[Libreoffice-commits] core.git: Branch 'distro/cib/libreoffice-5-4' - 4 commits - scripting/source sfx2/source shell/source
Stephan Bergmann (via logerrit)
logerrit at kemper.freedesktop.org
Wed Aug 7 11:33:46 UTC 2019
scripting/source/protocolhandler/scripthandler.cxx | 9 ++++-
scripting/source/pyprov/pythonscript.py | 32 +++++++++++++++++++--
sfx2/source/doc/objmisc.cxx | 21 +++++++------
shell/source/win32/SysShExec.cxx | 4 +-
4 files changed, 52 insertions(+), 14 deletions(-)
New commits:
commit 4a8acd18a7968151d107f71fbbeb17184d437ea7
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Tue Aug 6 13:29:22 2019 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 7 12:55:19 2019 +0200
Properly obtain location
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77023
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 28c6af3ddc283ca9c5712359a9abcb385c1575b4)
Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx
index 50188ae52e74..78ac379e09d8 100644
--- a/scripting/source/protocolhandler/scripthandler.cxx
+++ b/scripting/source/protocolhandler/scripthandler.cxx
@@ -51,6 +51,7 @@
#include "com/sun/star/uri/XUriReference.hpp"
#include "com/sun/star/uri/UriReferenceFactory.hpp"
#include "com/sun/star/uri/XVndSunStarScriptUrl.hpp"
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
#include <memory>
@@ -139,8 +140,12 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
{
try
{
- bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) !=-1 );
- // TODO: isn't this somewhat strange? This should be a test for a location=document parameter, shouldn't it?
+ css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+ css::uri::UriReferenceFactory::create(m_xContext));
+ css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+ urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW);
+ auto const loc = uri->getParameter("location");
+ bool bIsDocumentScript = loc == "document";
if ( bIsDocumentScript )
{
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 2bb7b143a6bc..7c27ae0d5a9d 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1396,19 +1396,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon
SAL_INFO("sfx", "in CallXScript" );
ErrCode nErr = ERRCODE_NONE;
- bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 );
- // TODO: we should parse the URL, and check whether there is a parameter with this name.
- // Otherwise, we might find too much.
- if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
- return ERRCODE_IO_ACCESSDENIED;
-
- if ( UnTrustedScript(_rScriptURL) )
- return ERRCODE_IO_ACCESSDENIED;
-
bool bCaughtException = false;
Any aException;
try
{
+ css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+ css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext()));
+ css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+ urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW);
+ auto const loc = uri->getParameter("location");
+ bool bIsDocumentScript = loc == "document";
+ if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+ return ERRCODE_IO_ACCESSDENIED;
+
+ if ( UnTrustedScript(_rScriptURL) )
+ return ERRCODE_IO_ACCESSDENIED;
+
// obtain/create a script provider
Reference< provider::XScriptProvider > xScriptProvider;
Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY );
commit 599aaa5dab1d609fe4a0bd5d6b69dd0cc89cc11c
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Sat Aug 3 16:37:48 2019 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 7 12:46:54 2019 +0200
keep name percent-encoded
Change-Id: I470c4b24192c3e3c9b556a9bbb3b084359e0033b
Reviewed-on: https://gerrit.libreoffice.org/77006
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 315c51731384230194af26b86a976bf5d06c9dcc)
diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index f5aa2173333a..7fd0a47fc57a 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -219,7 +219,9 @@ class MyUriHelper:
# path to the .py file + "$functionname, arguments, etc
xStorageUri = self.m_uriRefFac.parse(scriptURI)
- sStorageUri = xStorageUri.getName().replace( "|", "/" );
+ # getName will apply url-decoding to the name, so encode back
+ sStorageUri = xStorageUri.getName().replace("%", "%25")
+ sStorageUri = sStorageUri.replace( "|", "/" )
# path to the .py file, relative to the base
sFileUri = sStorageUri[0:sStorageUri.find("$")]
commit f858263c0f0a745e82b37fae12e41d8c540d2ec4
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Oct 18 20:39:23 2018 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 7 12:46:35 2019 +0200
keep pyuno script processing below base uri
Change-Id: Icc13fb7193fb1e7c50e0df286161a10b4ed636c7
Reviewed-on: https://gerrit.libreoffice.org/61969
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit b1c85cdb37a47998f8ab135fbc96f186334b171c)
diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index 4803d0bebc23..f5aa2173333a 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -25,6 +25,7 @@ import imp
import time
import ast
import platform
+from com.sun.star.uri.RelativeUriExcessParentSegments import RETAIN
try:
unicode
@@ -212,8 +213,33 @@ class MyUriHelper:
def scriptURI2StorageUri( self, scriptURI ):
try:
- myUri = self.m_uriRefFac.parse(scriptURI)
- ret = self.m_baseUri + "/" + myUri.getName().replace( "|", "/" )
+ # base path to the python script location
+ sBaseUri = self.m_baseUri + "/"
+ xBaseUri = self.m_uriRefFac.parse(sBaseUri)
+
+ # path to the .py file + "$functionname, arguments, etc
+ xStorageUri = self.m_uriRefFac.parse(scriptURI)
+ sStorageUri = xStorageUri.getName().replace( "|", "/" );
+
+ # path to the .py file, relative to the base
+ sFileUri = sStorageUri[0:sStorageUri.find("$")]
+ xFileUri = self.m_uriRefFac.parse(sFileUri)
+ if not xFileUri:
+ message = "pythonscript: invalid relative uri '" + sFileUri+ "'"
+ log.debug( message )
+ raise RuntimeException( message )
+
+ # absolute path to the .py file
+ xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN)
+ sAbsScriptUri = xAbsScriptUri.getUriReference()
+
+ # ensure py file is under the base path
+ if not sAbsScriptUri.startswith(sBaseUri):
+ message = "pythonscript: storage uri '" + sAbsScriptUri + "' not in base uri '" + self.m_baseUri + "'"
+ log.debug( message )
+ raise RuntimeException( message )
+
+ ret = sBaseUri + sStorageUri
log.debug( "converting scriptURI="+scriptURI + " to storageURI=" + ret )
return ret
except UnoException as e:
commit 0687df58e151a652257fc90f8f11972b8e21bb4c
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Thu Aug 1 10:52:12 2019 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 7 12:34:32 2019 +0200
tdf#126641: don't fail on file URLs with fragment
This only fixes part that the URL refuses to open the target file.
Honoring fragment isn't fixed here, since it's the system call to
ShellExecuteExW that in this case internally converts the file URL
into a system path, and strips the fragment from it.
Regression from commit d59ec4cd1660410fa1b18c50d2d83b1417a82ddc.
Change-Id: I6c9ed27e9a5bd7f2780dd3be96f816a6e825e043
Reviewed-on: https://gerrit.libreoffice.org/76778
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
(cherry picked from commit 2207269a84c7c9920af3385b837ce67978c720b4)
Reviewed-on: https://gerrit.libreoffice.org/76848
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit dd2b7919058fc0e23a7117d39110d3ecaaad1fb2)
Reviewed-on: https://gerrit.libreoffice.org/76881
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
(cherry picked from commit 72861eaf7cf9af3e7764b13d9e74edc5548806d2)
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 00e7b00ef6f1..6648d3f8d8a8 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -295,7 +295,9 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa
}
if (uri->getScheme().equalsIgnoreAsciiCase("file")) {
OUString pathname;
- auto const e1 = osl::FileBase::getSystemPathFromFileURL(aCommand, pathname);
+ uri->clearFragment(); // getSystemPathFromFileURL fails for URLs with fragment
+ auto const e1
+ = osl::FileBase::getSystemPathFromFileURL(uri->getUriReference(), pathname);
if (e1 != osl::FileBase::E_None) {
throw css::lang::IllegalArgumentException(
("XSystemShellExecute.execute, getSystemPathFromFileURL <" + aCommand
More information about the Libreoffice-commits
mailing list