forms/source/component/ImageControl.cxx | 7 +++++++
forms/source/component/clickableimage.cxx | 9 +++++++--
include/toolkit/controls/unocontrols.hxx | 2 +-
toolkit/inc/helper/property.hxx | 1 +
toolkit/source/awt/vclxwindows.cxx | 1 +
toolkit/source/controls/dialogcontrol.cxx | 4 ++--
toolkit/source/controls/unocontrols.cxx | 13 +++++++++----
toolkit/source/helper/property.cxx | 2 ++
xmloff/source/forms/elementimport.cxx | 9 +++++++++
9 files changed, 39 insertions(+), 9 deletions(-)
New commits:
commit 85d575ffdd4f9b58a3ea58aeeb45d561a385f8fc
Author: Stephan Bergmann <stephan.bergm...@allotropia.de>
AuthorDate: Tue Jun 11 14:15:47 2024 +0200
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed Nov 20 12:15:58 2024 +0100
Some missing "block untrusted referer links" for form controls
...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a
document
Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176796
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/forms/source/component/ImageControl.cxx
b/forms/source/component/ImageControl.cxx
index 7064f3ad5f45..418b5dcfa7ef 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -51,6 +51,7 @@
#include <comphelper/property.hxx>
#include <comphelper/types.hxx>
#include <cppuhelper/queryinterface.hxx>
+#include <unotools/securityoptions.hxx>
#include <unotools/streamwrap.hxx>
#include <unotools/ucbstreamhelper.hxx>
#include <svl/urihelper.hxx>
@@ -398,6 +399,12 @@ void OImageControlModel::read(const
Reference<XObjectInputStream>& _rxInStream)
bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL,
ValueChangeInstigator _eInstigator )
{
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+ return false;
+ }
+
// create a stream for the image specified by the URL
Reference< XInputStream > xImageStream;
diff --git a/forms/source/component/clickableimage.cxx
b/forms/source/component/clickableimage.cxx
index 608c0bef3ca0..3176b0386b5a 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -47,6 +47,7 @@
#include <comphelper/types.hxx>
#include <cppuhelper/exc_hlp.hxx>
#include <svtools/imageresourceaccess.hxx>
+#include <unotools/securityoptions.hxx>
#define LOCAL_URL_PREFIX '#'
@@ -756,8 +757,12 @@ namespace frm
m_bProdStarted = false;
- // Kick off download (caution: can be synchronous).
- m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (!SvtSecurityOptions::isUntrustedReferer(referer)) {
+ // Kick off download (caution: can be synchronous).
+ m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ }
}
else
{
diff --git a/include/toolkit/controls/unocontrols.hxx
b/include/toolkit/controls/unocontrols.hxx
index 1fba20389a8b..7c5c424fe276 100644
--- a/include/toolkit/controls/unocontrols.hxx
+++ b/include/toolkit/controls/unocontrols.hxx
@@ -70,7 +70,7 @@ public:
// appropriately ( e.g. NULL if non GraphicObject scheme ) or a valid
// object if the rURL points to a valid object
static css::uno::Reference< css::graphic::XGraphic >
getGraphicAndGraphicObjectFromURL_nothrow( css::uno::Reference<
css::graphic::XGraphicObject >& xOutGraphicObject, const OUString& _rURL );
- static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL );
+ static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer );
};
diff --git a/toolkit/inc/helper/property.hxx b/toolkit/inc/helper/property.hxx
index 013f73496482..9a26e06a9902 100644
--- a/toolkit/inc/helper/property.hxx
+++ b/toolkit/inc/helper/property.hxx
@@ -205,6 +205,7 @@ namespace com::sun::star::uno {
#define BASEPROPERTY_HIGHLIGHT_COLOR 169
#define BASEPROPERTY_HIGHLIGHT_TEXT_COLOR 170
#define BASEPROPERTY_TYPEDITEMLIST 171 // AnySequence
+#define BASEPROPERTY_REFERER 172
// These properties are not bound, they are always extracted from the
BASEPROPERTY_FONTDESCRIPTOR property
diff --git a/toolkit/source/awt/vclxwindows.cxx
b/toolkit/source/awt/vclxwindows.cxx
index ee9127a99a7f..76f4a6af1e2b 100644
--- a/toolkit/source/awt/vclxwindows.cxx
+++ b/toolkit/source/awt/vclxwindows.cxx
@@ -206,6 +206,7 @@ namespace toolkit
void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds )
{
+ PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0);
VCLXWindow::ImplGetPropertyIds( rIds );
}
diff --git a/toolkit/source/controls/dialogcontrol.cxx
b/toolkit/source/controls/dialogcontrol.cxx
index 56a1d0ffa066..ea0c4ccfaf7a 100644
--- a/toolkit/source/controls/dialogcontrol.cxx
+++ b/toolkit/source/controls/dialogcontrol.cxx
@@ -417,7 +417,7 @@ void UnoDialogControl::PrepareWindowDescriptor(
css::awt::WindowDescriptor& rDes
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::Any( xGraphic ), true );
}
}
@@ -632,7 +632,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const
Sequence< PropertyChang
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl
);
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow(
absoluteUrl, "" );
}
ImplSetPropertyValue( GetPropertyName( BASEPROPERTY_GRAPHIC),
uno::Any( xGraphic ), true );
break;
diff --git a/toolkit/source/controls/unocontrols.cxx
b/toolkit/source/controls/unocontrols.cxx
index 02642652d222..452d1dc41542 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
#include <toolkit/controls/unocontrols.hxx>
#include <helper/property.hxx>
#include <toolkit/helper/macros.hxx>
+#include <unotools/securityoptions.hxx>
// for introspection
#include <awt/vclxwindows.hxx>
@@ -61,14 +62,14 @@ uno::Reference< graphic::XGraphic >
ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference<
graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL )
{
xOutGraphicObj = nullptr;
- return ImageHelper::getGraphicFromURL_nothrow( _rURL );
+ return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" );
}
css::uno::Reference< css::graphic::XGraphic >
-ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL )
+ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const
& referer )
{
uno::Reference< graphic::XGraphic > xGraphic;
- if ( _rURL.isEmpty() )
+ if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
return xGraphic;
try
@@ -605,7 +606,11 @@ void
GraphicControlModel::setFastPropertyValue_NoBroadcast( std::unique_lock<std
mbAdjustingGraphic = true;
OUString sImageURL;
OSL_VERIFY( rValue >>= sImageURL );
- setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) );
+ css::uno::Any any;
+ getFastPropertyValue(rGuard, any, BASEPROPERTY_REFERER);
+ OUString referer;
+ any >>= referer;
+ setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) );
mbAdjustingGraphic = false;
}
break;
diff --git a/toolkit/source/helper/property.cxx
b/toolkit/source/helper/property.cxx
index 945c4b016a64..db33e8a28ba6 100644
--- a/toolkit/source/helper/property.cxx
+++ b/toolkit/source/helper/property.cxx
@@ -271,6 +271,8 @@ static const ImpPropertyInfoMap & ImplGetPropertyInfos()
DECL_PROP_3 ( "InactiveSelectionBackgroundColor",
INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "ActiveSelectionTextColor",
ACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "InactiveSelectionTextColor",
INACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
+
+ DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID),
};
return aImplPropertyInfos;
}
diff --git a/xmloff/source/forms/elementimport.cxx
b/xmloff/source/forms/elementimport.cxx
index 5eb3e5bf0d6f..82ce06b7245f 100644
--- a/xmloff/source/forms/elementimport.cxx
+++ b/xmloff/source/forms/elementimport.cxx
@@ -567,6 +567,15 @@ namespace xmloff
OUStringToOString(m_sServiceName,
RTL_TEXTENCODING_ASCII_US) +
")!").getStr());
xReturn.set(xPure, UNO_QUERY);
+ if (auto const props = Reference<css::beans::XPropertySet>(xPure,
css::uno::UNO_QUERY))
+ {
+ try {
+ props->setPropertyValue(
+ "Referer",
css::uno::Any(m_rFormImport.getGlobalContext().GetBaseURL()));
+ } catch (css::uno::Exception &) {
+ TOOLS_INFO_EXCEPTION("xmloff.forms", "setPropertyValue
Referer failed");
+ }
+ }
}
else
OSL_FAIL("OElementImport::createElement: no service name to create
an element!");
