include/svx/unoshape.hxx | 6 ++-
reportdesign/source/core/sdr/ReportDrawPage.cxx | 2 -
svx/source/unodraw/shapeimpl.hxx | 7 ++--
svx/source/unodraw/unomod.cxx | 6 +++
svx/source/unodraw/unopage.cxx | 14 ++++----
svx/source/unodraw/unoshap4.cxx | 38 +++++++++++++-----------
xmloff/source/draw/ximpshap.cxx | 4 ++
7 files changed, 46 insertions(+), 31 deletions(-)
New commits:
commit 125cf1525361c6cd699574f60b4cf12868188568
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed Sep 6 10:05:23 2023 +0100
Commit: Stephan Bergmann <sberg...@redhat.com>
CommitDate: Thu Sep 7 08:54:56 2023 +0200
add referer to ole objects
so we can identify what document is requesting their contents
extends:
commit 5668e73beb30b95abc6520b7432c54972ca3ab2c
Date: Wed Nov 20 14:43:45 2013 +0100
avmedia: Implement "block untrusted referer links" feature
See f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db "rhbz#887420 Implement
'block
untrusted referer links' feature" for details. This adds some further
/*TODO?*/
comments, and one known problem (marked /*TODO!*/) is that
movies/sounds are not
blocked during a slideshow presentation.
to these objects too, namely OLE2Shape and derivatives AppletShape,
FrameShape and PluginShape
so in paranoid mode we won't load the contents of such objects from
documents considered "untrusted".
Change-Id: I6d988035d0cd09fd3fade5f6885fe336c95579ab
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156598
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx
index 654c60bb3c5e..bbdb8bdd65de 100644
--- a/include/svx/unoshape.hxx
+++ b/include/svx/unoshape.hxx
@@ -590,6 +590,8 @@ public:
// #i118485# changed parent to SvxShapeText to allow Text handling over UNO API
class SVXCORE_DLLPUBLIC SvxOle2Shape : public SvxShapeText
{
+private:
+ OUString referer_;
protected:
// override these for special property handling in subcasses. Return true
if property is handled
virtual bool setPropertyValueImpl( const OUString& rName, const
SfxItemPropertyMapEntry* pProperty, const css::uno::Any& rValue ) override;
@@ -599,8 +601,8 @@ protected:
SvGlobalName GetClassName_Impl(OUString& rHexCLSID);
public:
- SvxOle2Shape(SdrObject* pObj);
- SvxOle2Shape(SdrObject* pObject, o3tl::span<const SfxItemPropertyMapEntry>
pPropertyMap, const SvxItemPropertySet* pPropertySet);
+ SvxOle2Shape(SdrObject* pObj, OUString referer);
+ SvxOle2Shape(SdrObject* pObject, OUString referer, o3tl::span<const
SfxItemPropertyMapEntry> pPropertyMap, const SvxItemPropertySet* pPropertySet);
virtual ~SvxOle2Shape() noexcept override;
bool createObject( const SvGlobalName &aClassName );
diff --git a/reportdesign/source/core/sdr/ReportDrawPage.cxx
b/reportdesign/source/core/sdr/ReportDrawPage.cxx
index 9c88a39990c1..b58b9f0a3cc9 100644
--- a/reportdesign/source/core/sdr/ReportDrawPage.cxx
+++ b/reportdesign/source/core/sdr/ReportDrawPage.cxx
@@ -122,7 +122,7 @@ uno::Reference< drawing::XShape >
OReportDrawPage::CreateShape( SdrObject *pObj
awt::Size aSz( aTmp.Width(), aTmp.Height() );
xObj->setVisualAreaSize( nAspect, aSz );
}
- rtl::Reference<SvxOle2Shape> pShape = new SvxOle2Shape( pObj );
+ rtl::Reference<SvxOle2Shape> pShape = new SvxOle2Shape( pObj, ""
/*TODO?*/ );
xShape = pShape;
pShape->setShapeKind(pObj->GetObjIdentifier());
}
diff --git a/svx/source/unodraw/shapeimpl.hxx b/svx/source/unodraw/shapeimpl.hxx
index 68189814fe6a..ce67e16bb572 100644
--- a/svx/source/unodraw/shapeimpl.hxx
+++ b/svx/source/unodraw/shapeimpl.hxx
@@ -36,7 +36,7 @@ protected:
virtual bool getPropertyValueImpl( const OUString& rName, const
SfxItemPropertyMapEntry* pProperty, css::uno::Any& rValue ) override;
public:
- explicit SvxPluginShape(SdrObject* pObj);
+ explicit SvxPluginShape(SdrObject* pObj, OUString referer);
virtual ~SvxPluginShape() noexcept override;
virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName,
const css::uno::Any& aValue ) override;
@@ -46,6 +46,7 @@ public:
virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override;
};
+
class SvxAppletShape : public SvxOle2Shape
{
protected:
@@ -54,7 +55,7 @@ protected:
virtual bool getPropertyValueImpl( const OUString& rName, const
SfxItemPropertyMapEntry* pProperty, css::uno::Any& rValue ) override;
public:
- explicit SvxAppletShape(SdrObject* pObj);
+ explicit SvxAppletShape(SdrObject* pObj, OUString referer);
virtual ~SvxAppletShape() noexcept override;
virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName,
const css::uno::Any& aValue ) override;
@@ -76,7 +77,7 @@ protected:
css::uno::Any& rValue) override;
public:
- explicit SvxFrameShape(SdrObject* pObj);
+ explicit SvxFrameShape(SdrObject* pObj, OUString referer);
virtual ~SvxFrameShape() noexcept override;
virtual void SAL_CALL setPropertyValue( const OUString& aPropertyName,
const css::uno::Any& aValue ) override;
diff --git a/svx/source/unodraw/unomod.cxx b/svx/source/unodraw/unomod.cxx
index b36eb09a5caa..4a562caeadad 100644
--- a/svx/source/unodraw/unomod.cxx
+++ b/svx/source/unodraw/unomod.cxx
@@ -210,7 +210,11 @@ uno::Reference< uno::XInterface > SAL_CALL
SvxUnoDrawMSFactory::createInstanceWi
{
OUString arg;
if ((ServiceSpecifier == "com.sun.star.drawing.GraphicObjectShape"
- || ServiceSpecifier == "com.sun.star.drawing.MediaShape")
+ || ServiceSpecifier == "com.sun.star.drawing.AppletShape"
+ || ServiceSpecifier == "com.sun.star.drawing.FrameShape"
+ || ServiceSpecifier == "com.sun.star.drawing.OLE2Shape"
+ || ServiceSpecifier == "com.sun.star.drawing.MediaShape"
+ || ServiceSpecifier == "com.sun.star.drawing.PluginShape")
&& Arguments.getLength() == 1 && (Arguments[0] >>= arg))
{
return create(ServiceSpecifier, arg);
diff --git a/svx/source/unodraw/unopage.cxx b/svx/source/unodraw/unopage.cxx
index 846e41ae590f..7c8ab3dde951 100644
--- a/svx/source/unodraw/unopage.cxx
+++ b/svx/source/unodraw/unopage.cxx
@@ -694,13 +694,13 @@ rtl::Reference<SvxShape>
SvxDrawPage::CreateShapeByTypeAndInventor( SdrObjKind n
pRet = new SvxGraphicObject( pObj );
break;
case SdrObjKind::OLEPluginFrame:
- pRet = new SvxFrameShape( pObj );
+ pRet = new SvxFrameShape( pObj, referer );
break;
case SdrObjKind::OLE2Applet:
- pRet = new SvxAppletShape( pObj );
+ pRet = new SvxAppletShape( pObj, referer );
break;
case SdrObjKind::OLE2Plugin:
- pRet = new SvxPluginShape( pObj );
+ pRet = new SvxPluginShape( pObj, referer );
break;
case SdrObjKind::OLE2:
{
@@ -728,17 +728,17 @@ rtl::Reference<SvxShape>
SvxDrawPage::CreateShapeByTypeAndInventor( SdrObjKind n
if( aPluginClassId == aClassId )
{
- pRet = new SvxPluginShape( pObj );
+ pRet = new SvxPluginShape( pObj,
referer );
nType = SdrObjKind::OLE2Plugin;
}
else if( aAppletClassId == aClassId )
{
- pRet = new SvxAppletShape( pObj );
+ pRet = new SvxAppletShape( pObj,
referer );
nType = SdrObjKind::OLE2Applet;
}
else if( aIFrameClassId == aClassId )
{
- pRet = new SvxFrameShape( pObj );
+ pRet = new SvxFrameShape( pObj,
referer );
nType = SdrObjKind::OLEPluginFrame;
}
}
@@ -748,7 +748,7 @@ rtl::Reference<SvxShape>
SvxDrawPage::CreateShapeByTypeAndInventor( SdrObjKind n
if( pRet == nullptr )
{
SvxUnoPropertyMapProvider& rSvxMapProvider =
getSvxMapProvider();
- pRet = new SvxOle2Shape( pObj,
rSvxMapProvider.GetMap(SVXMAP_OLE2),
rSvxMapProvider.GetPropertySet(SVXMAP_OLE2,
SdrObject::GetGlobalDrawObjectItemPool()) );
+ pRet = new SvxOle2Shape( pObj, referer,
rSvxMapProvider.GetMap(SVXMAP_OLE2),
rSvxMapProvider.GetPropertySet(SVXMAP_OLE2,
SdrObject::GetGlobalDrawObjectItemPool()) );
}
}
break;
diff --git a/svx/source/unodraw/unoshap4.cxx b/svx/source/unodraw/unoshap4.cxx
index 02790b767084..1fe494a07d6b 100644
--- a/svx/source/unodraw/unoshap4.cxx
+++ b/svx/source/unodraw/unoshap4.cxx
@@ -64,14 +64,16 @@ using namespace ::com::sun::star::container;
using namespace ::com::sun::star::beans;
-SvxOle2Shape::SvxOle2Shape(SdrObject* pObject)
-: SvxShapeText( pObject, getSvxMapProvider().GetMap(SVXMAP_OLE2),
-
getSvxMapProvider().GetPropertySet(SVXMAP_OLE2,SdrObject::GetGlobalDrawObjectItemPool())
)
+SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, OUString referer)
+ : SvxShapeText(pObject, getSvxMapProvider().GetMap(SVXMAP_OLE2),
+
getSvxMapProvider().GetPropertySet(SVXMAP_OLE2,SdrObject::GetGlobalDrawObjectItemPool()))
+ , referer_(std::move(referer))
{
}
-SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, o3tl::span<const
SfxItemPropertyMapEntry> pPropertyMap, const SvxItemPropertySet* pPropertySet)
-: SvxShapeText( pObject, pPropertyMap, pPropertySet )
+SvxOle2Shape::SvxOle2Shape(SdrObject* pObject, OUString referer,
o3tl::span<const SfxItemPropertyMapEntry> pPropertyMap, const
SvxItemPropertySet* pPropertySet)
+ : SvxShapeText(pObject, pPropertyMap, pPropertySet)
+ , referer_(std::move(referer))
{
}
@@ -448,16 +450,18 @@ void SvxOle2Shape::createLink( const OUString& aLinkURL )
::comphelper::IEmbeddedHelper* pPersist =
GetSdrObject()->getSdrModelFromSdrObject().GetPersist();
- uno::Sequence< beans::PropertyValue > aMediaDescr{
comphelper::makePropertyValue("URL",
-
aLinkURL) };
+ uno::Sequence< beans::PropertyValue > aMediaDescr{
+ comphelper::makePropertyValue("URL", aLinkURL),
+ comphelper::makePropertyValue("Referer", referer_)
+ };
uno::Reference< task::XInteractionHandler > xInteraction =
pPersist->getInteractionHandler();
if ( xInteraction.is() )
{
- aMediaDescr.realloc( 2 );
+ aMediaDescr.realloc( 3 );
auto pMediaDescr = aMediaDescr.getArray();
- pMediaDescr[1].Name = "InteractionHandler";
- pMediaDescr[1].Value <<= xInteraction;
+ pMediaDescr[2].Name = "InteractionHandler";
+ pMediaDescr[2].Value <<= xInteraction;
}
//TODO/LATER: how to cope with creation failure?!
@@ -558,8 +562,8 @@ OUString SvxOle2Shape::GetAndClearInitialFrameURL()
return OUString();
}
-SvxAppletShape::SvxAppletShape(SdrObject* pObject)
- : SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_APPLET),
getSvxMapProvider().GetPropertySet(SVXMAP_APPLET,
SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxAppletShape::SvxAppletShape(SdrObject* pObject, OUString referer)
+ : SvxOle2Shape(pObject, std::move(referer),
getSvxMapProvider().GetMap(SVXMAP_APPLET),
getSvxMapProvider().GetPropertySet(SVXMAP_APPLET,
SdrObject::GetGlobalDrawObjectItemPool()))
{
SetShapeType( "com.sun.star.drawing.AppletShape" );
}
@@ -629,8 +633,8 @@ bool SvxAppletShape::getPropertyValueImpl( const OUString&
rName, const SfxItemP
}
}
-SvxPluginShape::SvxPluginShape(SdrObject* pObject)
- : SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_PLUGIN),
getSvxMapProvider().GetPropertySet(SVXMAP_PLUGIN,
SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxPluginShape::SvxPluginShape(SdrObject* pObject, OUString referer)
+ : SvxOle2Shape(pObject, std::move(referer),
getSvxMapProvider().GetMap(SVXMAP_PLUGIN),
getSvxMapProvider().GetPropertySet(SVXMAP_PLUGIN,
SdrObject::GetGlobalDrawObjectItemPool()))
{
SetShapeType( "com.sun.star.drawing.PluginShape" );
}
@@ -700,9 +704,8 @@ bool SvxPluginShape::getPropertyValueImpl( const OUString&
rName, const SfxItemP
}
}
-
-SvxFrameShape::SvxFrameShape(SdrObject* pObject)
-: SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_FRAME),
getSvxMapProvider().GetPropertySet(SVXMAP_FRAME,
SdrObject::GetGlobalDrawObjectItemPool()) )
+SvxFrameShape::SvxFrameShape(SdrObject* pObject, OUString referer)
+ : SvxOle2Shape(pObject, std::move(referer),
getSvxMapProvider().GetMap(SVXMAP_FRAME),
getSvxMapProvider().GetPropertySet(SVXMAP_FRAME,
SdrObject::GetGlobalDrawObjectItemPool()))
{
SetShapeType( "com.sun.star.drawing.FrameShape" );
}
@@ -783,6 +786,7 @@ bool SvxFrameShape::getPropertyValueImpl(const OUString&
rName, const SfxItemPro
return SvxOle2Shape::getPropertyValueImpl( rName, pProperty, rValue );
}
}
+
SvxMediaShape::SvxMediaShape(SdrObject* pObj, OUString referer)
: SvxShape( pObj, getSvxMapProvider().GetMap(SVXMAP_MEDIA),
getSvxMapProvider().GetPropertySet(SVXMAP_MEDIA,
SdrObject::GetGlobalDrawObjectItemPool()) ),
referer_(std::move(referer))
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index 5e965eba5aaa..c32dd7cc847c 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -498,7 +498,11 @@ void SdXMLShapeContext::AddShape(OUString const &
serviceName)
xShape.set(xServiceFact->createInstance("com.sun.star.drawing.temporaryForXMLImportOLE2Shape"),
uno::UNO_QUERY);
}
else if (serviceName == "com.sun.star.drawing.GraphicObjectShape"
+ || serviceName == "com.sun.star.drawing.AppletShape"
+ || serviceName == "com.sun.star.drawing.FrameShape"
|| serviceName == "com.sun.star.drawing.MediaShape"
+ || serviceName == "com.sun.star.drawing.OLE2Shape"
+ || serviceName == "com.sun.star.drawing.PluginShape"
|| serviceName == "com.sun.star.presentation.MediaShape")
{
xShape.set( xServiceFact->createInstanceWithArguments(serviceName,
{ css::uno::Any(GetImport().GetDocumentBase()) }),
