avmedia/source/viewer/mediawindow_impl.cxx | 13 +++--- editeng/source/items/frmitems.cxx | 10 +++- embeddedobj/source/commonembedding/persistence.cxx | 17 ++++++-- forms/source/component/ImageControl.cxx | 4 + forms/source/component/clickableimage.cxx | 2 sfx2/source/appl/linkmgr2.cxx | 5 +- sw/source/filter/html/htmlgrin.cxx | 3 - toolkit/source/controls/unocontrols.cxx | 3 - tools/qa/cppunit/test_urlobj.cxx | 44 +++++++++++++++++++++ tools/source/fsys/urlobj.cxx | 31 ++++++++++++-- unotools/source/misc/mediadescriptor.cxx | 3 + vcl/source/filter/graphicfilter.cxx | 8 +++ 12 files changed, 121 insertions(+), 22 deletions(-)
New commits: commit af327e823ebbf826a36387ebacfcbc0cea0c2d98 Author: Stephan Bergmann <stephan.bergm...@allotropia.de> AuthorDate: Sat Dec 7 17:36:22 2024 +0100 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Wed Dec 11 20:08:10 2024 +0000 Fix check for further exotic protocols ...that were added in 59891cd3985469bc44dbd05c9fc704eeb07f0c78 "look at 'embedded' protocols for protocols that support them" Change-Id: I42836d6fd27cd99e39ab07e626053f002a2651f5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178047 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de> (cherry picked from commit 8075798b22f2188530f57b8747589923bfd419ef) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178065 Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178166 Reviewed-by: Miklos Vajna <vmik...@collabora.com> Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> (cherry picked from commit a58893f2de8210008fa7bb403e9c9000869e6c04) diff --git a/tools/qa/cppunit/test_urlobj.cxx b/tools/qa/cppunit/test_urlobj.cxx index 273b5feff954..1df859b305f9 100644 --- a/tools/qa/cppunit/test_urlobj.cxx +++ b/tools/qa/cppunit/test_urlobj.cxx @@ -354,6 +354,49 @@ namespace tools_urlobj } } + void testIsExoticProtocol() { + { + INetURLObject url(u"vnd.sun.star.pkg://slot%3A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.pkg://vnd.sun.star.pkg%3A%2F%2Fslot%253A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.pkg://http%3A%2F%2Fexample.net"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(!url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0/foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0?foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0#foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://http%3A%2F%2Fexample.net"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(!url.IsExoticProtocol()); + } + } + // Change the following lines only, if you add, remove or rename // member functions of the current class, // because these macros are need by auto register mechanism. @@ -371,6 +414,7 @@ namespace tools_urlobj CPPUNIT_TEST( testChangeScheme ); CPPUNIT_TEST( testTd146382 ); CPPUNIT_TEST( testParseSmart ); + CPPUNIT_TEST( testIsExoticProtocol ); CPPUNIT_TEST_SUITE_END( ); }; // class createPool diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 7faf15dcd073..827fbe217965 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4891,10 +4891,21 @@ bool INetURLObject::IsExoticProtocol() const { return true; } - if (isSchemeEqualTo(u"vnd.sun.star.pkg") || isSchemeEqualTo(u"vnd.sun.star.zip")) + if (m_eScheme == INetProtocol::VndSunStarPkg) { + return INetURLObject(GetHost(INetURLObject::DecodeMechanism::WithCharset)) + .IsExoticProtocol(); + } + if (isSchemeEqualTo(u"vnd.sun.star.zip")) { - OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::WithCharset); - return sPayloadURL.startsWith(u"//") && INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol(); + OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::NONE); + if (!sPayloadURL.startsWith(u"//")) { + return false; + } + auto const find = [&sPayloadURL](auto c) { + auto const n = sPayloadURL.indexOf(c, 2); + return n == -1 ? sPayloadURL.getLength() : n; + }; + return INetURLObject(decode(sPayloadURL.subView(2, std::min(find('/'), find('?')) - 2), INetURLObject::DecodeMechanism::WithCharset)).IsExoticProtocol(); } return false; } commit 24e7bd132cab74e8c145c0c7b395ef3edf10fc41 Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Fri Dec 6 14:41:19 2024 +0000 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Wed Dec 11 20:08:10 2024 +0000 look at 'embedded' protocols too Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> (cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987 Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de> (cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178164 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Miklos Vajna <vmik...@collabora.com> (cherry picked from commit e25d074b3163971d64d24976af1a9bd0634c8da5) diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 23a0d67d2717..7faf15dcd073 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4882,12 +4882,21 @@ OUString INetURLObject::CutExtension() bool INetURLObject::IsExoticProtocol() const { - return m_eScheme == INetProtocol::Slot || - m_eScheme == INetProtocol::Macro || - m_eScheme == INetProtocol::Uno || - m_eScheme == INetProtocol::VndSunStarExpand || - isSchemeEqualTo(u"vnd.sun.star.script") || - isSchemeEqualTo(u"service"); + if (m_eScheme == INetProtocol::Slot || + m_eScheme == INetProtocol::Macro || + m_eScheme == INetProtocol::Uno || + m_eScheme == INetProtocol::VndSunStarExpand || + isSchemeEqualTo(u"vnd.sun.star.script") || + isSchemeEqualTo(u"service")) + { + return true; + } + if (isSchemeEqualTo(u"vnd.sun.star.pkg") || isSchemeEqualTo(u"vnd.sun.star.zip")) + { + OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::WithCharset); + return sPayloadURL.startsWith(u"//") && INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol(); + } + return false; } /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ commit fd74505b78e5d09c345aaf66f7e7b8ed3170591e Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Fri Nov 15 12:30:39 2024 +0000 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Wed Dec 11 20:08:10 2024 +0000 consider VndSunStarExpand an exotic protocol and generally don't bother with it when fetching data from urls Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176922 Reviewed-by: Miklos Vajna <vmik...@collabora.com> Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> (cherry picked from commit 4fbe740677b90d8b73842b60863e2f4c9f4ea382) diff --git a/avmedia/source/viewer/mediawindow_impl.cxx b/avmedia/source/viewer/mediawindow_impl.cxx index 82ca1b92821c..7a6755e40052 100644 --- a/avmedia/source/viewer/mediawindow_impl.cxx +++ b/avmedia/source/viewer/mediawindow_impl.cxx @@ -170,15 +170,16 @@ void MediaWindowImpl::dispose() uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString*) { - uno::Reference<media::XPlayer> xPlayer; - if( rURL.isEmpty() ) - return xPlayer; + return nullptr; if (SvtSecurityOptions::isUntrustedReferer(rReferer)) - { - return xPlayer; - } + return nullptr; + + if (INetURLObject(rURL).IsExoticProtocol()) + return nullptr; + + uno::Reference<media::XPlayer> xPlayer; // currently there isn't anything else, throw any mime type to the media players //if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON) diff --git a/editeng/source/items/frmitems.cxx b/editeng/source/items/frmitems.cxx index 94b7704303ba..d79f75109a21 100644 --- a/editeng/source/items/frmitems.cxx +++ b/editeng/source/items/frmitems.cxx @@ -46,6 +46,7 @@ #include <svl/memberid.h> #include <rtl/math.hxx> #include <rtl/ustring.hxx> +#include <sal/log.hxx> #include <tools/mapunit.hxx> #include <tools/UnitConversion.hxx> #include <vcl/graphicfilter.hxx> @@ -4398,6 +4399,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co return nullptr; } + INetURLObject aGraphicURL( maStrLink ); + if (aGraphicURL.IsExoticProtocol()) + { + SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink); + return nullptr; + } + // tdf#94088 prepare graphic and state Graphic aGraphic; bool bGraphicLoaded = false; @@ -4418,8 +4426,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co // a 'data:' scheme url and try to load that (embedded graphics) if(!bGraphicLoaded) { - INetURLObject aGraphicURL( maStrLink ); - if( INetProtocol::Data == aGraphicURL.GetProtocol() ) { std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData()); diff --git a/embeddedobj/source/commonembedding/persistence.cxx b/embeddedobj/source/commonembedding/persistence.cxx index 1ccd15884318..35154da9b75f 100644 --- a/embeddedobj/source/commonembedding/persistence.cxx +++ b/embeddedobj/source/commonembedding/persistence.cxx @@ -54,6 +54,7 @@ #include <comphelper/mimeconfighelper.hxx> #include <comphelper/namedvaluecollection.hxx> #include <comphelper/propertyvalue.hxx> +#include <tools/urlobj.hxx> #include <unotools/mediadescriptor.hxx> #include <comphelper/diagnose_ex.hxx> @@ -373,11 +374,19 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl() uno::Sequence< beans::PropertyValue > aArgs( m_aDocMediaDescriptor.getLength() + nLen ); auto pArgs = aArgs.getArray(); - pArgs[0].Name = "URL"; - if(m_aLinkTempFile.is()) - pArgs[0].Value <<= m_aLinkTempFile->getUri(); + OUString sURL; + if (m_aLinkTempFile.is()) + sURL = m_aLinkTempFile->getUri(); else - pArgs[0].Value <<= m_aLinkURL; + sURL = m_aLinkURL; + if (INetURLObject(sURL).IsExoticProtocol()) + { + SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << pArgs[0].Value); + return nullptr; + } + + pArgs[0].Name = "URL"; + pArgs[0].Value <<= sURL; pArgs[1].Name = "FilterName"; pArgs[1].Value <<= m_aLinkFilterName; diff --git a/forms/source/component/ImageControl.cxx b/forms/source/component/ImageControl.cxx index c2bc0953c6c8..0187456b0e8d 100644 --- a/forms/source/component/ImageControl.cxx +++ b/forms/source/component/ImageControl.cxx @@ -398,6 +398,10 @@ void OImageControlModel::read(const Reference<XObjectInputStream>& _rxInStream) bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, ValueChangeInstigator _eInstigator ) { + if (INetURLObject(_rURL).IsExoticProtocol()) { + return false; + } + // create a stream for the image specified by the URL std::unique_ptr< SvStream > pImageStream; Reference< XInputStream > xImageStream; diff --git a/forms/source/component/clickableimage.cxx b/forms/source/component/clickableimage.cxx index e1f6f068faf0..4908c12edfa9 100644 --- a/forms/source/component/clickableimage.cxx +++ b/forms/source/component/clickableimage.cxx @@ -736,7 +736,7 @@ namespace frm // the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first INetURLObject aUrl(rURL); - if (INetProtocol::NotValid == aUrl.GetProtocol()) + if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol()) // we treat an invalid URL like we would treat no URL return; diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx index 6a3e0c7e8821..587b99399f66 100644 --- a/sfx2/source/appl/linkmgr2.cxx +++ b/sfx2/source/appl/linkmgr2.cxx @@ -524,8 +524,11 @@ bool LinkManager::GetGraphicFromAny(std::u16string_view rMimeType, sReferer = sh->GetMedium()->GetName(); OUString sURL = rValue.get<OUString>(); - if (!SvtSecurityOptions::isUntrustedReferer(sReferer)) + if (!SvtSecurityOptions::isUntrustedReferer(sReferer) && + !INetURLObject(sURL).IsExoticProtocol()) + { rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin); + } if (rGraphic.IsNone()) rGraphic.SetDefaultType(); rGraphic.setOriginURL(sURL); diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx index 1deccee5f9b2..1a5252aa1c6a 100644 --- a/sw/source/filter/html/htmlgrin.cxx +++ b/sw/source/filter/html/htmlgrin.cxx @@ -673,7 +673,8 @@ IMAGE_SETEVENT: bool bNeedWidth = (!bPercentWidth && !nWidth) || bRelWidthScale; bool bRelHeightScale = bPercentHeight && nHeight == SwFormatFrameSize::SYNCED; bool bNeedHeight = (!bPercentHeight && !nHeight) || bRelHeightScale; - if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc)) + if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc) && + !aGraphicURL.IsExoticProtocol()) { GraphicDescriptor aDescriptor(aGraphicURL); if (aDescriptor.Detect(/*bExtendedInfo=*/true)) diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx index 7ce4b471c80c..51cebfd5f88d 100644 --- a/toolkit/source/controls/unocontrols.cxx +++ b/toolkit/source/controls/unocontrols.cxx @@ -32,6 +32,7 @@ #include <controls/formattedcontrol.hxx> #include <toolkit/controls/unocontrols.hxx> #include <helper/property.hxx> +#include <tools/urlobj.hxx> #include <toolkit/helper/macros.hxx> // for introspection @@ -68,7 +69,7 @@ css::uno::Reference< css::graphic::XGraphic > ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL ) { uno::Reference< graphic::XGraphic > xGraphic; - if ( _rURL.isEmpty() ) + if (_rURL.isEmpty() || INetURLObject(_rURL).IsExoticProtocol()) return xGraphic; try diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 35b5e9244191..23a0d67d2717 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4885,6 +4885,7 @@ bool INetURLObject::IsExoticProtocol() const return m_eScheme == INetProtocol::Slot || m_eScheme == INetProtocol::Macro || m_eScheme == INetProtocol::Uno || + m_eScheme == INetProtocol::VndSunStarExpand || isSchemeEqualTo(u"vnd.sun.star.script") || isSchemeEqualTo(u"service"); } diff --git a/unotools/source/misc/mediadescriptor.cxx b/unotools/source/misc/mediadescriptor.cxx index b8bb7f13469e..11e6f1e4619a 100644 --- a/unotools/source/misc/mediadescriptor.cxx +++ b/unotools/source/misc/mediadescriptor.cxx @@ -334,6 +334,9 @@ bool MediaDescriptor::impl_openStreamWithPostData( const css::uno::Reference< cs /*-----------------------------------------------*/ bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFile ) { + if (INetURLObject(sURL).IsExoticProtocol()) + return false; + OUString referer(getUnpackedValueOrDefault(PROP_REFERRER, OUString())); if (SvtSecurityOptions::isUntrustedReferer(referer)) { return false; diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx index 3c5b559d4d61..11b69da50c16 100644 --- a/vcl/source/filter/graphicfilter.cxx +++ b/vcl/source/filter/graphicfilter.cxx @@ -488,10 +488,16 @@ ErrCode GraphicFilter::CanImportGraphic( std::u16string_view rMainUrl, SvStream& ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath, sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags ) { - ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR; SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" ); OUString aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) ); + if (rPath.IsExoticProtocol()) + { + SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl); + return ERRCODE_GRFILTER_FORMATERROR; + } + + ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR; std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE )); if (xStream) {