core.git: Branch 'distro/vector/vector-24.2' - shell/Library_syssh.mk shell/source

Mon, 03 Mar 2025 02:34:49 -0800 

 shell/Library_syssh.mk           |    4 ++++
 shell/source/win32/SysShExec.cxx |    9 +++++++++
 2 files changed, 13 insertions(+)

New commits:
commit f04c6ae89d9b1fb532c38f70bfa12b1a1c459b1e
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jan 7 08:59:25 2025 +0000
Commit:     Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Mon Mar 3 13:08:45 2025 +0500

    check if non-file uris could be interpreted as a file system pathname
    
    Change-Id: If283bec44ad1d648c68a5d0f028855e09c09017e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179868
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    (cherry picked from commit 400970acf4241632d084f66275161fc4b4ac1b21)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179991
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>

diff --git a/shell/Library_syssh.mk b/shell/Library_syssh.mk
index 72ff73842dc3..27657c4456aa 100644
--- a/shell/Library_syssh.mk
+++ b/shell/Library_syssh.mk
@@ -25,6 +25,10 @@ $(eval $(call gb_Library_use_system_win32_libs,syssh,\
        shell32 \
 ))
 
+$(eval $(call gb_Library_use_libraries,syssh,\
+       tl \
+))
+
 $(eval $(call 
gb_Library_set_componentfile,syssh,shell/source/win32/syssh,services))
 
 $(eval $(call gb_Library_add_exception_objects,syssh,\
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 57e59f96b6f0..41c9fd3be7fe 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -38,6 +38,7 @@
 #include <o3tl/runtimetooustring.hxx>
 #include <o3tl/safeCoInitUninit.hxx>
 #include <o3tl/string_view.hxx>
+#include <tools/urlobj.hxx>
 
 #include <prewin.h>
 #include <Shlobj.h>
@@ -360,6 +361,14 @@ void SAL_CALL CSysShExec::execute( const OUString& 
aCommand, const OUString& aPa
                     }
                 }
             }
+        } else {
+            // Filter out input that technically is a non-file URI, but could 
be interpreted by
+            // ShellExecuteExW as a file system pathname.
+            if (INetURLObject(aCommand, INetProtocol::File).GetProtocol() == 
INetProtocol::File) {
+                throw css::lang::IllegalArgumentException(
+                    "XSystemShellExecute.execute URIS_ONLY with non-URI 
pathname " + aCommand,
+                    getXWeak(), 0);
+            }
         }
     }

Reply via email to