comphelper/source/misc/docpasswordhelper.cxx | 74 ++++++++++++++++++++++++-- external/python3/ExternalPackage_python3.mk | 1 forms/source/xforms/submission.cxx | 3 + forms/source/xforms/submission/submission.hxx | 6 ++ framework/source/services/autorecovery.cxx | 32 +++++++++++ package/source/xstor/owriteablestream.cxx | 8 +- package/source/xstor/owriteablestream.hxx | 3 - package/source/xstor/xstorage.cxx | 2 sal/osl/w32/process.cxx | 4 - sfx2/source/appl/appopen.cxx | 16 +++++ sfx2/source/dialog/filedlghelper.cxx | 18 ++++-- sw/qa/extras/htmlimport/data/image-size.html | 25 ++++++++ sw/qa/extras/htmlimport/data/libreoffice.jpg |binary sw/qa/extras/htmlimport/htmlimport.cxx | 13 ++++ sw/source/filter/html/htmlgrin.cxx | 29 ++++++++++ 15 files changed, 217 insertions(+), 17 deletions(-)
New commits: commit 1cb95748277dacc513084019d0cb05809de07c95 Author: Stephan Bergmann <[email protected]> AuthorDate: Sat Apr 7 12:19:43 2018 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 external/python3: Drop nis.cpython-*m.so At least Fedora 28 glibc-2.27-8.fc28 no longer provides the nis development headers and libraries. (It only still contains some binaries for backwards compatibility, in the libnsl sub-package: "This package provides the legacy version of libnsl library, for accessing NIS services.") There is probably no real need to have nis.cpython-*m.so contained in external/python3/ExternalPackage_python3.mk (it probably just happened to build fine when that list was originally created, so was included). Change-Id: Ic6128fd872432005c0ded76640c5b56781ca69a1 Reviewed-on: https://gerrit.libreoffice.org/52535 Tested-by: Jenkins <[email protected]> Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 93e6a823bd8543d30621769c7b34d6261ea5cb01) diff --git a/external/python3/ExternalPackage_python3.mk b/external/python3/ExternalPackage_python3.mk index 9da2ed4d1957..bab1451693e5 100644 --- a/external/python3/ExternalPackage_python3.mk +++ b/external/python3/ExternalPackage_python3.mk @@ -87,7 +87,6 @@ $(eval $(call gb_ExternalPackage_add_files,python3,$(LIBO_BIN_FOLDER)/python-cor LO_lib/mmap.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ LO_lib/_multibytecodec.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ LO_lib/_multiprocessing.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ - LO_lib/nis.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ LO_lib/_opcode.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ LO_lib/ossaudiodev.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ LO_lib/parser.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \ commit 1309b900e6a51a347ad29ace714c57355f2ac3c7 Author: Vasily Melenchuk <[email protected]> AuthorDate: Mon Feb 17 10:52:11 2020 +0300 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 tdf#129096: Document Recovery: Use TypeDetection on load Loading of recovered document happend before via XFilter::filter is not updating media descriptor of document. But this is important for password protected documents to store entered password and used encryption type. To avoid this problem let's use TypeDetection which during its work will ask user for password and store all the info in modified media descriptor before actual recovery attempt. Change-Id: Ide2ebf0955e0937cdc7c9d7165593b71f904649b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88844 Reviewed-by: Mike Kaganski <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> Tested-by: Jenkins (cherry picked from commit 8461127750e1fe92a615409505256132e54fb8e8) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89789 Reviewed-by: Vasily Melenchuk <[email protected]> (cherry picked from commit b05c87f00433987b10542866696f0b4aaad015cc) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93835 Tested-by: Thorsten Behrens <[email protected]> diff --git a/framework/source/services/autorecovery.cxx b/framework/source/services/autorecovery.cxx index e5563c508782..5b089449a3cb 100644 --- a/framework/source/services/autorecovery.cxx +++ b/framework/source/services/autorecovery.cxx @@ -55,6 +55,7 @@ #include <com/sun/star/beans/PropertyAttribute.hpp> #include <com/sun/star/document/XDocumentPropertiesSupplier.hpp> #include <com/sun/star/document/XDocumentRecovery.hpp> +#include <com/sun/star/document/XExtendedFilterDetection.hpp> #include <com/sun/star/util/XCloseable.hpp> #include <com/sun/star/awt/XWindow2.hpp> #include <com/sun/star/task/XStatusIndicatorFactory.hpp> @@ -3438,6 +3439,37 @@ void AutoRecovery::implts_openOneDoc(const OUString& sURL , } else { + OUString sFilterName; + lDescriptor[utl::MediaDescriptor::PROP_FILTERNAME()] >>= sFilterName; + if (!sFilterName.isEmpty() + && ( sFilterName == "Calc MS Excel 2007 XML" + || sFilterName == "Impress MS PowerPoint 2007 XML" + || sFilterName == "MS Word 2007 XML")) + // TODO: Propbably need to check other affected formats + templates? + { + // tdf#129096: in case of recovery of password protected OOXML document it is done not + // the same way as ordinal loading. Inside XDocumentRecovery::recoverFromFile + // there is a call to XFilter::filter which has constant media descriptor and thus + // all encryption data used in document is lost. To avoid this try to walkaround + // with explicit call to FormatDetector. It will try to load document, prompt for password + // and store this info in media descriptor we will use for recoverFromFile call. + Reference< css::document::XExtendedFilterDetection > xDetection( + m_xContext->getServiceManager()->createInstanceWithContext( + "com.sun.star.comp.oox.FormatDetector", m_xContext), + UNO_QUERY_THROW); + lDescriptor[utl::MediaDescriptor::PROP_URL()] <<= sURL; + Sequence< css::beans::PropertyValue > aDescriptorSeq = lDescriptor.getAsConstPropertyValueList(); + OUString sType = xDetection->detect(aDescriptorSeq); + + OUString sNewFilterName; + lDescriptor[utl::MediaDescriptor::PROP_FILTERNAME()] >>= sNewFilterName; + if (!sType.isEmpty() && sNewFilterName == sFilterName) + { + // Filter detection was okay, update media descriptor with one received from FilterDetect + lDescriptor = aDescriptorSeq; + } + } + // let it recover itself Reference< XDocumentRecovery > xDocRecover( xModel, UNO_QUERY_THROW ); xDocRecover->recoverFromFile( commit 6dad2099ea6502abc3ead560bf2f6ad0ef103dcd Author: Mike Kaganski <[email protected]> AuthorDate: Fri Jan 3 22:40:07 2020 +0300 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 tdf#93389: keep encryption information for autorecovered MS formats The autorecovery data is stored in ODF, regardless of the original document format. When restoring, type detection generates ODF data, which is stored in the media descriptor attached to document, even after real filter was restored (see AutoRecovery::implts_openDocs). If real filter is not ODF, then at the save time, it doesn't find necessary information in encryption data, and makes not encrypted package. This patch adds both MS binary data, and OOXML data, to existing ODF data for recovered password-protected documents (regardless of their real filter). TODO: only add required information to encryption data: pass real filter name to DocPasswordHelper::requestAndVerifyDocPassword from AutoRecovery::implts_openDocs. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86201 Reviewed-by: Mike Kaganski <[email protected]> Tested-by: Mike Kaganski <[email protected]> (cherry picked from commit dd198398b6e5c84ab1255a90ef96e6445b66a64f) Conflicts: comphelper/source/misc/docpasswordhelper.cxx Change-Id: I4717f067ad3c40167312b99eefef5584a467bfed (cherry picked from commit 6017cdff264afc3b98beeba1330d6df28102fe7a) Conflicts: package/source/xstor/xstorage.cxx sfx2/source/appl/appopen.cxx diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx index 7febc7cf3798..660ce8aea89c 100644 --- a/comphelper/source/misc/docpasswordhelper.cxx +++ b/comphelper/source/misc/docpasswordhelper.cxx @@ -20,6 +20,9 @@ #include <algorithm> #include <comphelper/docpasswordhelper.hxx> +#include <comphelper/storagehelper.hxx> +#include <comphelper/propertysequence.hxx> +#include <comphelper/sequence.hxx> #include <com/sun/star/beans/PropertyValue.hpp> #include <com/sun/star/task/XInteractionHandler.hpp> @@ -357,6 +360,25 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( OUString aPassword; DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword; + sal_Int32 nMediaEncDataCount = rMediaEncData.getLength(); + + // tdf#93389: if the document is being restored from autorecovery, we need to add encryption + // data also for real document type. + // TODO: get real filter name here (from CheckPasswd_Impl), to only add necessary data + bool bForSalvage = false; + if (nMediaEncDataCount) + { + for (auto& val : rMediaEncData) + { + if (val.Name == "ForSalvage") + { + --nMediaEncDataCount; // don't consider this element below + val.Value >>= bForSalvage; + break; + } + } + } + // first, try provided default passwords if( pbIsDefaultPassword ) *pbIsDefaultPassword = false; @@ -381,7 +403,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( // try media encryption data (skip, if result is OK or ABORT) if( eResult == DocPasswordVerifierResult::WrongPassword ) { - if( rMediaEncData.getLength() > 0 ) + if (nMediaEncDataCount) { eResult = rVerifier.verifyEncryptionData( rMediaEncData ); if( eResult == DocPasswordVerifierResult::OK ) @@ -440,6 +462,26 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( aEncData = comphelper::concatSequences( aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword)); } + + if (bForSalvage) + { + // TODO: add individual methods for different target filter, and only call what's needed + + // 1. Prepare binary MS formats encryption data + auto aUniqueID = GenerateRandomByteSequence(16); + auto aEnc97Key = GenerateStd97Key(aPassword.getStr(), aUniqueID); + // 2. Add MS binary and OOXML encryption data to result + uno::Sequence< beans::NamedValue > aContainer(3); + aContainer[0].Name = "STD97EncryptionKey"; + aContainer[0].Value <<= aEnc97Key; + aContainer[1].Name = "STD97UniqueID"; + aContainer[1].Value <<= aUniqueID; + aContainer[2].Name = "OOXPassword"; + aContainer[2].Value <<= aPassword; + + aEncData = comphelper::concatSequences( + aEncData, aContainer); + } } return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >(); diff --git a/package/source/xstor/owriteablestream.cxx b/package/source/xstor/owriteablestream.cxx index 5f2fec2ac146..a40c61412540 100644 --- a/package/source/xstor/owriteablestream.cxx +++ b/package/source/xstor/owriteablestream.cxx @@ -74,9 +74,11 @@ struct WSInternalData_Impl namespace package { -bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 ) +bool PackageEncryptionDataLessOrEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 ) { - bool bResult = !aHash1.empty() && aHash1.size() == aHash2.size(); + // tdf#93389: aHash2 may contain more than in aHash1, if it contains also data for other package + // formats (as in case of autorecovery) + bool bResult = !aHash1.empty() && aHash1.size() <= aHash2.size(); for ( ::comphelper::SequenceAsHashMap::const_iterator aIter = aHash1.begin(); bResult && aIter != aHash1.end(); ++aIter ) @@ -1205,7 +1207,7 @@ uno::Reference< io::XStream > OWriteStream_Impl::GetStream( sal_Int32 nStreamMod if ( m_bHasCachedEncryptionData ) { - if ( !::package::PackageEncryptionDatasEqual( m_aEncryptionData, aEncryptionData ) ) + if ( !::package::PackageEncryptionDataLessOrEqual( m_aEncryptionData, aEncryptionData ) ) throw packages::WrongPasswordException(); // the correct key must be set already diff --git a/package/source/xstor/owriteablestream.hxx b/package/source/xstor/owriteablestream.hxx index c84a653fca45..b380f801191e 100644 --- a/package/source/xstor/owriteablestream.hxx +++ b/package/source/xstor/owriteablestream.hxx @@ -63,7 +63,8 @@ struct MutexHolder }; namespace package { - bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 ); + // all data in aHash1 is contained in aHash2 + bool PackageEncryptionDataLessOrEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 ); } struct WSInternalData_Impl; diff --git a/package/source/xstor/xstorage.cxx b/package/source/xstor/xstorage.cxx index 67d14da093dc..754324b25016 100644 --- a/package/source/xstor/xstorage.cxx +++ b/package/source/xstor/xstorage.cxx @@ -905,7 +905,7 @@ void OStorage_Impl::CopyStorageElement( SotElement_Impl* pElement, AddLog( THROW_WHERE "No Encryption" ); } - if ( bHasCommonEncryptionData && ::package::PackageEncryptionDatasEqual( pElement->m_pStream->GetCachedEncryptionData(), aCommonEncryptionData ) ) + if ( bHasCommonEncryptionData && ::package::PackageEncryptionDataLessOrEqual( pElement->m_pStream->GetCachedEncryptionData(), aCommonEncryptionData ) ) { // If the stream can be opened with the common storage password // it must be stored with the common storage password as well diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx index 5f8bdaa46640..3250427f78d6 100644 --- a/sfx2/source/appl/appopen.cxx +++ b/sfx2/source/appl/appopen.cxx @@ -47,6 +47,7 @@ #include <comphelper/processfactory.hxx> #include <comphelper/storagehelper.hxx> #include <comphelper/string.hxx> +#include <comphelper/sequence.hxx> #include <comphelper/synchronousdispatch.hxx> #include <vcl/wrkwin.hxx> @@ -237,6 +238,21 @@ sal_uInt32 CheckPasswd_Impl if ( pEncryptionDataItem ) pEncryptionDataItem->GetValue() >>= aEncryptionData; + // tdf#93389: if recoverying a document, encryption data should contain + // entries for the real filter, not only for recovery ODF, to keep it + // encrypted. Pass this in encryption data. + // TODO: pass here the real filter (from AutoRecovery::implts_openDocs) + // to marshal this to requestAndVerifyDocPassword + if (pSet->GetItemState(SID_DOC_SALVAGE, false) == SfxItemState::SET) + { + uno::Sequence< beans::NamedValue > aContainer(1); + aContainer[0].Name = "ForSalvage"; + aContainer[0].Value <<= true; + + aEncryptionData = comphelper::concatSequences( + aEncryptionData, aContainer); + } + SfxDocPasswordVerifier aVerifier( xStorage ); aEncryptionData = ::comphelper::DocPasswordHelper::requestAndVerifyDocPassword( aVerifier, aEncryptionData, aPassword, xInteractionHandler, pFile->GetOrigURL(), comphelper::DocPasswordRequestType::Standard ); commit 445e58822b00b589068d6f3bef6ea1e7c2bcb2b7 Author: Mike Kaganski <[email protected]> AuthorDate: Fri Nov 29 13:07:57 2019 +0300 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 tdf#118639: store ODF encryption data for autorecovery When saving autorecovery information, ODF is used. If the original document is password-protected, its autorecovery is also generated password-protected (since ef87ff6680f79362a431db6e7ef2f40cfc576219). But when the stored encryption data for non-ODF document does not contain "PackageSHA256UTF8EncryptionKey" value, following ZipPackage::GetEncryptionKey fails, so the whole save fails. So just generate and append ODF encryption keys where we still have user password. Reviewed-on: https://gerrit.libreoffice.org/84052 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> (cherry picked from commit 63634738dd03cc74806ce6843c16ff5e51a371a0) Reviewed-on: https://gerrit.libreoffice.org/84133 Reviewed-by: Xisco Faulí <[email protected]> (cherry picked from commit e569dc9824e95617d921bb8f115d243aea0125b9) Reviewed-on: https://gerrit.libreoffice.org/84232 Reviewed-by: Adolfo Jayme Barrientos <[email protected]> (cherry picked from commit d1450f5bddd0f108078e0dfb11c9f130175fafe7) Conflicts: comphelper/source/misc/docpasswordhelper.cxx Change-Id: I776e28de784489521e4941d1075690f90c056014 diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx index d384b4fd8375..7febc7cf3798 100644 --- a/comphelper/source/misc/docpasswordhelper.cxx +++ b/comphelper/source/misc/docpasswordhelper.cxx @@ -354,6 +354,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( bool* pbIsDefaultPassword ) { css::uno::Sequence< css::beans::NamedValue > aEncData; + OUString aPassword; DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword; // first, try provided default passwords @@ -367,8 +368,12 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( if( !aIt->isEmpty() ) { eResult = rVerifier.verifyPassword( *aIt, aEncData ); - if( pbIsDefaultPassword ) - *pbIsDefaultPassword = eResult == DocPasswordVerifierResult::OK; + if (eResult == DocPasswordVerifierResult::OK) + { + aPassword = *aIt; + if (pbIsDefaultPassword) + *pbIsDefaultPassword = true; + } } } } @@ -388,7 +393,11 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( if( eResult == DocPasswordVerifierResult::WrongPassword ) { if( !rMediaPassword.isEmpty() ) + { eResult = rVerifier.verifyPassword( rMediaPassword, aEncData ); + if (eResult == DocPasswordVerifierResult::OK) + aPassword = rMediaPassword; + } } // request a password (skip, if result is OK or ABORT) @@ -404,6 +413,8 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( { if( !pRequest->getPassword().isEmpty() ) eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData ); + if (eResult == DocPasswordVerifierResult::OK) + aPassword = pRequest->getPassword(); } else { @@ -416,6 +427,21 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( { } + if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty()) + { + if (std::find_if(std::cbegin(aEncData), std::cend(aEncData), + [](const css::beans::NamedValue& val) { + return val.Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8; + }) + == std::cend(aEncData)) + { + // tdf#118639: We need ODF encryption data for autorecovery, where password + // will already be unavailable, so generate and append it here + aEncData = comphelper::concatSequences( + aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword)); + } + } + return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >(); } diff --git a/sfx2/source/dialog/filedlghelper.cxx b/sfx2/source/dialog/filedlghelper.cxx index b52d7d5a5058..2ea365511566 100644 --- a/sfx2/source/dialog/filedlghelper.cxx +++ b/sfx2/source/dialog/filedlghelper.cxx @@ -2621,6 +2621,8 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter, { if ( pPasswordRequest->getPassword().getLength() ) { + css::uno::Sequence< css::beans::NamedValue > aEncryptionData; + // TODO/LATER: The filters should show the password dialog themself in future if ( bMSType ) { @@ -2629,7 +2631,7 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter, { ::comphelper::SequenceAsHashMap aHashData; aHashData[ OUString( "OOXPassword" ) ] <<= pPasswordRequest->getPassword(); - pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( aHashData.getAsConstNamedValueList() ) ) ); + aEncryptionData = aHashData.getAsConstNamedValueList(); } else { @@ -2642,7 +2644,7 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter, aHashData[ OUString( "STD97EncryptionKey" ) ] <<= aEncryptionKey; aHashData[ OUString( "STD97UniqueID" ) ] <<= aUniqueID; - pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( aHashData.getAsConstNamedValueList() ) ) ); + aEncryptionData = aHashData.getAsConstNamedValueList(); } else { @@ -2650,10 +2652,14 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter, } } } - else - { - pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( ::comphelper::OStorageHelper::CreatePackageEncryptionData( pPasswordRequest->getPassword() ) ) ) ); - } + + // tdf#118639: We need ODF encryption data for autorecovery where password will already + // be unavailable, even for non-ODF documents, so append it here unconditionally + pSet->Put(SfxUnoAnyItem( + SID_ENCRYPTIONDATA, + uno::makeAny(comphelper::concatSequences( + aEncryptionData, comphelper::OStorageHelper::CreatePackageEncryptionData( + pPasswordRequest->getPassword()))))); } if ( pPasswordRequest->getRecommendReadOnly() ) commit a8a29df92e6196ced9058d19fb3bcc635f9290ec Author: Mike Kaganski <[email protected]> AuthorDate: Tue Apr 16 22:08:42 2019 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 tdf#124776: don't use SearchPathW to get full path of executable ... use GetModuleFileNameW() for that. We call SetDllDirectoryW and SetSearchPathMode to improve security of the process, and exclude some paths (including current directory) from search when using API that looks for binaries whose names are not fully qualified. So the sequence is this: 1. Program is started using relative executable path like "instdir\program\soffice"; 2. sal_detail_initialize is called, which calls the two mentioned hardening functions; 3. sal_detail_initialize calls osl_setCommandArgs, which in turn calls osl_createCommandArgs_Impl; 4. The latter uses SearchPathW with empty path and first program arg "instdir\program\soffice" to find fully qualified program path. That now naturally fails, because current path is not searched. But to find the process name, we need no search: we can simply use GetModuleFileNameW() with NULL passed as module handle. Let's use that. Note that we can't use _wpgmptr/_get_wpgmptr, because we don't use wide entry point like wmain. LHM-Stuff --------- Dieser Patch löst das Problem wenn Symbols eingeschaltet ist, danach konnte LO nicht mit scalc.exe, swriter.exe, .. gestartet werden den es ist damit abgestürzt. (Dumpfile war im LO-Verzeichnis) Reviewed-on: https://gerrit.libreoffice.org/70844 Reviewed-by: Mike Kaganski <[email protected]> Tested-by: Mike Kaganski <[email protected]> (cherry picked from commit c650217cc543080928a26de4bfc07ebb0be5c6ca) Change-Id: I7a0013a0505f7bdd38164b09b045bfade9686664 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89689 Tested-by: Thorsten Behrens <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> Conflicts: sal/osl/w32/process.cxx diff --git a/sal/osl/w32/process.cxx b/sal/osl/w32/process.cxx index 8c3e1169116d..529b73a27b97 100644 --- a/sal/osl/w32/process.cxx +++ b/sal/osl/w32/process.cxx @@ -275,8 +275,8 @@ static rtl_uString ** osl_createCommandArgs_Impl (int argc, char **) ::osl::LongPathBuffer< sal_Unicode > aBuffer( MAX_LONG_PATH ); DWORD dwResult = 0; - dwResult = SearchPath ( - 0, reinterpret_cast<LPCWSTR>(ppArgs[0]->buffer), L".exe", aBuffer.getBufSizeInSymbols(), ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), 0); + dwResult = GetModuleFileName ( + 0, ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), aBuffer.getBufSizeInSymbols()); if ((0 < dwResult) && (dwResult < aBuffer.getBufSizeInSymbols())) { /* Replace argv[0] with its absolute path */ commit da10afe34f985de66375e486972582b1fb876994 Author: Caolán McNamara <[email protected]> AuthorDate: Mon May 11 20:46:43 2020 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 limit forms to http[s] Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93993 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 5d101a65c31e6c2f8dd0edffe05f69055cbd481c) Conflicts: forms/source/xforms/submission.cxx Change-Id: I3ed0bc626f693ec03f610dc7361f93cad914c9d8 diff --git a/forms/source/xforms/submission.cxx b/forms/source/xforms/submission.cxx index 1f71fa2ffb60..f41b89de86c0 100644 --- a/forms/source/xforms/submission.cxx +++ b/forms/source/xforms/submission.cxx @@ -255,6 +255,9 @@ bool Submission::doSubmit( const Reference< XInteractionHandler >& xHandler ) } xSubmission->setEncoding(getEncoding()); + if (!xSubmission->IsWebProtocol()) + return false; + CSubmission::SubmissionResult aResult = xSubmission->submit( xHandler ); if (aResult == CSubmission::SUCCESS) diff --git a/forms/source/xforms/submission/submission.hxx b/forms/source/xforms/submission/submission.hxx index 927c0ab9048e..769bcaf6677e 100644 --- a/forms/source/xforms/submission/submission.hxx +++ b/forms/source/xforms/submission/submission.hxx @@ -133,6 +133,12 @@ public: , m_xContext(::comphelper::getProcessComponentContext()) {} + bool IsWebProtocol() const + { + INetProtocol eProtocol = m_aURLObj.GetProtocol(); + return eProtocol == INetProtocol::Http || eProtocol == INetProtocol::Https; + } + virtual ~CSubmission() {} void setEncoding(const OUString& aEncoding) commit a12e848570feae390a500080f65cb35e66f8fa4a Author: Caolán McNamara <[email protected]> AuthorDate: Tue Jul 17 09:58:56 2018 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 14:09:54 2020 +0200 put load of html images (to measure dimensions) under referer control Change-Id: I1de4a5214ef48394dcafa97e4ea12bb460f2fba2 Reviewed-on: https://gerrit.libreoffice.org/57566 Tested-by: Jenkins Reviewed-by: Eike Rathke <[email protected]> diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx index 30a6fb8dc082..8884e5438d1b 100644 --- a/sw/source/filter/html/htmlgrin.cxx +++ b/sw/source/filter/html/htmlgrin.cxx @@ -40,6 +40,7 @@ #include <svtools/htmltokn.h> #include <svtools/htmlkywd.hxx> #include <unotools/eventcfg.hxx> +#include <unotools/securityoptions.hxx> #include <fmtornt.hxx> #include <fmturl.hxx> @@ -298,6 +299,20 @@ void SwHTMLParser::GetDefaultScriptType( ScriptType& rType, rTypeStr = GetScriptTypeString( pHeaderAttrs ); } +namespace +{ + bool allowAccessLink(SwDoc& rDoc) + { + OUString sReferer; + SfxObjectShell * sh = rDoc.GetPersist(); + if (sh != nullptr && sh->HasName()) + { + sReferer = sh->GetMedium()->GetName(); + } + return !SvtSecurityOptions().isUntrustedReferer(sReferer); + } +} + /* */ void SwHTMLParser::InsertImage() @@ -595,7 +610,7 @@ IMAGE_SETEVENT: bool bSetScaleImageMap = false; sal_uInt8 nPrcWidth = 0, nPrcHeight = 0; - if (!nWidth || !nHeight) + if ((!nWidth || !nHeight) && allowAccessLink(*m_pDoc)) { GraphicDescriptor aDescriptor(aGraphicURL); if (aDescriptor.Detect(/*bExtendedInfo=*/true)) @@ -603,7 +618,7 @@ IMAGE_SETEVENT: // Try to use size info from the image header before defaulting to // HTML_DFLT_IMG_WIDTH/HEIGHT. aTwipSz = Application::GetDefaultDevice()->PixelToLogic(aDescriptor.GetSizePixel(), - MapMode(MapUnit::MapTwip)); + MapMode(MAP_TWIP)); nWidth = aTwipSz.getWidth(); nHeight = aTwipSz.getHeight(); } commit 8b1096abd14ad1f51592de2e6850fd16f22bfc29 Author: Miklos Vajna <[email protected]> AuthorDate: Wed Apr 18 09:46:34 2018 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Jun 8 01:57:23 2020 +0200 sw HTML import: use GraphicDescriptor to determine default size Rather than the hardcoded HTML_DFLT_IMG_WIDTH / HTML_DFLT_IMG_HEIGHT defines. Change-Id: I4ed2207ce3fdcd247054941d91eb67a679fb370c Reviewed-on: https://gerrit.libreoffice.org/53081 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins <[email protected]> Conflicts: sw/qa/extras/htmlimport/htmlimport.cxx diff --git a/sw/qa/extras/htmlimport/data/image-size.html b/sw/qa/extras/htmlimport/data/image-size.html new file mode 100644 index 000000000000..a26c606100cf --- /dev/null +++ b/sw/qa/extras/htmlimport/data/image-size.html @@ -0,0 +1,25 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<html> +<head> + <meta http-equiv="content-type" content="text/html; charset=utf-8"/> + <title></title> + <style type="text/css"> + @page { size: 21.59cm 27.94cm; margin: 2cm } + p { margin-bottom: 0.25cm; line-height: 115%; background: transparent } + </style> +</head> +<body lang="en-US" link="#000080" vlink="#800000" dir="ltr"><p style="margin-bottom: 0cm; line-height: 100%"> +<br/> + +</p> +<p style="margin-bottom: 0cm; line-height: 100%; page-break-before: always"> +<br/> + +</p> +<p style="margin-bottom: 0cm; line-height: 100%; page-break-before: always"> +<img src="libreoffice.jpg" name="Image1" align="left" border="0"/> +<br/> + +</p> +</body> +</html> diff --git a/sw/qa/extras/htmlimport/data/libreoffice.jpg b/sw/qa/extras/htmlimport/data/libreoffice.jpg new file mode 100644 index 000000000000..14af080b147f Binary files /dev/null and b/sw/qa/extras/htmlimport/data/libreoffice.jpg differ diff --git a/sw/qa/extras/htmlimport/htmlimport.cxx b/sw/qa/extras/htmlimport/htmlimport.cxx index 4f8ec0e227b0..c0dbdec4091e 100644 --- a/sw/qa/extras/htmlimport/htmlimport.cxx +++ b/sw/qa/extras/htmlimport/htmlimport.cxx @@ -126,6 +126,19 @@ DECLARE_HTMLIMPORT_TEST(testInlinedImagesPageAndParagraph, "PageAndParagraphFill } } +DECLARE_HTMLIMPORT_TEST(testImageSize, "image-size.html") +{ + awt::Size aSize = getShape(1)->getSize(); + OutputDevice* pDevice = Application::GetDefaultDevice(); + Size aPixelSize(200, 400); + Size aExpected = pDevice->PixelToLogic(aPixelSize, MapMode(MapUnit::Map100thMM)); + + // This was 1997, i.e. a hardcoded default, we did not look at the image + // header when the HTML markup declared no size. + CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int32>(aExpected.getWidth()), aSize.Width); + CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int32>(aExpected.getHeight()), aSize.Height); +} + CPPUNIT_PLUGIN_IMPLEMENT(); /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx index c83eafe5d36c..30a6fb8dc082 100644 --- a/sw/source/filter/html/htmlgrin.cxx +++ b/sw/source/filter/html/htmlgrin.cxx @@ -595,6 +595,20 @@ IMAGE_SETEVENT: bool bSetScaleImageMap = false; sal_uInt8 nPrcWidth = 0, nPrcHeight = 0; + if (!nWidth || !nHeight) + { + GraphicDescriptor aDescriptor(aGraphicURL); + if (aDescriptor.Detect(/*bExtendedInfo=*/true)) + { + // Try to use size info from the image header before defaulting to + // HTML_DFLT_IMG_WIDTH/HEIGHT. + aTwipSz = Application::GetDefaultDevice()->PixelToLogic(aDescriptor.GetSizePixel(), + MapMode(MapUnit::MapTwip)); + nWidth = aTwipSz.getWidth(); + nHeight = aTwipSz.getHeight(); + } + } + if( !nWidth || !nHeight ) { // Es fehlt die Breite oder die Hoehe _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
