[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - sfx2/source

Caolán McNamara (via logerrit) Tue, 11 Apr 2023 07:56:57 -0700

 sfx2/source/doc/iframe.cxx |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)


New commits:
commit 683e4de0de8dde7c5570c67cbd2bae17b6d7f0e0
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Apr 11 10:13:37 2023 +0100
Commit:     Stephan Bergmann <sberg...@redhat.com>
CommitDate: Tue Apr 11 16:56:27 2023 +0200

    set Referer on loading IFrames
    
    so tools, options, security, options,
    "block any links from document not..."
    applies to their contents.
    
    Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150225
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sberg...@redhat.com>

diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 5672f3edbcf5..559e35de8bdf 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -38,6 +38,7 @@
 #include <cppuhelper/supportsservice.hxx>
 #include <officecfg/Office/Common.hxx>
 #include <svl/itemprop.hxx>
+#include <sfx2/docfile.hxx>
 #include <sfx2/frmdescr.hxx>
 #include <sfx2/objsh.hxx>
 #include <sfx2/sfxdlg.hxx>
@@ -166,10 +167,11 @@ sal_Bool SAL_CALL IFrameObject::load(
         uno::Reference < util::XURLTransformer > xTrans( 
util::URLTransformer::create( mxContext ) );
         xTrans->parseStrict( aTargetURL );
 
+        uno::Reference<frame::XFramesSupplier> xParentFrame = 
xFrame->getCreator();
+        SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
+
         if (INetURLObject(aTargetURL.Complete).GetProtocol() == 
INetProtocol::Macro)
         {
-            uno::Reference<frame::XFramesSupplier> xParentFrame = 
xFrame->getCreator();
-            SfxObjectShell* pDoc = 
SfxMacroLoader::GetObjectShell(xParentFrame);
             if (pDoc && !pDoc->AdjustMacroMode())
                 return false;
         }
@@ -177,6 +179,10 @@ sal_Bool SAL_CALL IFrameObject::load(
         if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete))
             return false;
 
+        OUString sReferer;
+        if (pDoc && pDoc->HasName())
+            sReferer = pDoc->GetMedium()->GetName();
+
         DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
         VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( 
xFrame->getContainerWindow() );
         VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( 
pParent, maFrmDescr.IsFrameBorderOn() );
@@ -201,7 +207,8 @@ sal_Bool SAL_CALL IFrameObject::load(
 
         uno::Sequence < beans::PropertyValue > aProps{
             comphelper::makePropertyValue("PluginMode", sal_Int16(2)),
-            comphelper::makePropertyValue("ReadOnly", true)
+            comphelper::makePropertyValue("ReadOnly", true),
+            comphelper::makePropertyValue("Referer", sReferer)
         };
         uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( 
aTargetURL, "_self", 0 );
         if ( xDisp.is() )

[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - sfx2/source

Reply via email to