[Libreoffice-commits] online.git: loleaflet/html loleaflet/src wsd/ClientSession.cpp wsd/FileServer.cpp

Ashod Nakashian (via logerrit) logerrit at kemper.freedesktop.org
Fri Nov 22 00:51:30 UTC 2019 

 loleaflet/html/framed.doc.html        |    5 +++--
 loleaflet/src/map/handler/Map.WOPI.js |    5 ++++-
 wsd/ClientSession.cpp                 |    5 +++++
 wsd/FileServer.cpp                    |    5 +++--
 4 files changed, 15 insertions(+), 5 deletions(-)

New commits:
commit 7c4ba459ff70bf4050ad4a936796845f04f6b127
Author:     Ashod Nakashian <ashod.nakashian at collabora.co.uk>
AuthorDate: Sat Nov 16 11:59:39 2019 -0500
Commit:     Ashod Nakashian <ashnakash at gmail.com>
CommitDate: Fri Nov 22 01:51:11 2019 +0100

    Encode the ExtendedData to make it safer while embedding in messages
    
    Change-Id: I1d4bdb2775d89e9a52a96d833228ca8577ee3561
    Reviewed-on: https://gerrit.libreoffice.org/83044
    Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
    Tested-by: Ashod Nakashian <ashnakash at gmail.com>

diff --git a/loleaflet/html/framed.doc.html b/loleaflet/html/framed.doc.html
index 80f842c40..df0207c84 100644
--- a/loleaflet/html/framed.doc.html
+++ b/loleaflet/html/framed.doc.html
@@ -48,7 +48,7 @@
 
       function save() {
         post({'MessageId': 'Action_Save',
-              'Values': { 'Notify': true, 'ExtendedData': 'CustomFlag=CustomValue;AnotherFlag=AnotherValue' }
+              'Values': { 'Notify': true, 'ExtendedData': 'CustomFlag=Custom Value;AnotherFlag=AnotherValue' }
             });
       }
 
@@ -126,9 +126,10 @@
 
   <body style="user-select: none;">
 
+    <p>Note: Set net/frame_ancestors in loolwsd.xml to contain 'file:' (without the quotes, but with the colon), otherwise you will get CSP violation. And force reload, or clear caches, otherwise you might get served from the browser cache..</p>
     <form id="insert-text-form">
       Click <button onclick="insertText(document.forms['insert-text-form'].elements['source'].value); return false;">here</button> to insert the following text into the document:
-      <textarea name="source" value="" rows="10" cols="80"></textarea>
+      <textarea name="source" value="" rows="5" cols="50"></textarea>
     </form>
 
     <form id="insert-text-form">
diff --git a/loleaflet/src/map/handler/Map.WOPI.js b/loleaflet/src/map/handler/Map.WOPI.js
index 9c3201554..dcd401407 100644
--- a/loleaflet/src/map/handler/Map.WOPI.js
+++ b/loleaflet/src/map/handler/Map.WOPI.js
@@ -142,7 +142,9 @@ L.Map.WOPI = L.Handler.extend({
 	},
 
 	_postMessageListener: function(e) {
-		if (e.origin !== window.parent.origin) {
+
+		// e.origin === 'null' when sandboxed (i.e. when the parent is a file on local filesystem).
+		if (e.origin !== 'null' && e.origin !== window.parent.origin) {
 			return;
 		}
 
@@ -321,6 +323,7 @@ L.Map.WOPI = L.Handler.extend({
 			var dontTerminateEdit = msg.Values && msg.Values['DontTerminateEdit'];
 			var dontSaveIfUnmodified = msg.Values && msg.Values['DontSaveIfUnmodified'];
 			var extendedData = msg.Values && msg.Values['ExtendedData'];
+			extendedData = encodeURIComponent(extendedData);
 			this._notifySave = msg.Values && msg.Values['Notify'];
 
 			this._map.save(dontTerminateEdit, dontSaveIfUnmodified, extendedData);
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index e0ba29bb2..c55985a9f 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -524,7 +524,12 @@ bool ClientSession::_handleInput(const char *buffer, int length)
 
             std::string extendedData;
             if (tokens.size() > 3)
+            {
                 getTokenString(tokens[3], "extendedData", extendedData);
+                std::string decoded;
+                Poco::URI::decode(extendedData, decoded);
+                extendedData = decoded;
+            }
 
             constexpr bool isAutosave = false;
             constexpr bool isExitSave = false;
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 5f49450c1..3cf3fbc51 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -276,7 +276,7 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request, Poco::M
         std::string path(requestUri.getPath());
         if (path.find("loleaflet/" LOOLWSD_VERSION_HASH "/") == std::string::npos)
         {
-            LOG_WRN("client - server version mismatch, disabling browser cache.");
+            LOG_WRN("client - server version mismatch, disabling browser cache. Expected: " LOOLWSD_VERSION_HASH);
             noCache = true;
         }
 
@@ -845,7 +845,8 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco::
         oss.str(preprocess);
     }
 
-    socket->send(oss.str());
+    preprocess = oss.str();
+    socket->send(preprocess);
     LOG_DBG("Sent file: " << relPath << ": " << preprocess);
 }

More information about the Libreoffice-commits mailing list