core.git: Branch 'libreoffice-24-8' - shell/Library_syssh.mk shell/source

Mon, 27 Jan 2025 06:24:30 -0800 

 shell/Library_syssh.mk           |    4 ++++
 shell/source/win32/SysShExec.cxx |    9 +++++++++
 2 files changed, 13 insertions(+)

New commits:
commit df54e1e3532584ee11c6ebb54a35302a5c5f6201
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jan 7 08:59:25 2025 +0000
Commit:     Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Mon Jan 27 15:24:05 2025 +0100

    check if non-file uris could be interpreted as a file system pathname
    
    Change-Id: If283bec44ad1d648c68a5d0f028855e09c09017e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179868
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    (cherry picked from commit 400970acf4241632d084f66275161fc4b4ac1b21)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179990
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/shell/Library_syssh.mk b/shell/Library_syssh.mk
index 72ff73842dc3..27657c4456aa 100644
--- a/shell/Library_syssh.mk
+++ b/shell/Library_syssh.mk
@@ -25,6 +25,10 @@ $(eval $(call gb_Library_use_system_win32_libs,syssh,\
        shell32 \
 ))
 
+$(eval $(call gb_Library_use_libraries,syssh,\
+       tl \
+))
+
 $(eval $(call 
gb_Library_set_componentfile,syssh,shell/source/win32/syssh,services))
 
 $(eval $(call gb_Library_add_exception_objects,syssh,\
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 57e59f96b6f0..41c9fd3be7fe 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -38,6 +38,7 @@
 #include <o3tl/runtimetooustring.hxx>
 #include <o3tl/safeCoInitUninit.hxx>
 #include <o3tl/string_view.hxx>
+#include <tools/urlobj.hxx>
 
 #include <prewin.h>
 #include <Shlobj.h>
@@ -360,6 +361,14 @@ void SAL_CALL CSysShExec::execute( const OUString& 
aCommand, const OUString& aPa
                     }
                 }
             }
+        } else {
+            // Filter out input that technically is a non-file URI, but could 
be interpreted by
+            // ShellExecuteExW as a file system pathname.
+            if (INetURLObject(aCommand, INetProtocol::File).GetProtocol() == 
INetProtocol::File) {
+                throw css::lang::IllegalArgumentException(
+                    "XSystemShellExecute.execute URIS_ONLY with non-URI 
pathname " + aCommand,
+                    getXWeak(), 0);
+            }
         }
     }

Reply via email to