include/tools/hostfilter.hxx | 4 ++++ tools/qa/cppunit/test_hostfilter.cxx | 8 ++++++++ tools/source/inet/hostfilter.cxx | 6 ++++++ 3 files changed, 18 insertions(+)
New commits: commit cf49a59018fb188f8e41e90bfa3e671cd2ca814d Author: Caolán McNamara <[email protected]> AuthorDate: Thu Mar 5 08:24:36 2026 +0000 Commit: Miklos Vajna <[email protected]> CommitDate: Fri Mar 6 08:43:24 2026 +0100 add resetAllowedExtRefPaths to reset to the standard mode Change-Id: I889981447f67f9c724b843726225fd6e404b2720 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/201005 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins CollaboraOffice <[email protected]> diff --git a/include/tools/hostfilter.hxx b/include/tools/hostfilter.hxx index 423968f08cc1..d72d422f428c 100644 --- a/include/tools/hostfilter.hxx +++ b/include/tools/hostfilter.hxx @@ -33,6 +33,10 @@ public: /// "block all file URLs" static void setAllowedExtRefPaths(const char* sPaths); + /// Reset AllowedExtRefPaths as if it was never called, back to + /// default allow all state. + static void resetAllowedExtRefPaths(); + /// Return true when rFileUrl is a file:// URL that is outside any /// directory registered with setAllowedExtRefPaths. Non-file URLs /// are always allowed. diff --git a/tools/qa/cppunit/test_hostfilter.cxx b/tools/qa/cppunit/test_hostfilter.cxx index 3a2a34e5bfa1..677c56560488 100644 --- a/tools/qa/cppunit/test_hostfilter.cxx +++ b/tools/qa/cppunit/test_hostfilter.cxx @@ -46,6 +46,7 @@ void TestHostFilter::testEmptyAllowlist() HostFilter::setAllowedExtRefPaths(""); CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///home/user/doc.ods"_ustr)); CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testNonFileUrl() @@ -55,6 +56,7 @@ void TestHostFilter::testNonFileUrl() CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"http://example.com/doc.ods"_ustr)); CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"https://example.com/doc.ods"_ustr)); CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"ftp://example.com/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testAllowedPath() @@ -66,6 +68,7 @@ void TestHostFilter::testAllowedPath() CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/docs/sub/sheet.ods"_ustr)); // file outside allowed directory is blocked CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///home/user/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testSiblingDirectoryNotAllowed() @@ -75,6 +78,7 @@ void TestHostFilter::testSiblingDirectoryNotAllowed() CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/user/doc.ods"_ustr)); CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/username/doc.ods"_ustr)); CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/usera/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testParentDirectoryNotAllowed() @@ -84,6 +88,7 @@ void TestHostFilter::testParentDirectoryNotAllowed() CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/secret.ods"_ustr)); // unrelated path is not allowed CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///var/data/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testMultiplePaths() @@ -93,6 +98,7 @@ void TestHostFilter::testMultiplePaths() CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/a/doc.ods"_ustr)); CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/b/doc.ods"_ustr)); CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/c/doc.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testEncodedFileUrl() @@ -103,6 +109,7 @@ void TestHostFilter::testEncodedFileUrl() CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/my%20docs/sub/sheet.ods"_ustr)); // encoded URL outside allowed path is still blocked CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/other%20docs/sheet.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } void TestHostFilter::testParentDirectorySegments() @@ -112,6 +119,7 @@ void TestHostFilter::testParentDirectorySegments() CPPUNIT_ASSERT(HostFilter::isFileUrlForbidden(u"file:///tmp/docs/../other/sheet.ods"_ustr)); // .. segments that stay within the allowed directory are permitted CPPUNIT_ASSERT(!HostFilter::isFileUrlForbidden(u"file:///tmp/docs/sub/../sheet.ods"_ustr)); + HostFilter::resetAllowedExtRefPaths(); } CPPUNIT_TEST_SUITE_REGISTRATION(TestHostFilter); diff --git a/tools/source/inet/hostfilter.cxx b/tools/source/inet/hostfilter.cxx index 99ddb750dd4c..4d21938829e7 100644 --- a/tools/source/inet/hostfilter.cxx +++ b/tools/source/inet/hostfilter.cxx @@ -56,6 +56,12 @@ bool HostFilter::isExemptVerifyHost(const std::u16string_view rHost) static bool g_AllowedExtRefPathsConfigured = false; static std::vector<OUString> g_AllowedExtRefPaths; +void HostFilter::resetAllowedExtRefPaths() +{ + g_AllowedExtRefPaths.clear(); + g_AllowedExtRefPathsConfigured = false; +} + void HostFilter::setAllowedExtRefPaths(const char* sPaths) { g_AllowedExtRefPathsConfigured = true;
