diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2013-11-14 10:39:27 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2013-11-14 11:13:25 +0100 |
| commit | f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db (patch) | |
| tree | 5f16cbc9fd307ec3d9f290ea5b93f8ceb500c726 /include | |
| parent | Minor clean-up (diff) | |
| download | core-f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db.tar.gz core-f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db.zip | |
rhbz#887420 Implement "block untrusted referer links" feature
For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks
configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and
SvxBrushItem::GetGraphicObject. Checking in additional places will probably be
necessary to block /all/ unwanted communication. Also, some places marked
/*TODO?*/ currently pass in an empty referer (which is always considered
trusted) and will probably need to be adapted.
Ideally, Referer URIs would never be empty (and consistently use something like
<private:user> for cases where access is explicitly initiated by the user and
should never be blocked), but that's a very daunting task, so start small by
identifying the places that potentially need blocking and adding appropriate
Referer URIs there. Also, Referer information should always be computed as
freshly as possible from the context in which an access attempt is made, but,
again, always carrying the information from the context all the way to the
relevant functions is a very daunting task, so for now store the information
upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...).
The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already
used to track macro execution, and there is one place in
SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked
by the user) is done that needs the current document's URI as Referer to check
execution of macro URIs but needs an empty (or <private:user>, see above)
Referer to not block non-macro URIs. Special code has been added there to
handle that.
Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9
Diffstat (limited to 'include')
| -rw-r--r-- | include/editeng/brushitem.hxx | 3 | ||||
| -rw-r--r-- | include/sfx2/docfile.hxx | 8 | ||||
| -rw-r--r-- | include/svx/svdograf.hxx | 3 | ||||
| -rw-r--r-- | include/svx/unopage.hxx | 2 | ||||
| -rw-r--r-- | include/svx/unoshape.hxx | 5 | ||||
| -rw-r--r-- | include/svx/xtable.hxx | 24 | ||||
| -rw-r--r-- | include/xmloff/settingsstore.hxx | 1 |
7 files changed, 31 insertions, 15 deletions
diff --git a/include/editeng/brushitem.hxx b/include/editeng/brushitem.hxx index 69e49b68e3ca..4ef5bfd4615c 100644 --- a/include/editeng/brushitem.hxx +++ b/include/editeng/brushitem.hxx @@ -51,6 +51,7 @@ class EDITENG_DLLPUBLIC SvxBrushItem : public SfxPoolItem sal_Int32 nShadingValue; SvxBrushItem_Impl* pImpl; OUString maStrLink; + OUString maReferer; OUString maStrFilter; SvxGraphicPosition eGraphicPos; sal_Bool bLoadAgain; @@ -71,7 +72,7 @@ public: SvxGraphicPosition ePos, sal_uInt16 nWhich ); SvxBrushItem( const GraphicObject& rGraphicObj, SvxGraphicPosition ePos, sal_uInt16 nWhich ); - SvxBrushItem( const OUString& rLink, const OUString& rFilter, + SvxBrushItem( const OUString& rLink, const OUString& rReferer, const OUString& rFilter, SvxGraphicPosition ePos, sal_uInt16 nWhich ); SvxBrushItem( const SvxBrushItem& ); SvxBrushItem( const CntWallpaperItem&, sal_uInt16 nWhich ); diff --git a/include/sfx2/docfile.hxx b/include/sfx2/docfile.hxx index 202fee5be28a..7ef8b9ea2443 100644 --- a/include/sfx2/docfile.hxx +++ b/include/sfx2/docfile.hxx @@ -76,6 +76,14 @@ public: StreamMode nOpenMode, const SfxFilter *pFilter = 0, SfxItemSet *pSet = 0 ); + /** + * @param pSet Takes ownership + */ + SfxMedium( const OUString &rName, + const OUString &rReferer, + StreamMode nOpenMode, + const SfxFilter *pFilter = 0, + SfxItemSet *pSet = 0 ); /** * @param pSet does NOT take ownership diff --git a/include/svx/svdograf.hxx b/include/svx/svdograf.hxx index 3b95cc583692..20151dde4a9a 100644 --- a/include/svx/svdograf.hxx +++ b/include/svx/svdograf.hxx @@ -79,6 +79,7 @@ private: GraphicAttr aGrafInfo; OUString aFileName; // Wenn es sich um einen Link handelt, steht hier der Dateiname drin. + OUString aReferer; OUString aFilterName; GraphicObject* pGraphic; // Zur Beschleunigung von Bitmapausgaben, besonders von gedrehten. GraphicObject* mpReplacementGraphic; @@ -137,7 +138,7 @@ public: void ForceSwapIn() const; void ForceSwapOut() const; - void SetGraphicLink(const OUString& rFileName, const OUString& rFilterName); + void SetGraphicLink(const OUString& rFileName, const OUString& rReferer, const OUString& rFilterName); void ReleaseGraphicLink(); bool IsLinkedGraphic() const; diff --git a/include/svx/unopage.hxx b/include/svx/unopage.hxx index dc36e83043f3..78bc0b414857 100644 --- a/include/svx/unopage.hxx +++ b/include/svx/unopage.hxx @@ -93,7 +93,7 @@ class SVX_DLLPUBLIC SvxDrawPage : public ::cppu::WeakAggImplHelper5< ::com::sun: // Can be used by derived classes to support their owen Shapes (e.g. Controls). virtual SdrObject *_CreateSdrObject( const ::com::sun::star::uno::Reference< ::com::sun::star::drawing::XShape >& xShape ) throw(); - static SvxShape* CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj = NULL, SvxDrawPage *pPage = NULL ) throw(); + static SvxShape* CreateShapeByTypeAndInventor( sal_uInt16 nType, sal_uInt32 nInventor, SdrObject *pObj = NULL, SvxDrawPage *pPage = NULL, OUString const & referer = OUString() ) throw(); // The following method is called if a SvxShape object is to be created. // Derived classes can create a derivation or an SvxShape aggregating object. diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx index 9190e6326c92..f7558b834fdf 100644 --- a/include/svx/unoshape.hxx +++ b/include/svx/unoshape.hxx @@ -653,8 +653,11 @@ protected: virtual bool getPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, ::com::sun::star::uno::Any& rValue ) throw(::com::sun::star::beans::UnknownPropertyException, ::com::sun::star::lang::WrappedTargetException, ::com::sun::star::uno::RuntimeException); public: - SvxGraphicObject( SdrObject* pObj ) throw(); + SvxGraphicObject( SdrObject* pObj, OUString const & referer ) throw(); virtual ~SvxGraphicObject() throw(); + +private: + OUString referer_; }; /*********************************************************************** diff --git a/include/svx/xtable.hxx b/include/svx/xtable.hxx index 5e26206adc00..71f0db76e78b 100644 --- a/include/svx/xtable.hxx +++ b/include/svx/xtable.hxx @@ -201,13 +201,14 @@ protected: XPropertyListType meType; OUString maName; // not persistent OUString maPath; + OUString maReferer; XPropertyEntryList_impl maList; bool mbListDirty; bool mbEmbedInDocument; - XPropertyList(XPropertyListType t, const OUString& rPath); + XPropertyList(XPropertyListType t, const OUString& rPath, const OUString& rReferer); virtual Bitmap CreateBitmapForUI(long nIndex) = 0; @@ -246,7 +247,7 @@ public: bool Load(); bool LoadFrom(const ::com::sun::star::uno::Reference< ::com::sun::star::embed::XStorage > &xStorage, - const OUString &rURL); + const OUString &rURL, const OUString &rReferer); bool Save(); bool SaveTo (const ::com::sun::star::uno::Reference< ::com::sun::star::embed::XStorage > &xStorage, @@ -256,7 +257,8 @@ public: // Factory method for sub-classes static XPropertyListRef CreatePropertyList(XPropertyListType t, - const OUString& rPath); + const OUString& rPath, + const OUString& rReferer); // as above but initializes name as expected static XPropertyListRef CreatePropertyListFromURL(XPropertyListType t, const OUString & rUrl); @@ -280,8 +282,8 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XColorList(const OUString& rPath) - : XPropertyList(XCOLOR_LIST, rPath) {} + XColorList(const OUString& rPath, const OUString& rReferer) + : XPropertyList(XCOLOR_LIST, rPath, rReferer) {} using XPropertyList::Replace; using XPropertyList::Remove; @@ -306,7 +308,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XLineEndList(const OUString& rPath); + XLineEndList(const OUString& rPath, const OUString& rReferer); virtual ~XLineEndList(); using XPropertyList::Remove; @@ -333,7 +335,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XDashList(const OUString& rPath); + XDashList(const OUString& rPath, const OUString& rReferer); virtual ~XDashList(); using XPropertyList::Replace; @@ -366,7 +368,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XHatchList(const OUString& rPath); + XHatchList(const OUString& rPath, const OUString& rReferer); virtual ~XHatchList(); using XPropertyList::Replace; @@ -388,7 +390,7 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XGradientList(const OUString& rPath); + XGradientList(const OUString& rPath, const OUString& rReferer); virtual ~XGradientList(); using XPropertyList::Replace; @@ -411,8 +413,8 @@ protected: virtual Bitmap CreateBitmapForUI(long nIndex); public: - explicit XBitmapList(const OUString& rPath) - : XPropertyList(XBITMAP_LIST, rPath) {} + XBitmapList(const OUString& rPath, const OUString& rReferer) + : XPropertyList(XBITMAP_LIST, rPath, rReferer) {} using XPropertyList::Replace; using XPropertyList::Remove; diff --git a/include/xmloff/settingsstore.hxx b/include/xmloff/settingsstore.hxx index e4212f553405..259897b18e65 100644 --- a/include/xmloff/settingsstore.hxx +++ b/include/xmloff/settingsstore.hxx @@ -23,6 +23,7 @@ public: // Import objects and update properties (eliding URLs) virtual com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> filterStreamsFromStorage( + OUString const & referer, const com::sun::star::uno::Reference< com::sun::star::embed::XStorage > &xStorage, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>& aConfigProps ) = 0; // Export objects and update properties with relative URLs into this storage |