[openoffice] 03/03: Add a "referer" property to SfxObjectShell::CallXScript() and trust macros explicitly requested by the user

Tue, 31 Jan 2023 13:21:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

ardovm pushed a commit to branch referer41X
in repository https://gitbox.apache.org/repos/asf/openoffice.git

commit cea166c20fe4a9be76a592c4005ef86558932ecb
Author: Arrigo Marchiori <[email protected]>
AuthorDate: Sat Jan 28 20:48:26 2023 +0100

    Add a "referer" property to SfxObjectShell::CallXScript() and trust macros 
explicitly requested by the user
    
    (cherry picked and adapted from commit 
9112548547be8d3a47281bcef5925a60e1435527)
---
 main/filter/source/msfilter/msvbahelper.cxx     |  2 +-
 main/scripting/source/vbaevents/eventhelper.cxx |  2 +-
 main/sfx2/inc/sfx2/objsh.hxx                    | 23 +++++++++++++++++++++++
 main/sfx2/source/appl/appserv.cxx               |  3 ++-
 main/sfx2/source/doc/objmisc.cxx                | 13 ++++++++-----
 5 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/main/filter/source/msfilter/msvbahelper.cxx 
b/main/filter/source/msfilter/msvbahelper.cxx
index e4380dea71..b0b9428f5b 100644
--- a/main/filter/source/msfilter/msvbahelper.cxx
+++ b/main/filter/source/msfilter/msvbahelper.cxx
@@ -439,7 +439,7 @@ sal_Bool executeMacro( SfxObjectShell* pShell, const 
String& sMacroName, uno::Se
         if ( pShell )
         {
             nErr = pShell->CallXScript( sUrl,
-                               aArgs, aRet, aOutArgsIndex, aOutArgs, false ); 
+                               aArgs, aRet, aOutArgsIndex, aOutArgs, 
::rtl::OUString(), false );
             sal_Int32 nLen = aOutArgs.getLength();
             // convert any out params to seem like they were inouts
             if ( nLen )
diff --git a/main/scripting/source/vbaevents/eventhelper.cxx 
b/main/scripting/source/vbaevents/eventhelper.cxx
index eaeab738ec..2d6bd2f479 100644
--- a/main/scripting/source/vbaevents/eventhelper.cxx
+++ b/main/scripting/source/vbaevents/eventhelper.cxx
@@ -975,7 +975,7 @@ EventListener::firing_Impl(const ScriptEvent& evt, Any* 
/*pRet*/ ) throw(Runtime
                         {
                             uno::Any aRet;
                             mpShell->CallXScript( url,
-                                aArguments, aRet, aOutArgsIndex, aOutArgs, 
false );
+                                aArguments, aRet, aOutArgsIndex, aOutArgs, 
::rtl::OUString(), false );
                         }
                     }
                     catch ( uno::Exception& e )
diff --git a/main/sfx2/inc/sfx2/objsh.hxx b/main/sfx2/inc/sfx2/objsh.hxx
index d048f77583..0ac2382040 100644
--- a/main/sfx2/inc/sfx2/objsh.hxx
+++ b/main/sfx2/inc/sfx2/objsh.hxx
@@ -369,15 +369,37 @@ public:
     ErrCode                     CallBasic( const String& rMacro, const String& 
rBasicName,
                                     SbxArray* pArgs = 0, SbxValue* pRet = 0 );
 
+    /** Execute a script URL.
+     *
+     * @param rScriptURL URL of the script.
+     * @param aParams parameters for the macro.
+     * @param aRet variable that will hold the return value.
+     * @param aOutParamIndex index of output parameters.
+     * @param aOutParam output parameters.
+     * @param aReferer "Referer" calling the script.
+     * @param bRaiseError true to show a dialog in case of error.
+     */
     ErrCode     CallXScript(
         const String& rScriptURL,
         const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& 
aParams,
         ::com::sun::star::uno::Any& aRet,
         ::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
         ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& 
aOutParam,
+        const ::rtl::OUString& aReferer = ::rtl::OUString(),
         bool bRaiseError = true 
     );
 
+    /** Execute a script URL.
+     *
+     * @param _rxScriptContext script context.
+     * @param rScriptURL URL of the script.
+     * @param aParams parameters for the macro.
+     * @param aRet variable that will hold the return value.
+     * @param aOutParamIndex index of output parameters.
+     * @param aOutParam output parameters.
+     * @param aReferer "Referer" calling the script.
+     * @param bRaiseError true to show a dialog in case of error.
+     */
     static ErrCode  CallXScript(
         const ::com::sun::star::uno::Reference< 
::com::sun::star::uno::XInterface >& _rxScriptContext,
         const ::rtl::OUString& rScriptURL,
@@ -385,6 +407,7 @@ public:
         ::com::sun::star::uno::Any& aRet,
         ::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
         ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& 
aOutParam,
+        const ::rtl::OUString& aReferer = ::rtl::OUString(),
         bool bRaiseError = true 
     );
 
diff --git a/main/sfx2/source/appl/appserv.cxx 
b/main/sfx2/source/appl/appserv.cxx
index 7a46261276..e506013613 100644
--- a/main/sfx2/source/appl/appserv.cxx
+++ b/main/sfx2/source/appl/appserv.cxx
@@ -1037,7 +1037,8 @@ void SfxApplication::OfaExec_Impl( SfxRequest& rReq )
                 if ( !xScriptContext.is() )
                     xScriptContext = xController;
 
-                SfxObjectShell::CallXScript( xScriptContext, 
pDlg->GetScriptURL(), args, ret, outIndex, outArgs );
+                SfxObjectShell::CallXScript( xScriptContext, 
pDlg->GetScriptURL(), args, ret, outIndex, outArgs,
+                                             ::rtl::OUString( 
RTL_CONSTASCII_USTRINGPARAM( "private:user" ) ) );
             }
             while ( false );
                        rReq.Done();
diff --git a/main/sfx2/source/doc/objmisc.cxx b/main/sfx2/source/doc/objmisc.cxx
index c9e91465d0..80cae2ec4e 100644
--- a/main/sfx2/source/doc/objmisc.cxx
+++ b/main/sfx2/source/doc/objmisc.cxx
@@ -1694,16 +1694,18 @@ namespace
 }
 
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& 
_rxScriptContext, const ::rtl::OUString& _rScriptURL,
-    const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& 
aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError )
+    const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& 
aOutParamIndex, Sequence< Any >& aOutParam,
+    const ::rtl::OUString& aReferer, bool bRaiseError )
 {
     OSL_TRACE( "in CallXScript" );
        ErrCode nErr = ERRCODE_NONE;
 
        bool bCaughtException = false;
     Any aException;
+    bool bRefererIsTrusted = ( aReferer.compareToAscii("private:", 8) == 0 );
     try
     {
-        if ( !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+        if ( !bRefererIsTrusted && !lcl_isScriptAccessAllowed_nothrow( 
_rxScriptContext ) )
             return ERRCODE_IO_ACCESSDENIED;
 
         // obtain/create a script provider
@@ -1757,10 +1759,11 @@ ErrCode SfxObjectShell::CallXScript( const String& 
rScriptURL,
             aParams,
         ::com::sun::star::uno::Any& aRet,
         ::com::sun::star::uno::Sequence< sal_Int16 >& aOutParamIndex,
-        ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& 
aOutParam
-        , bool bRaiseError )
+        ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& 
aOutParam,
+        const ::rtl::OUString& aReferer,
+        bool bRaiseError )
 {
-    return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, 
aOutParam, bRaiseError );
+    return CallXScript( GetModel(), rScriptURL, aParams, aRet, aOutParamIndex, 
aOutParam, aReferer, bRaiseError );
 }
 
 //-------------------------------------------------------------------------

Reply via email to