https://issues.apache.org/ooo/show_bug.cgi?id=122322
--- Comment #7 from [email protected] --- FYI: LO has the same security issue: https://bugs.freedesktop.org/show_bug.cgi?id=51819 Some more info about this: The problem behind this issue is that the recovery file gets always saved unencrypted (unprotected) even for a password-protected file (you can check this in the user backup directory: if the content.xml inside the document is plain-text than it is unencrypted). The issue seems to be introduced by the changes for bug 119366 (revision 1354039): now SID_ENCRYPTIONDATA is also cleared in PreDoSaveAs_Impl, and so the recovery file is saved without encryption info (AutoRecovery also uses Save As to save the file). I suppose (cannot check it though) that the solution to this issue could be to modify the implts_saveOneDoc function in this file: http://svn.apache.org/viewvc/openoffice/trunk/main/framework/source/services/autorecovery.cxx?view=markup and to put PROP_ENCRYPTIONDATA also into lNewArgs (similar to PROP_PASSWORD around line 2417), so that the PreDoSaveAs_Impl could paste the encryption data from pParams (as from the original document it is cleared now due to the changes). Hope it helps! -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. You are watching all bug changes.
