This is an automated email from the ASF dual-hosted git repository. ardovm pushed a commit to branch referer41X in repository https://gitbox.apache.org/repos/asf/openoffice.git
commit 2a03e1be20d1c79951c5b71a340d9d7832ffe703 Author: Arrigo Marchiori <[email protected]> AuthorDate: Sat Jan 28 11:03:04 2023 +0100 Trust the "Referer" parameter (cherry picked from commit 8ff7eef7722d15f65826c2c58cd7ce4e768cb9e1) --- main/sfx2/inc/sfx2/appuno.hxx | 13 +++- main/sfx2/source/appl/appuno.cxx | 112 ++++++++++++++++++------------ main/sfx2/source/notify/eventsupplier.cxx | 5 +- 3 files changed, 83 insertions(+), 47 deletions(-) diff --git a/main/sfx2/inc/sfx2/appuno.hxx b/main/sfx2/inc/sfx2/appuno.hxx index f64b2f4629..fecc36d9fe 100644 --- a/main/sfx2/inc/sfx2/appuno.hxx +++ b/main/sfx2/inc/sfx2/appuno.hxx @@ -90,7 +90,18 @@ public: SfxMacroLoader( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& ) {} - static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException ); + /** + * Execute a BASIC macro. + * + * @param aURL URL pointing to the macro (in the form macro:...) + * @param rRetval will be set with the macro's return value. + * @param aReferer "Referer" identifying the source of this request. May be empty. + * @param pDoc shell to use. Default is NULL for using + * SfxObjectShell::Current(). + * + * @return ERRCODE_NONE if all went smoothly. + */ + static ErrCode loadMacro( const ::rtl::OUString& aURL, ::com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pDoc=NULL ) throw( ::com::sun::star::uno::RuntimeException ); virtual ::com::sun::star::uno::Reference < ::com::sun::star::frame::XDispatch > SAL_CALL queryDispatch( const ::com::sun::star::util::URL& aURL, const ::rtl::OUString& sTargetFrameName, diff --git a/main/sfx2/source/appl/appuno.cxx b/main/sfx2/source/appl/appuno.cxx index f1f2e2e5fd..b54e1ca2dd 100644 --- a/main/sfx2/source/appl/appuno.cxx +++ b/main/sfx2/source/appl/appuno.cxx @@ -1729,14 +1729,33 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl() return lDispatcher; } -// ----------------------------------------------------------------------- -void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL , - const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs , - const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener ) - throw (::com::sun::star::uno::RuntimeException) +/** + * @brief Check if a "Referer" is trusted. + * + * @param aReferer "Referer" to validate. + * + * @return sal_True if trusted. + */ +static sal_Bool refererIsTrusted(const ::rtl::OUString &aReferer) { - ::vos::OGuard aGuard( Application::GetSolarMutex() ); + if (aReferer.compareToAscii("private:", 8) == 0) { + return sal_True; + } else { + return sal_False; + } +} + +/** + * @brief Check if a sequence of parameters contains a "Referer" and + * returns it. + * + * @param lArgs sequence of parameters. + * + * @return the value of the "Referer" parameter, or an empty string. + */ +static ::rtl::OUString findReferer(const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs) +{ sal_uInt32 nPropertyCount = lArgs.getLength(); ::rtl::OUString aReferer; for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty ) @@ -1747,9 +1766,20 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star:: break; } } + return aReferer; +} + + +// ----------------------------------------------------------------------- +void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star::util::URL& aURL , + const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs , + const ::com::sun::star::uno::Reference< ::com::sun::star::frame::XDispatchResultListener >& xListener ) + throw (::com::sun::star::uno::RuntimeException) +{ + ::vos::OGuard aGuard( Application::GetSolarMutex() ); ::com::sun::star::uno::Any aAny; - ErrCode nErr = loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() ); + ErrCode nErr = loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() ); if( xListener.is() ) { // always call dispatchFinished(), because we didn't load a document but @@ -1768,10 +1798,10 @@ void SAL_CALL SfxMacroLoader::dispatchWithNotification( const ::com::sun::star:: ::com::sun::star::uno::Any SAL_CALL SfxMacroLoader::dispatchWithReturnValue( const ::com::sun::star::util::URL& aURL, - const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& ) throw (::com::sun::star::uno::RuntimeException) + const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::PropertyValue >& lArgs) throw (::com::sun::star::uno::RuntimeException) { ::com::sun::star::uno::Any aRet; - /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, GetObjectShell_Impl() ); + /*ErrCode nErr = */loadMacro( aURL.Complete, aRet, findReferer(lArgs), GetObjectShell_Impl() ); return aRet; } @@ -1782,19 +1812,8 @@ void SAL_CALL SfxMacroLoader::dispatch( const ::com::sun::star::util::URL& { ::vos::OGuard aGuard( Application::GetSolarMutex() ); - sal_uInt32 nPropertyCount = lArgs.getLength(); - ::rtl::OUString aReferer; - for( sal_uInt32 nProperty=0; nProperty<nPropertyCount; ++nProperty ) - { - if( lArgs[nProperty].Name == ::rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("Referer")) ) - { - lArgs[nProperty].Value >>= aReferer; - break; - } - } - ::com::sun::star::uno::Any aAny; - /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, GetObjectShell_Impl() ); + /*ErrCode nErr = */loadMacro( aURL.Complete, aAny, findReferer(lArgs), GetObjectShell_Impl() ); } // ----------------------------------------------------------------------- @@ -1817,7 +1836,7 @@ void SAL_CALL SfxMacroLoader::removeStatusListener( { } -ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, SfxObjectShell* pSh ) +ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star::uno::Any& rRetval, const ::rtl::OUString& aReferer, SfxObjectShell* pSh ) throw ( ::com::sun::star::uno::RuntimeException ) { SfxObjectShell* pCurrent = pSh; @@ -1868,29 +1887,32 @@ ErrCode SfxMacroLoader::loadMacro( const ::rtl::OUString& rURL, com::sun::star:: const bool bIsAppBasic = ( pBasMgr == pAppMgr ); const bool bIsDocBasic = ( pBasMgr != pAppMgr ); - if ( pDoc ) - { - // security check for macros from document basic if an SFX doc is given - if ( !pDoc->AdjustMacroMode( String() ) ) - // check forbids execution - return ERRCODE_IO_ACCESSDENIED; - } - /* XXX in the original sources this branch was present but its - condition does not make sense. - Let's keep it in case it may be useful for more in-depth checks. - else if ( pDoc && pDoc->GetMedium() ) - { - pDoc->AdjustMacroMode( String() ); - SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False); - SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False); - if ( pUpdateDocItem && pMacroExecModeItem - && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE - && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE ) - return ERRCODE_IO_ACCESSDENIED; - }*/ - else if ( pCurrent ) { - if ( !pCurrent->AdjustMacroMode( String() ) ) - return ERRCODE_IO_ACCESSDENIED; + if ( !refererIsTrusted(aReferer) ) { + // Not trusted + if ( pDoc ) + { + // security check for macros from document basic if an SFX doc is given + if ( !pDoc->AdjustMacroMode( String() ) ) + // check forbids execution + return ERRCODE_IO_ACCESSDENIED; + } + /* XXX in the original sources this branch was present but its + condition does not make sense. + Let's keep it in case it may be useful for more in-depth checks. + else if ( pDoc && pDoc->GetMedium() ) + { + pDoc->AdjustMacroMode( String() ); + SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pUpdateDocItem, SfxUInt16Item, SID_UPDATEDOCMODE, sal_False); + SFX_ITEMSET_ARG( pDoc->GetMedium()->GetItemSet(), pMacroExecModeItem, SfxUInt16Item, SID_MACROEXECMODE, sal_False); + if ( pUpdateDocItem && pMacroExecModeItem + && pUpdateDocItem->GetValue() == document::UpdateDocMode::NO_UPDATE + && pMacroExecModeItem->GetValue() == document::MacroExecMode::NEVER_EXECUTE ) + return ERRCODE_IO_ACCESSDENIED; + }*/ + else if ( pCurrent ) { + if ( !pCurrent->AdjustMacroMode( String() ) ) + return ERRCODE_IO_ACCESSDENIED; + } } // find BASIC method diff --git a/main/sfx2/source/notify/eventsupplier.cxx b/main/sfx2/source/notify/eventsupplier.cxx index 73a7eb97a2..6577dab059 100644 --- a/main/sfx2/source/notify/eventsupplier.cxx +++ b/main/sfx2/source/notify/eventsupplier.cxx @@ -205,6 +205,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg OUSTRING aScript; OUSTRING aLibrary; OUSTRING aMacroName; + OUSTRING aReferer; sal_Int32 nCount = aProperties.getLength(); @@ -222,6 +223,8 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg aProperties[ nIndex ].Value >>= aLibrary; else if ( aProperties[ nIndex ].Name.compareToAscii( PROP_MACRO_NAME ) == 0 ) aProperties[ nIndex ].Value >>= aMacroName; + else if ( aProperties[ nIndex ].Name.compareToAscii( "Referer" ) == 0 ) + aProperties[ nIndex ].Value >>= aReferer; else { DBG_ERROR("Unknown property value!"); } @@ -231,7 +234,7 @@ static void Execute( ANY& aEventData, const css::document::DocumentEvent& aTrigg if ( aType.compareToAscii( STAR_BASIC ) == 0 && aScript.getLength() ) { com::sun::star::uno::Any aAny; - SfxMacroLoader::loadMacro( aScript, aAny, pDoc ); + SfxMacroLoader::loadMacro( aScript, aAny, aReferer, pDoc ); } else if ( aType.compareToAscii( "Service" ) == 0 || aType.compareToAscii( "Script" ) == 0 )
