include/sfx2/objsh.hxx | 2 +
sc/source/ui/docshell/externalrefmgr.cxx | 52 ++++++++++++++++++++-----------
sfx2/source/doc/objmisc.cxx | 6 ---
sfx2/source/notify/eventsupplier.cxx | 18 +++++++---
4 files changed, 49 insertions(+), 29 deletions(-)
New commits:
commit f21ddcfd6fb234209c24160892d532c4733ac026
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jul 23 15:31:05 2019 +0100
Commit: Thorsten Behrens <thorsten.behr...@cib.de>
CommitDate: Sun Jul 28 00:23:11 2019 +0200
expand LibreLogo check to global events
Reviewed-on: https://gerrit.libreoffice.org/76189
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 4a66c7eda6ccde26a42c4e31725248c59940255d)
Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76305
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index d04758567c80..ed09fc6e2acb 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -404,6 +404,8 @@ public:
*/
bool AdjustMacroMode();
+ static bool UnTrustedScript(const OUString& rScriptURL);
+
SvKeyValueIterator* GetHeaderAttributes();
void ClearHeaderAttributesForSourceViewHack();
void SetHeaderAttributesForSourceViewHack();
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 8594e9522e48..ee4265b24562 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1346,16 +1346,12 @@ namespace
}
}
-namespace {
-
// don't allow LibreLogo to be used with our mouseover/etc dom-alike events
-bool UnTrustedScript(const OUString& rScriptURL)
+bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
{
return
rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
}
-}
-
ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >&
_rxScriptContext, const OUString& _rScriptURL,
const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >&
aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const
css::uno::Any* pCaller )
{
diff --git a/sfx2/source/notify/eventsupplier.cxx
b/sfx2/source/notify/eventsupplier.cxx
index 78667a1d8036..2656e9c213ec 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -207,18 +207,24 @@ void SfxEvents_Impl::Execute( uno::Any const &
aEventData, const document::Docum
else if (aType == "Service" ||
aType == "Script")
{
- if ( !aScript.isEmpty() )
+ bool bAllowed = false;
+ util::URL aURL;
+ if (!aScript.isEmpty())
{
- SfxViewFrame* pView = pDoc ?
- SfxViewFrame::GetFirst( pDoc ) :
- SfxViewFrame::Current();
-
uno::Reference < util::XURLTransformer > xTrans(
util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) );
- util::URL aURL;
aURL.Complete = aScript;
xTrans->parseStrict( aURL );
+ bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete);
+ }
+
+ if (bAllowed)
+ {
+ SfxViewFrame* pView = pDoc ?
+ SfxViewFrame::GetFirst( pDoc ) :
+ SfxViewFrame::Current();
+
uno::Reference
< frame::XDispatchProvider > xProv;
commit ba5ac72ab90db35342ee7210ba64e7e7caf19d48
Author: Eike Rathke <er...@redhat.com>
AuthorDate: Thu Jul 11 15:50:07 2019 +0200
Commit: Thorsten Behrens <thorsten.behr...@cib.de>
CommitDate: Sun Jul 28 00:22:56 2019 +0200
Postpone loading of all external references, including INDIRECT()
... which can be constructed with an arbitrary URI text string not
an svExternal* token type, until link updates are allowed.
Change-Id: I2ce4de415ff99ace04c083c36c1383d76a4ef40d
Reviewed-on: https://gerrit.libreoffice.org/75422
Reviewed-by: Eike Rathke <er...@redhat.com>
Tested-by: Jenkins
(cherry picked from commit b824b23860b2cf533d4f2428d4a750bd72576181)
Reviewed-on: https://gerrit.libreoffice.org/76304
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sc/source/ui/docshell/externalrefmgr.cxx
b/sc/source/ui/docshell/externalrefmgr.cxx
index 1dc2be93efc9..0960231fdaf1 100644
--- a/sc/source/ui/docshell/externalrefmgr.cxx
+++ b/sc/source/ui/docshell/externalrefmgr.cxx
@@ -132,11 +132,12 @@ struct UpdateFormulaCell
{
void operator() (ScFormulaCell* pCell) const
{
- // Check to make sure the cell really contains ocExternalRef.
+ // Check to make sure the cell really contains svExternal*.
// External names, external cell and range references all have a
- // ocExternalRef token.
+ // token of svExternal*. Additionally check for INDIRECT() that can be
+ // called with any constructed URI string.
ScTokenArray* pCode = pCell->GetCode();
- if (!pCode->HasExternalRef())
+ if (!pCode->HasExternalRef() && !pCode->HasOpCode(ocIndirect))
return;
if (pCode->GetCodeError() != FormulaError::NONE)
@@ -1657,6 +1658,17 @@ static std::unique_ptr<ScTokenArray>
lcl_fillEmptyMatrix(const ScRange& rRange)
return pArray;
}
+namespace {
+bool isLinkUpdateAllowedInDoc(const ScDocument& rDoc)
+{
+ SfxObjectShell* pDocShell = rDoc.GetDocumentShell();
+ if (!pDocShell)
+ return false;
+
+ return pDocShell->GetEmbeddedObjectContainer().getUserAllowsLinkUpdate();
+}
+}
+
ScExternalRefManager::ScExternalRefManager(ScDocument* pDoc) :
mpDoc(pDoc),
mbInReferenceMarking(false),
@@ -1946,8 +1958,17 @@ ScExternalRefCache::TokenRef
ScExternalRefManager::getSingleRefToken(
pSrcDoc = getSrcDocument(nFileId);
if (!pSrcDoc)
{
- // Source document not reachable. Throw a reference error.
- pToken.reset(new FormulaErrorToken(FormulaError::NoRef));
+ // Source document not reachable.
+ if (!isLinkUpdateAllowedInDoc(*mpDoc))
+ {
+ // Indicate with specific error.
+ pToken.reset(new
FormulaErrorToken(FormulaError::LinkFormulaNeedingCheck));
+ }
+ else
+ {
+ // Throw a reference error.
+ pToken.reset(new FormulaErrorToken(FormulaError::NoRef));
+ }
return pToken;
}
@@ -2154,15 +2175,6 @@ void insertRefCellByIterator(
}
}
-bool IsLinkUpdateAllowedInDoc(const ScDocument& rDoc)
-{
- SfxObjectShell* pDocShell = rDoc.GetDocumentShell();
- if (!pDocShell)
- return false;
-
- return pDocShell->GetEmbeddedObjectContainer().getUserAllowsLinkUpdate();
-}
-
}
void ScExternalRefManager::insertRefCell(sal_uInt16 nFileId, const ScAddress&
rCell)
@@ -2373,8 +2385,8 @@ ScDocument*
ScExternalRefManager::getInMemorySrcDocument(sal_uInt16 nFileId)
if (!pFileName)
return nullptr;
- // Do not load document until it was allowed
- if (!IsLinkUpdateAllowedInDoc(*mpDoc))
+ // Do not load document until it was allowed.
+ if (!isLinkUpdateAllowedInDoc(*mpDoc))
return nullptr;
ScDocument* pSrcDoc = nullptr;
@@ -2483,6 +2495,10 @@ SfxObjectShellRef
ScExternalRefManager::loadSrcDocument(sal_uInt16 nFileId, OUSt
if (!isFileLoadable(aFile))
return nullptr;
+ // Do not load document until it was allowed.
+ if (!isLinkUpdateAllowedInDoc(*mpDoc))
+ return nullptr;
+
OUString aOptions = pFileData->maFilterOptions;
if ( !pFileData->maFilterName.isEmpty() )
rFilter = pFileData->maFilterName; // don't overwrite stored
filter with guessed filter
@@ -2621,9 +2637,9 @@ void ScExternalRefManager::maybeLinkExternalFile(
sal_uInt16 nFileId, bool bDefe
aOptions = pFileData->maFilterOptions;
}
- // Filter detection may access external links; defer it until we are
allowed
+ // Filter detection may access external links; defer it until we are
allowed.
if (!bDeferFilterDetection)
- bDeferFilterDetection = !IsLinkUpdateAllowedInDoc(*mpDoc);
+ bDeferFilterDetection = !isLinkUpdateAllowedInDoc(*mpDoc);
// If a filter was already set (for example, loading the cached table),
// don't call GetFilterName which has to access the source file.
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
