[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - sw/source

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Wed Jul 18 19:18:30 UTC 2018


 sw/source/filter/html/htmlgrin.cxx |   16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

New commits:
commit 72dc4c2633fb866cc8b42dc742bffc57c23e9889
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Jul 17 09:58:56 2018 +0100
Commit:     Eike Rathke <erack at redhat.com>
CommitDate: Wed Jul 18 21:18:02 2018 +0200

    put load of html images (to measure dimensions) under referer control
    
    Change-Id: I1de4a5214ef48394dcafa97e4ea12bb460f2fba2
    Reviewed-on: https://gerrit.libreoffice.org/57566
    Tested-by: Jenkins
    Reviewed-by: Eike Rathke <erack at redhat.com>

diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index 0a9050f3475a..8e61296d5389 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -299,6 +299,20 @@ void SwHTMLParser::GetDefaultScriptType( ScriptType& rType,
     rTypeStr = GetScriptTypeString( pHeaderAttrs );
 }
 
+namespace
+{
+    bool allowAccessLink(SwDoc& rDoc)
+    {
+        OUString sReferer;
+        SfxObjectShell * sh = rDoc.GetPersist();
+        if (sh != nullptr && sh->HasName())
+        {
+            sReferer = sh->GetMedium()->GetName();
+        }
+        return !SvtSecurityOptions().isUntrustedReferer(sReferer);
+    }
+}
+
 /*  */
 
 void SwHTMLParser::InsertImage()
@@ -627,7 +641,7 @@ IMAGE_SETEVENT:
     bool bSetScaleImageMap = false;
     sal_uInt8 nPrcWidth = 0, nPrcHeight = 0;
 
-    if (!nWidth || !nHeight)
+    if ((!nWidth || !nHeight) && allowAccessLink(*m_xDoc))
     {
         GraphicDescriptor aDescriptor(aGraphicURL);
         if (aDescriptor.Detect(/*bExtendedInfo=*/true))


More information about the Libreoffice-commits mailing list