diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2022-02-22 09:41:26 +0000 |
|---|---|---|
| committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2022-02-28 19:16:13 +0100 |
| commit | fdb80b1c6280410223b10b4f38f7e137730380d4 (patch) | |
| tree | 5e72cca9130e517927a94ac3b7462ef040a55120 | |
| parent | add to suffix denylist (diff) | |
| download | core-fdb80b1c6280410223b10b4f38f7e137730380d4.tar.gz core-fdb80b1c6280410223b10b4f38f7e137730380d4.zip | |
add to suffix denylist
mostly https: //support.google.com/mail/answer/6590?hl=en#zippy=%2Cmessages-that-have-attachments
but see also:
https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows
Change-Id: Ibe3abbdcdb6f82a73d245318ef97d86789d00523
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130394
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130383
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
| -rw-r--r-- | shell/source/win32/SysShExec.cxx | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index ba8dc4e8a3ae..d01c01f839ea 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -343,8 +343,12 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa if (!(checkExtension(ext, env) && checkExtension( ext, - ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.MSI;.PY;.CLASS;" - ".JAR;.APPLICATION;.LNK;.SCR"))) + ".ADE;.ADP;.APK;.APPLICATION;.APPX;.APPXBUNDLE;.BAT;.CAB;.CHM;.CLASS;" + ".CMD;.COM;.CPL;.DLL;.DMG;.EX;.EX_;.EXE;.GADGET;.HTA;.INF;.INS;.IPA;" + ".ISO;.ISP;.JAR;.JS;.JSE;.LIB;.LNK;.MDE;.MSC;.MSH;.MSH1;.MSH2;.MSHXML;" + ".MSH1XML;.MSH2XML;.MSI;.MSIX;.MSIXBUNDLE;.MSP;.MST;.NSH;.PIF;.PS1;" + ".PS1XML;.PS2;.PS2XML;.PSC1;.PSC2;.PY;.REG;.SCF;.SCR;.SCT;.SHB;.SYS;" + ".VB;.VBE;.VBS;.VXD;.WS;.WSC;.WSF;.WSH;"))) { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, |