[Libreoffice-commits] online.git: wsd/ClientSession.cpp wsd/protocol.txt
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Thu May 23 11:13:48 UTC 2019
wsd/ClientSession.cpp | 11 ++++++++---
wsd/protocol.txt | 5 +++++
2 files changed, 13 insertions(+), 3 deletions(-)
New commits:
commit 24b9d6008d43e1f1f7dd90fb160fb217a2dc2c6d
Author: Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Thu May 23 12:11:58 2019 +0100
Commit: Michael Meeks <michael.meeks at collabora.com>
CommitDate: Thu May 23 12:13:11 2019 +0100
Don't allow readonly views to removesession on editors.
Change-Id: I5c00b83d5a3a5fc59f7c722b9ed7f9753b2b0dc8
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index df68df351..576e64f59 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -366,9 +366,14 @@ bool ClientSession::_handleInput(const char *buffer, int length)
return true;
}
else if (tokens[0] == "removesession") {
- std::string sessionId = Util::encodeId(std::stoi(tokens[1]), 4);
- docBroker->broadcastMessage(firstLine);
- docBroker->removeSession(sessionId);
+ if (tokens.size() > 1 && (_isDocumentOwner || !isReadOnly()))
+ {
+ std::string sessionId = Util::encodeId(std::stoi(tokens[1]), 4);
+ docBroker->broadcastMessage(firstLine);
+ docBroker->removeSession(sessionId);
+ }
+ else
+ LOG_WRN("Readonly session '" << getId() << "' trying to kill another view");
}
else if (tokens[0] == "renamefile") {
std::string encodedWopiFilename;
diff --git a/wsd/protocol.txt b/wsd/protocol.txt
index e1c229665..e1e4f64f8 100644
--- a/wsd/protocol.txt
+++ b/wsd/protocol.txt
@@ -236,6 +236,11 @@ rendershapeselection mimetype=<mimeType>
Request rendering of selected shapes into an SVG format.
By now only SVG mimetype is handled (image/svg+xml)
+removesession <viewid>
+
+ Requests the removal of a given view from the document. Lower
+ privilege views cannot remove higher ones, eg. a readonly view
+ can't remove an editor.
server -> client
================
More information about the Libreoffice-commits
mailing list