wsd/ClientSession.cpp | 11 ++++++++--- wsd/protocol.txt | 5 +++++ 2 files changed, 13 insertions(+), 3 deletions(-)
New commits: commit 24b9d6008d43e1f1f7dd90fb160fb217a2dc2c6d Author: Michael Meeks <michael.me...@collabora.com> AuthorDate: Thu May 23 12:11:58 2019 +0100 Commit: Michael Meeks <michael.me...@collabora.com> CommitDate: Thu May 23 12:13:11 2019 +0100 Don't allow readonly views to removesession on editors. Change-Id: I5c00b83d5a3a5fc59f7c722b9ed7f9753b2b0dc8 diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp index df68df351..576e64f59 100644 --- a/wsd/ClientSession.cpp +++ b/wsd/ClientSession.cpp @@ -366,9 +366,14 @@ bool ClientSession::_handleInput(const char *buffer, int length) return true; } else if (tokens[0] == "removesession") { - std::string sessionId = Util::encodeId(std::stoi(tokens[1]), 4); - docBroker->broadcastMessage(firstLine); - docBroker->removeSession(sessionId); + if (tokens.size() > 1 && (_isDocumentOwner || !isReadOnly())) + { + std::string sessionId = Util::encodeId(std::stoi(tokens[1]), 4); + docBroker->broadcastMessage(firstLine); + docBroker->removeSession(sessionId); + } + else + LOG_WRN("Readonly session '" << getId() << "' trying to kill another view"); } else if (tokens[0] == "renamefile") { std::string encodedWopiFilename; diff --git a/wsd/protocol.txt b/wsd/protocol.txt index e1c229665..e1e4f64f8 100644 --- a/wsd/protocol.txt +++ b/wsd/protocol.txt @@ -236,6 +236,11 @@ rendershapeselection mimetype=<mimeType> Request rendering of selected shapes into an SVG format. By now only SVG mimetype is handled (image/svg+xml) +removesession <viewid> + + Requests the removal of a given view from the document. Lower + privilege views cannot remove higher ones, eg. a readonly view + can't remove an editor. server -> client ================ _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits