[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - sfx2/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Mon Aug 5 16:07:40 UTC 2019 

 sfx2/source/doc/objmisc.cxx |   29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

New commits:
commit 439d2904f5624e87c73cbd1ea1b17b428e06b0a8
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Jul 26 13:25:31 2019 +0100
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Aug 5 18:07:01 2019 +0200

    decode url escape codes and check each path segment
    
    Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
    Reviewed-on: https://gerrit.libreoffice.org/76396
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    Tested-by: Jenkins
    (cherry picked from commit 8c51b91f13b391982084e5d4081b219d9e19308f)
    Reviewed-on: https://gerrit.libreoffice.org/76945
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Andras Timar <andras.timar at collabora.com>
    Reviewed-on: https://gerrit.libreoffice.org/76985

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 667f3f789c66..a66eeefc1d45 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -41,6 +41,8 @@
 #include <com/sun/star/script/provider/XScriptProvider.hpp>
 #include <com/sun/star/script/provider/XScriptProviderSupplier.hpp>
 #include <com/sun/star/ucb/SimpleFileAccess.hpp>
+#include <com/sun/star/uri/UriReferenceFactory.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
 #include <com/sun/star/util/XModifiable.hpp>
 
 #include <toolkit/helper/vclunohelper.hxx>
@@ -1350,7 +1352,32 @@ namespace
 // don't allow LibreLogo to be used with our mouseover/etc dom-alike events
 bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
 {
-    return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
+    if (!rScriptURL.startsWith("vnd.sun.star.script:"))
+        return false;
+
+    // ensure URL Escape Codes are decoded
+    css::uno::Reference<css::uri::XUriReference> uri(
+        css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())->parse(rScriptURL));
+    css::uno::Reference<css::uri::XVndSunStarScriptUrl> sfUri(uri, css::uno::UNO_QUERY);
+
+    if (!sfUri.is())
+        return false;
+
+    OUString sScript = sfUri->getName();
+
+    // check if any path portion matches LibreLogo and ban it if it does
+    sal_Int32 nIndex = 0;
+    do
+    {
+        OUString aToken = sScript.getToken(0, '/', nIndex);
+        if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
+        {
+            return true;
+        }
+    }
+    while (nIndex >= 0);
+
+    return false;
 }
 
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,

More information about the Libreoffice-commits mailing list