[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.2' - sfx2/source

[Caolán McNamara (via logerrit)]

 sfx2/source/doc/objmisc.cxx |   29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

New commits:
commit 0e155fb648338d611b2d0cfdb3b43a915c893954
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Jul 26 13:25:31 2019 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Aug 5 10:54:02 2019 +0200

    decode url escape codes and check each path segment
    
    Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
    Reviewed-on: https://gerrit.libreoffice.org/76396
    Reviewed-by: Michael Stahl <michael.st...@cib.de>
    Tested-by: Jenkins
    (cherry picked from commit 8c51b91f13b391982084e5d4081b219d9e19308f)
    Reviewed-on: https://gerrit.libreoffice.org/76945
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 7411eacd592a..f6712b5cdff9 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -42,6 +42,8 @@
 #include <com/sun/star/script/provider/XScriptProvider.hpp>
 #include <com/sun/star/script/provider/XScriptProviderSupplier.hpp>
 #include <com/sun/star/ucb/SimpleFileAccess.hpp>
+#include <com/sun/star/uri/UriReferenceFactory.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
 #include <com/sun/star/util/XModifiable.hpp>
 
 #include <toolkit/helper/vclunohelper.hxx>
@@ -1343,7 +1345,32 @@ namespace
 // don't allow LibreLogo to be used with our mouseover/etc dom-alike events
 bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
 {
-    return 
rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
+    if (!rScriptURL.startsWith("vnd.sun.star.script:"))
+        return false;
+
+    // ensure URL Escape Codes are decoded
+    css::uno::Reference<css::uri::XUriReference> uri(
+        
css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())->parse(rScriptURL));
+    css::uno::Reference<css::uri::XVndSunStarScriptUrl> sfUri(uri, 
css::uno::UNO_QUERY);
+
+    if (!sfUri.is())
+        return false;
+
+    OUString sScript = sfUri->getName();
+
+    // check if any path portion matches LibreLogo and ban it if it does
+    sal_Int32 nIndex = 0;
+    do
+    {
+        OUString aToken = sScript.getToken(0, '/', nIndex);
+        if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
+        {
+            return true;
+        }
+    }
+    while (nIndex >= 0);
+
+    return false;
 }
 
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& 
_rxScriptContext, const OUString& _rScriptURL,
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits