sw/source/filter/html/htmlgrin.cxx | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)
New commits: commit 72dc4c2633fb866cc8b42dc742bffc57c23e9889 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue Jul 17 09:58:56 2018 +0100 Commit: Eike Rathke <er...@redhat.com> CommitDate: Wed Jul 18 21:18:02 2018 +0200 put load of html images (to measure dimensions) under referer control Change-Id: I1de4a5214ef48394dcafa97e4ea12bb460f2fba2 Reviewed-on: https://gerrit.libreoffice.org/57566 Tested-by: Jenkins Reviewed-by: Eike Rathke <er...@redhat.com> diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx index 0a9050f3475a..8e61296d5389 100644 --- a/sw/source/filter/html/htmlgrin.cxx +++ b/sw/source/filter/html/htmlgrin.cxx @@ -299,6 +299,20 @@ void SwHTMLParser::GetDefaultScriptType( ScriptType& rType, rTypeStr = GetScriptTypeString( pHeaderAttrs ); } +namespace +{ + bool allowAccessLink(SwDoc& rDoc) + { + OUString sReferer; + SfxObjectShell * sh = rDoc.GetPersist(); + if (sh != nullptr && sh->HasName()) + { + sReferer = sh->GetMedium()->GetName(); + } + return !SvtSecurityOptions().isUntrustedReferer(sReferer); + } +} + /* */ void SwHTMLParser::InsertImage() @@ -627,7 +641,7 @@ IMAGE_SETEVENT: bool bSetScaleImageMap = false; sal_uInt8 nPrcWidth = 0, nPrcHeight = 0; - if (!nWidth || !nHeight) + if ((!nWidth || !nHeight) && allowAccessLink(*m_xDoc)) { GraphicDescriptor aDescriptor(aGraphicURL); if (aDescriptor.Detect(/*bExtendedInfo=*/true)) _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits