sfx2/source/doc/docmacromode.cxx | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit d1540c6a826a75b9e5705e2985374e4229464996
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Nov 8 09:35:46 2023 +0300
Commit: Thorsten Behrens <thorsten.behr...@collabora.com>
CommitDate: Sat Jul 19 13:05:34 2025 +0200
tdf#158090: Limit signed document requirement to High security level
Commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
2021-01-28) introduced a new requirement, that trusted macro signature
must be accompanied by valid document signature when the document has
events calling macros, otherwise macros are not allowed. But this breaks
multiple workflows, where security level is set to limit users' ability
to run unsigned macros, where documents aren't signed.
As the first step, limit the security hardening introduced in the said
commit to High security level; in Medium security level, restore the
previous behavior.
The plan is to fix more inconsistencies later, and then introduce a
new separate configuration to require document signature to allow
trusted macros (enabled by default), so that the combination of its
default value and the High default security level keep the hardened
default security implemented currently, while allowing users to opt
to the previous documented behavior.
Change-Id: I71ff0e531f3a42fbee7828982e4fd39f0e9d6ea3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159101
Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159270
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit 1042dda7d2e68b1a4da8fc321c9415c9cad2ca21)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/187902
Reviewed-by: Thorsten Behrens <thorsten.behr...@collabora.com>
Tested-by: Thorsten Behrens <thorsten.behr...@collabora.com>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 997a8f739395..0cba53f4f986 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -247,9 +247,9 @@ namespace sfx2
lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
- else if (
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
- bHasTrustedMacroSignature &&
- !bHasValidContentSignature)
+ else if (nMacroExecutionMode != MacroExecMode::ALWAYS_EXECUTE
+ &&
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()
+ && bHasTrustedMacroSignature &&
!bHasValidContentSignature)
{
// When macros are signed, and the document has events
which call macros, the document content needs to be signed too.
lcl_showMacrosDisabledUnsignedContentError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
