include/sfx2/objsh.hxx | 2 + sc/source/ui/docshell/externalrefmgr.cxx | 52 ++++++++++++++++++++----------- sfx2/source/doc/objmisc.cxx | 6 --- sfx2/source/notify/eventsupplier.cxx | 18 +++++++--- 4 files changed, 49 insertions(+), 29 deletions(-)
New commits: commit f21ddcfd6fb234209c24160892d532c4733ac026 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue Jul 23 15:31:05 2019 +0100 Commit: Thorsten Behrens <thorsten.behr...@cib.de> CommitDate: Sun Jul 28 00:23:11 2019 +0200 expand LibreLogo check to global events Reviewed-on: https://gerrit.libreoffice.org/76189 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 4a66c7eda6ccde26a42c4e31725248c59940255d) Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f Reviewed-on: https://gerrit.libreoffice.org/76305 Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de> Tested-by: Thorsten Behrens <thorsten.behr...@cib.de> diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index d04758567c80..ed09fc6e2acb 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -404,6 +404,8 @@ public: */ bool AdjustMacroMode(); + static bool UnTrustedScript(const OUString& rScriptURL); + SvKeyValueIterator* GetHeaderAttributes(); void ClearHeaderAttributesForSourceViewHack(); void SetHeaderAttributesForSourceViewHack(); diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 8594e9522e48..ee4265b24562 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1346,16 +1346,12 @@ namespace } } -namespace { - // don't allow LibreLogo to be used with our mouseover/etc dom-alike events -bool UnTrustedScript(const OUString& rScriptURL) +bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL) { return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo"); } -} - ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL, const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const css::uno::Any* pCaller ) { diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx index 78667a1d8036..2656e9c213ec 100644 --- a/sfx2/source/notify/eventsupplier.cxx +++ b/sfx2/source/notify/eventsupplier.cxx @@ -207,18 +207,24 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum else if (aType == "Service" || aType == "Script") { - if ( !aScript.isEmpty() ) + bool bAllowed = false; + util::URL aURL; + if (!aScript.isEmpty()) { - SfxViewFrame* pView = pDoc ? - SfxViewFrame::GetFirst( pDoc ) : - SfxViewFrame::Current(); - uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) ); - util::URL aURL; aURL.Complete = aScript; xTrans->parseStrict( aURL ); + bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete); + } + + if (bAllowed) + { + SfxViewFrame* pView = pDoc ? + SfxViewFrame::GetFirst( pDoc ) : + SfxViewFrame::Current(); + uno::Reference < frame::XDispatchProvider > xProv; commit ba5ac72ab90db35342ee7210ba64e7e7caf19d48 Author: Eike Rathke <er...@redhat.com> AuthorDate: Thu Jul 11 15:50:07 2019 +0200 Commit: Thorsten Behrens <thorsten.behr...@cib.de> CommitDate: Sun Jul 28 00:22:56 2019 +0200 Postpone loading of all external references, including INDIRECT() ... which can be constructed with an arbitrary URI text string not an svExternal* token type, until link updates are allowed. Change-Id: I2ce4de415ff99ace04c083c36c1383d76a4ef40d Reviewed-on: https://gerrit.libreoffice.org/75422 Reviewed-by: Eike Rathke <er...@redhat.com> Tested-by: Jenkins (cherry picked from commit b824b23860b2cf533d4f2428d4a750bd72576181) Reviewed-on: https://gerrit.libreoffice.org/76304 Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de> Tested-by: Thorsten Behrens <thorsten.behr...@cib.de> diff --git a/sc/source/ui/docshell/externalrefmgr.cxx b/sc/source/ui/docshell/externalrefmgr.cxx index 1dc2be93efc9..0960231fdaf1 100644 --- a/sc/source/ui/docshell/externalrefmgr.cxx +++ b/sc/source/ui/docshell/externalrefmgr.cxx @@ -132,11 +132,12 @@ struct UpdateFormulaCell { void operator() (ScFormulaCell* pCell) const { - // Check to make sure the cell really contains ocExternalRef. + // Check to make sure the cell really contains svExternal*. // External names, external cell and range references all have a - // ocExternalRef token. + // token of svExternal*. Additionally check for INDIRECT() that can be + // called with any constructed URI string. ScTokenArray* pCode = pCell->GetCode(); - if (!pCode->HasExternalRef()) + if (!pCode->HasExternalRef() && !pCode->HasOpCode(ocIndirect)) return; if (pCode->GetCodeError() != FormulaError::NONE) @@ -1657,6 +1658,17 @@ static std::unique_ptr<ScTokenArray> lcl_fillEmptyMatrix(const ScRange& rRange) return pArray; } +namespace { +bool isLinkUpdateAllowedInDoc(const ScDocument& rDoc) +{ + SfxObjectShell* pDocShell = rDoc.GetDocumentShell(); + if (!pDocShell) + return false; + + return pDocShell->GetEmbeddedObjectContainer().getUserAllowsLinkUpdate(); +} +} + ScExternalRefManager::ScExternalRefManager(ScDocument* pDoc) : mpDoc(pDoc), mbInReferenceMarking(false), @@ -1946,8 +1958,17 @@ ScExternalRefCache::TokenRef ScExternalRefManager::getSingleRefToken( pSrcDoc = getSrcDocument(nFileId); if (!pSrcDoc) { - // Source document not reachable. Throw a reference error. - pToken.reset(new FormulaErrorToken(FormulaError::NoRef)); + // Source document not reachable. + if (!isLinkUpdateAllowedInDoc(*mpDoc)) + { + // Indicate with specific error. + pToken.reset(new FormulaErrorToken(FormulaError::LinkFormulaNeedingCheck)); + } + else + { + // Throw a reference error. + pToken.reset(new FormulaErrorToken(FormulaError::NoRef)); + } return pToken; } @@ -2154,15 +2175,6 @@ void insertRefCellByIterator( } } -bool IsLinkUpdateAllowedInDoc(const ScDocument& rDoc) -{ - SfxObjectShell* pDocShell = rDoc.GetDocumentShell(); - if (!pDocShell) - return false; - - return pDocShell->GetEmbeddedObjectContainer().getUserAllowsLinkUpdate(); -} - } void ScExternalRefManager::insertRefCell(sal_uInt16 nFileId, const ScAddress& rCell) @@ -2373,8 +2385,8 @@ ScDocument* ScExternalRefManager::getInMemorySrcDocument(sal_uInt16 nFileId) if (!pFileName) return nullptr; - // Do not load document until it was allowed - if (!IsLinkUpdateAllowedInDoc(*mpDoc)) + // Do not load document until it was allowed. + if (!isLinkUpdateAllowedInDoc(*mpDoc)) return nullptr; ScDocument* pSrcDoc = nullptr; @@ -2483,6 +2495,10 @@ SfxObjectShellRef ScExternalRefManager::loadSrcDocument(sal_uInt16 nFileId, OUSt if (!isFileLoadable(aFile)) return nullptr; + // Do not load document until it was allowed. + if (!isLinkUpdateAllowedInDoc(*mpDoc)) + return nullptr; + OUString aOptions = pFileData->maFilterOptions; if ( !pFileData->maFilterName.isEmpty() ) rFilter = pFileData->maFilterName; // don't overwrite stored filter with guessed filter @@ -2621,9 +2637,9 @@ void ScExternalRefManager::maybeLinkExternalFile( sal_uInt16 nFileId, bool bDefe aOptions = pFileData->maFilterOptions; } - // Filter detection may access external links; defer it until we are allowed + // Filter detection may access external links; defer it until we are allowed. if (!bDeferFilterDetection) - bDeferFilterDetection = !IsLinkUpdateAllowedInDoc(*mpDoc); + bDeferFilterDetection = !isLinkUpdateAllowedInDoc(*mpDoc); // If a filter was already set (for example, loading the cached table), // don't call GetFilterName which has to access the source file. _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits