[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-4-1-6+backports' - scripting/source

Mon, 22 Oct 2018 07:55:29 -0700 

 scripting/source/pyprov/pythonscript.py |   30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

New commits:
commit 90d8c9812fbaf05d05ca1424a800abff8a6f2082
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Oct 18 20:39:23 2018 +0100
Commit:     Michael Stahl <michael.st...@cib.de>
CommitDate: Mon Oct 22 16:55:05 2018 +0200

    keep pyuno script processing below base uri
    
    Conflicts:
            scripting/source/pyprov/pythonscript.py
    
    Change-Id: Icc13fb7193fb1e7c50e0df286161a10b4ed636c7
    Reviewed-on: https://gerrit.libreoffice.org/62174
    Reviewed-by: Michael Stahl <michael.st...@cib.de>
    Tested-by: Michael Stahl <michael.st...@cib.de>

diff --git a/scripting/source/pyprov/pythonscript.py 
b/scripting/source/pyprov/pythonscript.py
index b6b01232fa0f..584cb7792b63 100755
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -23,6 +23,7 @@ import os
 import imp
 import time
 import ast
+from com.sun.star.uri.RelativeUriExcessParentSegments import RETAIN
 
 try:
     unicode
@@ -202,8 +203,33 @@ class MyUriHelper:
     
     def scriptURI2StorageUri( self, scriptURI ):
         try:
-            myUri = self.m_uriRefFac.parse(scriptURI)
-            ret = self.m_baseUri + "/" + myUri.getName().replace( "|", "/" )
+            # base path to the python script location
+            sBaseUri = self.m_baseUri + "/"
+            xBaseUri = self.m_uriRefFac.parse(sBaseUri)
+
+            # path to the .py file + "$functionname, arguments, etc
+            xStorageUri = self.m_uriRefFac.parse(scriptURI)
+            sStorageUri = xStorageUri.getName().replace( "|", "/" );
+
+            # path to the .py file, relative to the base
+            sFileUri = sStorageUri[0:sStorageUri.find("$")]
+            xFileUri = self.m_uriRefFac.parse(sFileUri)
+            if not xFileUri:
+                message = "pythonscript: invalid relative uri '" + sFileUri+ 
"'"
+                log.isDebugLevel() and log.debug( message )
+                raise RuntimeException( message )
+
+            # absolute path to the .py file
+            xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, 
True, RETAIN)
+            sAbsScriptUri = xAbsScriptUri.getUriReference()
+
+            # ensure py file is under the base path
+            if not sAbsScriptUri.startswith(sBaseUri):
+                message = "pythonscript: storage uri '" + sAbsScriptUri + "' 
not in base uri '" + self.m_baseUri + "'"
+                log.isDebugLevel() and log.debug( message )
+                raise RuntimeException( message )
+
+            ret = sBaseUri + sStorageUri
             log.isDebugLevel() and log.debug( "converting 
scriptURI="+scriptURI + " to storageURI=" + ret )
             return ret
         except UnoException as e:
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to