[Libreoffice-commits] core.git: sfx2/source

Caolán McNamara (via logerrit) Tue, 11 Apr 2023 07:34:22 -0700

 sfx2/source/doc/iframe.cxx |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)


New commits:
commit dde90d1d06ab5f660d8f2cc729587698361e6748
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Apr 11 10:13:37 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Apr 11 16:33:53 2023 +0200

    set Referer on loading IFrames
    
    so tools, options, security, options,
    "block any links from document not..."
    applies to their contents.
    
    Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index b30063ee382e..3502a116c299 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -39,6 +39,7 @@
 #include <cppuhelper/supportsservice.hxx>
 #include <officecfg/Office/Common.hxx>
 #include <svl/itemprop.hxx>
+#include <sfx2/docfile.hxx>
 #include <sfx2/frmdescr.hxx>
 #include <sfx2/objsh.hxx>
 #include <sfx2/sfxdlg.hxx>
@@ -167,10 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
         uno::Reference < util::XURLTransformer > xTrans( 
util::URLTransformer::create( mxContext ) );
         xTrans->parseStrict( aTargetURL );
 
+        uno::Reference<frame::XFramesSupplier> xParentFrame = 
xFrame->getCreator();
+        SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
+
         if (INetURLObject(aTargetURL.Complete).GetProtocol() == 
INetProtocol::Macro)
         {
-            uno::Reference<frame::XFramesSupplier> xParentFrame = 
xFrame->getCreator();
-            SfxObjectShell* pDoc = 
SfxMacroLoader::GetObjectShell(xParentFrame);
             if (pDoc && !pDoc->AdjustMacroMode())
                 return false;
         }
@@ -178,6 +180,10 @@ sal_Bool SAL_CALL IFrameObject::load(
         if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete))
             return false;
 
+        OUString sReferer;
+        if (pDoc && pDoc->HasName())
+            sReferer = pDoc->GetMedium()->GetName();
+
         DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
         VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( 
xFrame->getContainerWindow() );
         VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( 
pParent, maFrmDescr.IsFrameBorderOn() );
@@ -204,7 +210,8 @@ sal_Bool SAL_CALL IFrameObject::load(
         uno::Sequence < beans::PropertyValue > aProps{
             comphelper::makePropertyValue("PluginMode", sal_Int16(2)),
             comphelper::makePropertyValue("ReadOnly", true),
-            comphelper::makePropertyValue("InteractionHandler", 
xInteractionHandler)
+            comphelper::makePropertyValue("InteractionHandler", 
xInteractionHandler),
+            comphelper::makePropertyValue("Referer", sReferer)
         };
         uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( 
aTargetURL, "_self", 0 );
         if ( xDisp.is() )

[Libreoffice-commits] core.git: sfx2/source

Reply via email to