include/tools/urlobj.hxx | 5 +++++
sfx2/source/doc/iframe.cxx | 6 +++++-
tools/source/fsys/urlobj.cxx | 8 ++++++++
3 files changed, 18 insertions(+), 1 deletion(-)
New commits:
commit bd9263bb6d0222e89e44fbff51d0d094dad8e281
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Nov 3 17:14:26 2023 +0000
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Wed Nov 8 08:08:43 2023 +0100
add some protocols that don't make sense as floating frame targets
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158901
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit ca5225ae4a53a8e99640cfa9440e112f3b39b11b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159033
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
index 82b30fe2676b..07e31409c0e9 100644
--- a/include/tools/urlobj.hxx
+++ b/include/tools/urlobj.hxx
@@ -915,6 +915,11 @@ public:
void changeScheme(INetProtocol eTargetScheme);
+ // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
+ // vnd.sun.star.script, etc. All the types of URLs which shouldn't
+ // be accepted from an outside controlled source
+ bool IsExoticProtocol() const;
+
private:
// General Structure:
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 08dfee998c6d..23d6208d4d1c 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -18,6 +18,7 @@
*/
#include <sal/config.h>
+#include <sal/log.hxx>
#include <com/sun/star/awt/XWindowPeer.hpp>
#include <com/sun/star/frame/XDispatch.hpp>
@@ -167,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
xTrans->parseStrict( aTargetURL );
INetURLObject aURLObject(aTargetURL.Complete);
- if (aURLObject.GetProtocol() == INetProtocol::Macro ||
aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ if (aURLObject.IsExoticProtocol())
+ {
+ SAL_WARN("sfx", "IFrameObject::load ignoring: " <<
aTargetURL.Complete);
return false;
+ }
uno::Reference<frame::XFramesSupplier> xParentFrame =
xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 7b86fe0f5261..187190b0dfe3 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4829,4 +4829,12 @@ OUString INetURLObject::CutExtension()
? aTheExtension : OUString();
}
+bool INetURLObject::IsExoticProtocol() const
+{
+ return m_eScheme == INetProtocol::Slot ||
+ m_eScheme == INetProtocol::Macro ||
+ m_eScheme == INetProtocol::Uno ||
+ isSchemeEqualTo(u"vnd.sun.star.script");
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
