This is an automated email from the ASF dual-hosted git repository.
mseidel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/trunk by this push:
new 97d21f8 Refs issue #i128453# (PR #132) remove warnings for safe
hyperlink types by Arrigo Marchiori (ardovm)
97d21f8 is described below
commit 97d21f8508e60d08ca791f6878c47c217554da12
Author: Arrigo Marchiori <ard...@yahoo.it>
AuthorDate: Sat Jun 12 23:00:31 2021 +0200
Refs issue #i128453# (PR #132) remove warnings for safe hyperlink types by
Arrigo Marchiori (ardovm)
* Update list of safe extensions
They should be all the extensions that AOO can open at the moment
* Ask for confirmation only when the OS is involved
(cherry picked from commit 807d57542e53bdb44102c979ea0721fc5369c78b)
---
.../data/org/openoffice/Office/Security.xcu | 270 +++++++++++++++++++++
main/sfx2/source/appl/appopen.cxx | 88 +++----
2 files changed, 305 insertions(+), 53 deletions(-)
diff --git a/main/officecfg/registry/data/org/openoffice/Office/Security.xcu
b/main/officecfg/registry/data/org/openoffice/Office/Security.xcu
index 67021a9..45e9c20 100644
--- a/main/officecfg/registry/data/org/openoffice/Office/Security.xcu
+++ b/main/officecfg/registry/data/org/openoffice/Office/Security.xcu
@@ -469,6 +469,276 @@
<value>xhp</value>
</prop>
</node>
+ <node oor:name="m90" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xhp</value>
+ </prop>
+ </node>
+ <node oor:name="m91" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odt</value>
+ </prop>
+ </node>
+ <node oor:name="m92" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>ott</value>
+ </prop>
+ </node>
+ <node oor:name="m93" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pdb</value>
+ </prop>
+ </node>
+ <node oor:name="m94" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>docx</value>
+ </prop>
+ </node>
+ <node oor:name="m95" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>docm</value>
+ </prop>
+ </node>
+ <node oor:name="m96" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>dotx</value>
+ </prop>
+ </node>
+ <node oor:name="m97" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>dotm</value>
+ </prop>
+ </node>
+ <node oor:name="m98" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>uot</value>
+ </prop>
+ </node>
+ <node oor:name="m99" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>psw</value>
+ </prop>
+ </node>
+ <node oor:name="m100" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>602</value>
+ </prop>
+ </node>
+ <node oor:name="m101" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>uof</value>
+ </prop>
+ </node>
+ <node oor:name="m102" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>ods</value>
+ </prop>
+ </node>
+ <node oor:name="m103" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>ots</value>
+ </prop>
+ </node>
+ <node oor:name="m104" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xlc</value>
+ </prop>
+ </node>
+ <node oor:name="m105" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xlm</value>
+ </prop>
+ </node>
+ <node oor:name="m106" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>slk</value>
+ </prop>
+ </node>
+ <node oor:name="m107" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xlsb</value>
+ </prop>
+ </node>
+ <node oor:name="m108" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xlsm</value>
+ </prop>
+ </node>
+ <node oor:name="m109" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xlsx</value>
+ </prop>
+ </node>
+ <node oor:name="m110" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xltm</value>
+ </prop>
+ </node>
+ <node oor:name="m111" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>xltx</value>
+ </prop>
+ </node>
+ <node oor:name="m112" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>wk1</value>
+ </prop>
+ </node>
+ <node oor:name="m113" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>wks</value>
+ </prop>
+ </node>
+ <node oor:name="m114" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>123</value>
+ </prop>
+ </node>
+ <node oor:name="m115" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>uos</value>
+ </prop>
+ </node>
+ <node oor:name="m116" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pxl</value>
+ </prop>
+ </node>
+ <node oor:name="m117" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>wb2</value>
+ </prop>
+ </node>
+ <node oor:name="m118" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odp</value>
+ </prop>
+ </node>
+ <node oor:name="m119" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>otp</value>
+ </prop>
+ </node>
+ <node oor:name="m120" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pps</value>
+ </prop>
+ </node>
+ <node oor:name="m121" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pptm</value>
+ </prop>
+ </node>
+ <node oor:name="m122" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pptx</value>
+ </prop>
+ </node>
+ <node oor:name="m123" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>potm</value>
+ </prop>
+ </node>
+ <node oor:name="m124" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>potx</value>
+ </prop>
+ </node>
+ <node oor:name="m125" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>uop</value>
+ </prop>
+ </node>
+ <node oor:name="m126" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odg</value>
+ </prop>
+ </node>
+ <node oor:name="m127" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>otg</value>
+ </prop>
+ </node>
+ <node oor:name="m128" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>pict</value>
+ </prop>
+ </node>
+ <node oor:name="m129" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>sgf</value>
+ </prop>
+ </node>
+ <node oor:name="m130" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>sgv</value>
+ </prop>
+ </node>
+ <node oor:name="m131" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>svm</value>
+ </prop>
+ </node>
+ <node oor:name="m132" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>dib</value>
+ </prop>
+ </node>
+ <node oor:name="m133" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>jpeg</value>
+ </prop>
+ </node>
+ <node oor:name="m134" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>jfif</value>
+ </prop>
+ </node>
+ <node oor:name="m135" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>jif</value>
+ </prop>
+ </node>
+ <node oor:name="m136" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>jpe</value>
+ </prop>
+ </node>
+ <node oor:name="m137" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>svg</value>
+ </prop>
+ </node>
+ <node oor:name="m138" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>tiff</value>
+ </prop>
+ </node>
+ <node oor:name="m139" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>oth</value>
+ </prop>
+ </node>
+ <node oor:name="m140" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odm</value>
+ </prop>
+ </node>
+ <node oor:name="m141" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odb</value>
+ </prop>
+ </node>
+ <node oor:name="m142" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>odf</value>
+ </prop>
+ </node>
+ <node oor:name="m143" oor:op="replace">
+ <prop oor:name="Extension" oor:type="xs:string">
+ <value>mml</value>
+ </prop>
+ </node>
</node>
<node oor:name="Hyperlinks">
<prop oor:name="Open" oor:type="xs:int">
diff --git a/main/sfx2/source/appl/appopen.cxx
b/main/sfx2/source/appl/appopen.cxx
index 44c3000..4b58708 100644
--- a/main/sfx2/source/appl/appopen.cxx
+++ b/main/sfx2/source/appl/appopen.cxx
@@ -930,58 +930,7 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq )
INetProtocol aINetProtocol =
aINetURLObject.GetProtocol();
SvtExtendedSecurityOptions aExtendedSecurityOptions;
SvtExtendedSecurityOptions::OpenHyperlinkMode eMode =
aExtendedSecurityOptions.GetOpenHyperlinkMode();
- if ( eMode ==
SvtExtendedSecurityOptions::OPEN_WITHSECURITYCHECK )
- {
- /*!!! pb: #i49802# no security warning any longer
- ardovm: Restored security checks in March 2021 */
- // Check if file URL is a directory. This is not insecure!
- sal_Bool bIsDir = aINetURLObject.hasFinalSlash() ||
- ( osl::Directory(aURL.Main).open() ==
- osl::Directory::E_None );
- // Use SvtExtendedSecurityOptions::IsSecureHyperlink()
- // to check the extension of the link destination.
- sal_Bool bSafeExtension =
aExtendedSecurityOptions.IsSecureHyperlink(aURL.Complete);
- // We consider some protocols unsafe
- sal_Bool bUnsafeProtocol;
- switch (aINetProtocol) {
- case INET_PROT_HTTP:
- case INET_PROT_HTTPS:
- bSafeExtension = true; // trust the browser to prevent
unsafe extensions
- // case INET_PROT_FTP:
- case INET_PROT_VND_SUN_STAR_HELP:
- case INET_PROT_MAILTO:
- bUnsafeProtocol = false;
- break;
- default: // Anything else, including INET_PROT_FILE
- bUnsafeProtocol = true;
- break;
- }
- if ( (!bIsDir && !bSafeExtension) || bUnsafeProtocol )
- {
- // Security check for local files depending on the
extension
- vos::OGuard aGuard( Application::GetSolarMutex() );
- Window *pWindow = SFX_APP()->GetTopWindow();
-
- String aSecurityWarningBoxTitle( SfxResId(
RID_SECURITY_WARNING_TITLE ));
- WarningBox aSecurityWarningBox( pWindow, SfxResId(
RID_SECURITY_WARNING_HYPERLINK ));
- aSecurityWarningBox.SetText( aSecurityWarningBoxTitle );
-
- // Replace %s with the real file name
- String aMsgText = aSecurityWarningBox.GetMessText();
- String aMainURL( aURL.Main );
- String aFileNameInMsg;
-
- if (!utl::LocalFileHelper::ConvertURLToPhysicalName(
aMainURL, aFileNameInMsg )) {
- aFileNameInMsg = aMainURL;
- }
- aMsgText.SearchAndReplaceAscii( "%s", aFileNameInMsg );
- aSecurityWarningBox.SetMessText( aMsgText );
-
- if( aSecurityWarningBox.Execute() == RET_NO )
- return;
- }
- }
- else if ( eMode == SvtExtendedSecurityOptions::OPEN_NEVER &&
aINetProtocol != INET_PROT_VND_SUN_STAR_HELP )
+ if ( eMode == SvtExtendedSecurityOptions::OPEN_NEVER &&
aINetProtocol != INET_PROT_VND_SUN_STAR_HELP )
{
vos::OGuard aGuard( Application::GetSolarMutex() );
Window *pWindow = SFX_APP()->GetTopWindow();
@@ -1097,7 +1046,40 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq )
if
(SFX_APP()->IsSecureURL(rtl::OUString(), &aReferer))
{
::rtl::OUString
aURLString( aURL.Complete );
-
+ // Before letting the OS execute the URL, we
may have to request for
+ // confirmation
+ if ( eMode ==
SvtExtendedSecurityOptions::OPEN_WITHSECURITYCHECK ) {
+ // Check if file URL is a directory. This
is not insecure!
+ sal_Bool bIsDir =
aINetURLObject.hasFinalSlash() ||
+ ( osl::Directory(aURL.Main).open() ==
+ osl::Directory::E_None );
+ // Use
SvtExtendedSecurityOptions::IsSecureHyperlink()
+ // to check the extension of the link
destination.
+ sal_Bool bSafeExtension =
aExtendedSecurityOptions.IsSecureHyperlink(aURL.Complete);
+ if (!bIsDir && !bSafeExtension) {
+ // Security check for local files
depending on the extension
+ vos::OGuard aGuard(
Application::GetSolarMutex() );
+ Window *pWindow =
SFX_APP()->GetTopWindow();
+
+ String aSecurityWarningBoxTitle(
SfxResId( RID_SECURITY_WARNING_TITLE ));
+ WarningBox aSecurityWarningBox(
pWindow, SfxResId( RID_SECURITY_WARNING_HYPERLINK ));
+ aSecurityWarningBox.SetText(
aSecurityWarningBoxTitle );
+
+ // Replace %s with the real file name
+ String aMsgText =
aSecurityWarningBox.GetMessText();
+ String aMainURL( aURL.Main );
+ String aFileNameInMsg;
+
+ if
(!utl::LocalFileHelper::ConvertURLToPhysicalName( aMainURL, aFileNameInMsg )) {
+ aFileNameInMsg = aMainURL;
+ }
+ aMsgText.SearchAndReplaceAscii( "%s",
aFileNameInMsg );
+ aSecurityWarningBox.SetMessText(
aMsgText );
+
+ if( aSecurityWarningBox.Execute() ==
RET_NO )
+ return;
+ }
+ }
try
{
// give
os this file
