forms/source/component/ImageControl.cxx | 7 +++++++
forms/source/component/clickableimage.cxx | 9 +++++++--
include/toolkit/controls/unocontrols.hxx | 2 +-
toolkit/inc/helper/property.hxx | 1 +
toolkit/source/awt/vclxwindows.cxx | 1 +
toolkit/source/controls/dialogcontrol.cxx | 4 ++--
toolkit/source/controls/unocontrols.cxx | 13 +++++++++----
toolkit/source/helper/property.cxx | 2 ++
xmloff/source/forms/elementimport.cxx | 9 +++++++++
9 files changed, 39 insertions(+), 9 deletions(-)
New commits:
commit 0df2c7310a7c047116f472b73a63fc0459fa0215
Author: Stephan Bergmann <stephan.bergm...@allotropia.de>
AuthorDate: Tue Jun 11 14:15:47 2024 +0200
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Fri Nov 22 15:03:18 2024 +0100
Some missing "block untrusted referer links" for form controls
...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a
document
Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176796
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176921
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
diff --git a/forms/source/component/ImageControl.cxx
b/forms/source/component/ImageControl.cxx
index c2bc0953c6c8..e9fda79d224b 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -52,6 +52,7 @@
#include <comphelper/property.hxx>
#include <comphelper/types.hxx>
#include <cppuhelper/queryinterface.hxx>
+#include <unotools/securityoptions.hxx>
#include <unotools/ucbstreamhelper.hxx>
#include <svl/urihelper.hxx>
@@ -398,6 +399,12 @@ void OImageControlModel::read(const
Reference<XObjectInputStream>& _rxInStream)
bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL,
ValueChangeInstigator _eInstigator )
{
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+ return false;
+ }
+
// create a stream for the image specified by the URL
std::unique_ptr< SvStream > pImageStream;
Reference< XInputStream > xImageStream;
diff --git a/forms/source/component/clickableimage.cxx
b/forms/source/component/clickableimage.cxx
index e1f6f068faf0..5d6a8f7a7f3d 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -47,6 +47,7 @@
#include <comphelper/types.hxx>
#include <cppuhelper/exc_hlp.hxx>
#include <svtools/imageresourceaccess.hxx>
+#include <unotools/securityoptions.hxx>
#define LOCAL_URL_PREFIX '#'
@@ -757,8 +758,12 @@ namespace frm
m_bProdStarted = false;
- // Kick off download (caution: can be synchronous).
- m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (!SvtSecurityOptions::isUntrustedReferer(referer)) {
+ // Kick off download (caution: can be synchronous).
+ m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ }
}
else
{
diff --git a/include/toolkit/controls/unocontrols.hxx
b/include/toolkit/controls/unocontrols.hxx
index 1fba20389a8b..7c5c424fe276 100644
--- a/include/toolkit/controls/unocontrols.hxx
+++ b/include/toolkit/controls/unocontrols.hxx
@@ -70,7 +70,7 @@ public:
// appropriately ( e.g. NULL if non GraphicObject scheme ) or a valid
// object if the rURL points to a valid object
static css::uno::Reference< css::graphic::XGraphic >
getGraphicAndGraphicObjectFromURL_nothrow( css::uno::Reference<
css::graphic::XGraphicObject >& xOutGraphicObject, const OUString& _rURL );
- static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL );
+ static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer );
};
diff --git a/toolkit/inc/helper/property.hxx b/toolkit/inc/helper/property.hxx
index 013f73496482..9a26e06a9902 100644
--- a/toolkit/inc/helper/property.hxx
+++ b/toolkit/inc/helper/property.hxx
@@ -205,6 +205,7 @@ namespace com::sun::star::uno {
#define BASEPROPERTY_HIGHLIGHT_COLOR 169
#define BASEPROPERTY_HIGHLIGHT_TEXT_COLOR 170
#define BASEPROPERTY_TYPEDITEMLIST 171 // AnySequence
+#define BASEPROPERTY_REFERER 172
// These properties are not bound, they are always extracted from the
BASEPROPERTY_FONTDESCRIPTOR property
diff --git a/toolkit/source/awt/vclxwindows.cxx
b/toolkit/source/awt/vclxwindows.cxx
index d6ba5e48a6e8..e156cd21b69d 100644
--- a/toolkit/source/awt/vclxwindows.cxx
+++ b/toolkit/source/awt/vclxwindows.cxx
@@ -206,6 +206,7 @@ namespace toolkit
void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds )
{
+ PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0);
VCLXWindow::ImplGetPropertyIds( rIds );
}
diff --git a/toolkit/source/controls/dialogcontrol.cxx
b/toolkit/source/controls/dialogcontrol.cxx
index ba954a15412a..6326d76bc581 100644
--- a/toolkit/source/controls/dialogcontrol.cxx
+++ b/toolkit/source/controls/dialogcontrol.cxx
@@ -418,7 +418,7 @@ void UnoDialogControl::PrepareWindowDescriptor(
css::awt::WindowDescriptor& rDes
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::Any( xGraphic ), true );
}
}
@@ -633,7 +633,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const
Sequence< PropertyChang
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl
);
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow(
absoluteUrl, "" );
}
ImplSetPropertyValue( GetPropertyName( BASEPROPERTY_GRAPHIC),
uno::Any( xGraphic ), true );
break;
diff --git a/toolkit/source/controls/unocontrols.cxx
b/toolkit/source/controls/unocontrols.cxx
index d9bc55f8cb45..9a4f19e7481b 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
#include <toolkit/controls/unocontrols.hxx>
#include <helper/property.hxx>
#include <toolkit/helper/macros.hxx>
+#include <unotools/securityoptions.hxx>
// for introspection
#include <awt/vclxwindows.hxx>
@@ -61,14 +62,14 @@ uno::Reference< graphic::XGraphic >
ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference<
graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL )
{
xOutGraphicObj = nullptr;
- return ImageHelper::getGraphicFromURL_nothrow( _rURL );
+ return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" );
}
css::uno::Reference< css::graphic::XGraphic >
-ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL )
+ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const
& referer )
{
uno::Reference< graphic::XGraphic > xGraphic;
- if ( _rURL.isEmpty() )
+ if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
return xGraphic;
try
@@ -605,7 +606,11 @@ void
GraphicControlModel::setFastPropertyValue_NoBroadcast( std::unique_lock<std
mbAdjustingGraphic = true;
OUString sImageURL;
OSL_VERIFY( rValue >>= sImageURL );
- setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) );
+ css::uno::Any any;
+ getFastPropertyValue(rGuard, any, BASEPROPERTY_REFERER);
+ OUString referer;
+ any >>= referer;
+ setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) );
mbAdjustingGraphic = false;
}
break;
diff --git a/toolkit/source/helper/property.cxx
b/toolkit/source/helper/property.cxx
index 945c4b016a64..db33e8a28ba6 100644
--- a/toolkit/source/helper/property.cxx
+++ b/toolkit/source/helper/property.cxx
@@ -271,6 +271,8 @@ static const ImpPropertyInfoMap & ImplGetPropertyInfos()
DECL_PROP_3 ( "InactiveSelectionBackgroundColor",
INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "ActiveSelectionTextColor",
ACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "InactiveSelectionTextColor",
INACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
+
+ DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID),
};
return aImplPropertyInfos;
}
diff --git a/xmloff/source/forms/elementimport.cxx
b/xmloff/source/forms/elementimport.cxx
index d1d691d6519a..a46b8d2835f8 100644
--- a/xmloff/source/forms/elementimport.cxx
+++ b/xmloff/source/forms/elementimport.cxx
@@ -567,6 +567,15 @@ namespace xmloff
OUStringToOString(m_sServiceName,
RTL_TEXTENCODING_ASCII_US) +
")!").getStr());
xReturn.set(xPure, UNO_QUERY);
+ if (auto const props = Reference<css::beans::XPropertySet>(xPure,
css::uno::UNO_QUERY))
+ {
+ try {
+ props->setPropertyValue(
+ "Referer",
css::uno::Any(m_rFormImport.getGlobalContext().GetBaseURL()));
+ } catch (css::uno::Exception &) {
+ TOOLS_INFO_EXCEPTION("xmloff.forms", "setPropertyValue
Referer failed");
+ }
+ }
}
else
OSL_FAIL("OElementImport::createElement: no service name to create
an element!");
