[Libreoffice-commits] core.git: Branch 'libreoffice-6-3-0' - sfx2/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Tue Jul 30 12:42:43 UTC 2019 

 sfx2/source/doc/objmisc.cxx |   29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

New commits:
commit 5c3ba8ae6bc2521b44a78b33e354fe906a74014e
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Jul 26 13:25:31 2019 +0100
Commit:     Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
CommitDate: Tue Jul 30 14:41:37 2019 +0200

    decode url escape codes and check each path segment
    
    Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
    Reviewed-on: https://gerrit.libreoffice.org/76395
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    Tested-by: Jenkins
    (cherry picked from commit 0344b7684753876a3148a47d1e131a1b13595f63)
    Reviewed-on: https://gerrit.libreoffice.org/76538
    Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
    Tested-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 0e188b925784..8a6ff1b41611 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -43,6 +43,8 @@
 #include <com/sun/star/script/provider/XScriptProvider.hpp>
 #include <com/sun/star/script/provider/XScriptProviderSupplier.hpp>
 #include <com/sun/star/ucb/SimpleFileAccess.hpp>
+#include <com/sun/star/uri/UriReferenceFactory.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
 #include <com/sun/star/util/XModifiable.hpp>
 
 #include <toolkit/helper/vclunohelper.hxx>
@@ -1347,7 +1349,32 @@ namespace
 // don't allow LibreLogo to be used with our mouseover/etc dom-alike events
 bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
 {
-    return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
+    if (!rScriptURL.startsWith("vnd.sun.star.script:"))
+        return false;
+
+    // ensure URL Escape Codes are decoded
+    css::uno::Reference<css::uri::XUriReference> uri(
+        css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())->parse(rScriptURL));
+    css::uno::Reference<css::uri::XVndSunStarScriptUrl> sfUri(uri, css::uno::UNO_QUERY);
+
+    if (!sfUri.is())
+        return false;
+
+    OUString sScript = sfUri->getName();
+
+    // check if any path portion matches LibreLogo and ban it if it does
+    sal_Int32 nIndex = 0;
+    do
+    {
+        OUString aToken = sScript.getToken(0, '/', nIndex);
+        if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
+        {
+            return true;
+        }
+    }
+    while (nIndex >= 0);
+
+    return false;
 }
 
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,

More information about the Libreoffice-commits mailing list