source

Caolán McNamara (via logerrit) Thu, 09 Nov 2023 06:01:45 -0800

 dbaccess/source/core/dataaccess/ModelImpl.cxx |    3 +-
 include/sfx2/docmacromode.hxx                 |    4 ++-
 include/sfx2/objsh.hxx                        |    3 ++
 sc/source/core/data/global.cxx                |   33 +++++++++++++++++++++++++-
 sfx2/source/doc/docmacromode.cxx              |    8 ++++--
 sfx2/source/doc/objmisc.cxx                   |    8 +++++-
 sfx2/source/doc/objxtor.cxx                   |    1 
 sfx2/source/inc/objshimp.hxx                  |    3 +-
 8 files changed, 56 insertions(+), 7 deletions(-)


New commits:
commit 672716d09c54cb6fdd59baa7da4b8393cf104cd2
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Nov 3 17:26:25 2023 +0000
Commit:     Eike Rathke <er...@redhat.com>
CommitDate: Thu Nov 9 15:00:33 2023 +0100

    default to ignoring libreoffice special-purpose protocols in calc hyperlink
    
    Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
    Tested-by: Jenkins
    Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    (cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
    Reviewed-by: Eike Rathke <er...@redhat.com>

diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx 
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 3e21289dbe9a..e399d5da7067 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1125,7 +1125,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
 {
     Reference< XInteractionHandler > xInteraction;
     xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", 
xInteraction );
-    return m_aMacroMode.checkMacrosOnLoading( xInteraction );
+    const bool bHasMacros = m_aMacroMode.hasMacros();
+    return m_aMacroMode.checkMacrosOnLoading(xInteraction, false 
/*HasValidContentSignature*/, bHasMacros);
 }
 
 void ODatabaseModelImpl::resetMacroExecutionMode()
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index 2a0421aa0c90..9ba32017fdbb 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -266,6 +266,8 @@ namespace sfx2
         */
         static bool storageHasMacros( const css::uno::Reference< 
css::embed::XStorage >& _rxStorage );
 
+        bool hasMacros() const;
+
         static bool containerHasBasicMacros( const css::uno::Reference< 
css::script::XLibraryContainer >& xContainer );
         /** checks the macro execution mode while loading the document.
 
@@ -293,7 +295,7 @@ namespace sfx2
         bool
                 checkMacrosOnLoading(
                     const css::uno::Reference< css::task::XInteractionHandler 
>& _rxInteraction,
-                    bool bHasValidContentSignature = false
+                    bool bHasValidContentSignature, bool bHasMacros
                 );
 
     private:
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 9b7db5347597..bd3e25e65c58 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -429,6 +429,9 @@ public:
     void                        SetMacroCallsSeenWhileLoading();
     bool                        GetMacroCallsSeenWhileLoading() const;
 
+    // true if the document had macros (or similar) on load to trigger warning 
user
+    bool                        GetHadCheckedMacrosOnLoad() const;
+
     const css::uno::Sequence< css::beans::PropertyValue >& 
GetModifyPasswordInfo() const;
     bool                        SetModifyPasswordInfo( const 
css::uno::Sequence< css::beans::PropertyValue >& aInfo );
 
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 027bc5768a35..e9490079b560 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -29,7 +29,9 @@
 #include <sfx2/docfile.hxx>
 #include <sfx2/dispatch.hxx>
 #include <sfx2/objsh.hxx>
+#include <sfx2/sfxresid.hxx>
 #include <sfx2/sfxsids.hrc>
+#include <sfx2/strings.hrc>
 #include <sfx2/viewfrm.hxx>
 #include <sfx2/viewsh.hxx>
 #include <svl/intitem.hxx>
@@ -822,7 +824,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const 
OUString& rTarget, bool bIgno
 
     OUString aUrlName( rURL );
     SfxViewFrame* pFrame = nullptr;
-    const SfxObjectShell* pObjShell = nullptr;
+    SfxObjectShell* pObjShell = nullptr;
     OUString aReferName;
     if ( pScActiveViewShell )
     {
@@ -856,6 +858,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const 
OUString& rTarget, bool bIgno
             aUrlName = aNewUrlName;
     }
 
+    if (INetURLObject(aUrlName).IsExoticProtocol())
+    {
+        // Default to ignoring exotic protocols
+        bool bAllow = false;
+        if (pObjShell)
+        {
+            // If the document had macros when loaded then follow the allowed 
macro-mode
+            if (pObjShell->GetHadCheckedMacrosOnLoad())
+                bAllow = pObjShell->AdjustMacroMode();
+            else // otherwise ask the user, defaulting to cancel
+            {
+                assert(pFrame && "if we have pObjShell we have pFrame");
+                //Reuse URITools::onOpenURI warning string
+                std::unique_ptr<weld::MessageDialog> 
xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
+                                                               
VclMessageType::Warning, VclButtonsType::YesNo,
+                                                               
SfxResId(STR_DANGEROUS_TO_OPEN)));
+                
xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+                    INetURLObject::decode(aUrlName, 
INetURLObject::DecodeMechanism::Unambiguous)));
+                xQueryBox->set_default_response(RET_NO);
+                bAllow = xQueryBox->run() == RET_YES;
+            }
+        }
+        if (!bAllow)
+        {
+            SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
+            return;
+        }
+    }
+
     SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
     SfxStringItem aTarget( SID_TARGETNAME, rTarget );
     if ( nScClickMouseModifier & KEY_SHIFT )     // control-click -> into new 
window
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 98d8e069f57c..4133f9d9b0a1 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -415,8 +415,12 @@ namespace sfx2
         return bHasMacros;
     }
 
+    bool DocumentMacroMode::hasMacros() const
+    {
+        return m_xData->m_rDocumentAccess.documentStorageHasMacros() || 
hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
+    }
 
-    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< 
XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
+    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< 
XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool 
bHasMacros )
     {
         bool bAllow = false;
         if ( SvtSecurityOptions::IsMacroDisabled() )
@@ -426,7 +430,7 @@ namespace sfx2
         }
         else
         {
-            if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || 
hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+            if (bHasMacros)
             {
                 bAllow = adjustMacroMode( rxInteraction, 
bHasValidContentSignature );
             }
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index d0f49831db0c..ee1f83bdb9f9 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -957,9 +957,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
 
     // check macro security
     const bool bHasValidContentSignature = HasValidSignatures();
-    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, 
bHasValidContentSignature );
+    const bool bHasMacros = pImpl->aMacroMode.hasMacros();
+    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, 
bHasValidContentSignature, bHasMacros );
+    pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
 }
 
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
+{
+    return pImpl->m_bHadCheckedMacrosOnLoad;
+}
 
 void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< 
task::XInteractionHandler >& xHandler )
 {
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
index 397a9372089e..0894e6636e1f 100644
--- a/sfx2/source/doc/objxtor.cxx
+++ b/sfx2/source/doc/objxtor.cxx
@@ -210,6 +210,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& 
_rDocShell )
     ,m_bAllowShareControlFileClean( true )
     ,m_bConfigOptionsChecked( false )
     ,m_bMacroCallsSeenWhileLoading( false )
+    ,m_bHadCheckedMacrosOnLoad( false )
     ,lErr(ERRCODE_NONE)
     ,nEventId ( SfxEventHintId::NONE )
     ,nLoadedFlags ( SfxLoadedFlags::ALL )
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
index 1bece81ce1c0..6f691227a49f 100644
--- a/sfx2/source/inc/objshimp.hxx
+++ b/sfx2/source/inc/objshimp.hxx
@@ -91,7 +91,8 @@ struct SfxObjectShell_Impl final : public 
::sfx2::IMacroDocumentAccess
                         m_bSharedXMLFlag:1, // whether the document should be 
edited in shared mode
                         m_bAllowShareControlFileClean:1, // whether the flag 
should be stored in xml file
                         m_bConfigOptionsChecked:1, // whether or not the user 
options are checked after the Options dialog is closed.
-                        m_bMacroCallsSeenWhileLoading:1; // whether or not the 
user options are checked after the Options dialog is closed.
+                        m_bMacroCallsSeenWhileLoading:1, // whether or not 
macro calls were seen when loading document.
+                        m_bHadCheckedMacrosOnLoad:1; // if document contained 
macros (or calls) when loaded
 
     IndexBitSet         aBitSet;
     ErrCode             lErr;

[Libreoffice-commits] core.git: Branch 'libreoffice-7-6' - dbaccess/source include/sfx2 sc/source sfx2/source

Reply via email to