HasName())
+ {
+ sReferer = sh->GetMedium()->GetName();
+ }
+ return !SvtSecurityOptions().isUntrustedReferer(sReferer);
+ }
+}
+
/* */
void SwHTMLParser::InsertImage()
@@ -627,7 +641,7 @@ IMAGE_SETEVENT:
bool bSetScaleImageMap = false;
sal_uInt8 nPrcWidth = 0, nPrcHeight = 0;
- if (!nWidth || !nHeight)
+ if ((!nWidth || !nHeight) && allowAccessLink(*m_xDoc))
{
GraphicDescriptor aDescriptor(aGraphicURL);
if (aDescriptor.Detect(/*bExtendedInfo=*/true))
More information about the Libreoffice-commits
mailing list