core.git: Branch 'feature/cib_contract891c' - shell/Library_syssh.mk shell/source

Fri, 14 Feb 2025 17:43:06 -0800 

 shell/Library_syssh.mk           |    4 ++++
 shell/source/win32/SysShExec.cxx |    9 +++++++++
 2 files changed, 13 insertions(+)

New commits:
commit e862406fe95824a4c5d481e8652cb8d95c852a23
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jan 7 08:59:25 2025 +0000
Commit:     Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Feb 14 18:36:15 2025 +0100

    check if non-file uris could be interpreted as a file system pathname
    
    Change-Id: If283bec44ad1d648c68a5d0f028855e09c09017e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179868
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    (cherry picked from commit 400970acf4241632d084f66275161fc4b4ac1b21)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179990
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    (cherry picked from commit df54e1e3532584ee11c6ebb54a35302a5c5f6201)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181659
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    Tested-by: allotropia jenkins <jenk...@allotropia.de>

diff --git a/shell/Library_syssh.mk b/shell/Library_syssh.mk
index c36056a9536b..70f893e56335 100644
--- a/shell/Library_syssh.mk
+++ b/shell/Library_syssh.mk
@@ -26,6 +26,10 @@ $(eval $(call gb_Library_use_system_win32_libs,syssh,\
 
 $(eval $(call gb_Library_set_componentfile,syssh,shell/source/win32/syssh))
 
+$(eval $(call gb_Library_use_libraries,syssh,\
+       tl \
+))
+
 $(eval $(call gb_Library_add_exception_objects,syssh,\
        shell/source/win32/SysShExec \
        shell/source/win32/SysShentry \
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 9289654506f1..917abc16e9cf 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -32,6 +32,7 @@
 #include <com/sun/star/uri/UriReferenceFactory.hpp>
 #include <cppuhelper/supportsservice.hxx>
 #include <o3tl/runtimetooustring.hxx>
+#include <tools/urlobj.hxx>
 
 #define WIN32_LEAN_AND_MEAN
 #if defined _MSC_VER
@@ -418,6 +419,14 @@ void SAL_CALL CSysShExec::execute( const OUString& 
aCommand, const OUString& aPa
                     }
                 }
             }
+        } else {
+            // Filter out input that technically is a non-file URI, but could 
be interpreted by
+            // ShellExecuteExW as a file system pathname.
+            if (INetURLObject(aCommand, INetProtocol::File).GetProtocol() == 
INetProtocol::File) {
+                throw css::lang::IllegalArgumentException(
+                    "XSystemShellExecute.execute URIS_ONLY with non-URI 
pathname " + aCommand,
+                    static_cast< XSystemShellExecute* >(this), 0);
+            }
         }
     }

Reply via email to