diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-07-26 13:25:31 +0100 |
|---|---|---|
| committer | Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de> | 2019-08-16 13:50:03 +0200 |
| commit | b6ce222ceb15fa161bebe0279c01b9eac0e06000 (patch) | |
| tree | 64c36831b93c14208ad44f2c85672deb72de60f2 | |
| parent | tdf#126641: don't fail on file URLs with fragment (diff) | |
| download | core-b6ce222ceb15fa161bebe0279c01b9eac0e06000.tar.gz core-b6ce222ceb15fa161bebe0279c01b9eac0e06000.zip | |
decode url escape codes and check each path segment
Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
Reviewed-on: https://gerrit.libreoffice.org/76378
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 7942929685fafb0f9c82feb8da7279e5103c87f0)
Reviewed-on: https://gerrit.libreoffice.org/76453
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
| -rw-r--r-- | sfx2/source/doc/objmisc.cxx | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index b3e7e510fdeb..336a56c307e1 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -54,6 +54,8 @@ #include <com/sun/star/script/provider/XScriptProvider.hpp> #include <com/sun/star/script/provider/XScriptProviderSupplier.hpp> #include <com/sun/star/ucb/SimpleFileAccess.hpp> +#include <com/sun/star/uri/UriReferenceFactory.hpp> +#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp> #include <com/sun/star/util/XModifiable.hpp> #include <toolkit/helper/vclunohelper.hxx> @@ -1464,7 +1466,32 @@ namespace // don't allow LibreLogo to be used with our mouseover/etc dom-alike events bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL) { - return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo"); + if (!rScriptURL.startsWith("vnd.sun.star.script:")) + return false; + + // ensure URL Escape Codes are decoded + css::uno::Reference<css::uri::XUriReference> uri( + css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())->parse(rScriptURL)); + css::uno::Reference<css::uri::XVndSunStarScriptUrl> sfUri(uri, css::uno::UNO_QUERY); + + if (!sfUri.is()) + return false; + + OUString sScript = sfUri->getName(); + + // check if any path portion matches LibreLogo and ban it if it does + sal_Int32 nIndex = 0; + do + { + OUString aToken = sScript.getToken(0, '/', nIndex); + if (aToken.startsWithIgnoreAsciiCase("LibreLogo")) + { + return true; + } + } + while (nIndex >= 0); + + return false; } ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL, |