Re: [dev] RestrictedPath working under Windows?
Hi Allen, That's easy to find. There are only about a dozen matches in the source code for RestrictedPath and RestrictedPaths ;-) :) On Windows XP, you have both system variables and user variables. If both values are set, the user value overrides the system value. In fact, I just tried this, setting two different values for RestrictedPath, one in a system variable in the other in a user variable, and OOo used the user value. Let me say it this way: The concept clearly has it flaws, but it was a sufficient for the target audience at the time it was implemented. Please consider that the whole feature is not (and was never intended to be) a security feature, but more a convenience thing. You can always find ways to break out of the box provided by the RestrictedPaths (e.g. you can put an URL into a text document and click onto it). It's really an UI thing only. If one wanted to make this error-prove, a completely different approach would be needed, hooking into the UCB which provides low level access to file/contents. Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Joerg, So how was that supposed to be used? I assume that would be by editing the soffice script to set that variable before invoking soffice.bin? (Otherwise a user could always overwrite an environment variable just as easily.) Not well suited for Windows use then, where there is no existing script If I remember the requirements correctly, the idea was to set up the variable system-wide, and let only people use the machines who'd be confused if you'd tell them you can change an environment variable. Environ-what? Something like this :) Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Allen, It would be less complex and therefore less prone to system administrator and programmer error to just treat a nil and empty string the same. I suggest: I don't have a strong preference here. In theory, treating nil and empty list equally is somewhat ... dirty, so I would probably still prefer distinguishing them ... Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
I would also be interested in changing RestrictedPath from an environmental variable to a configuration (.xcs/.xcu) setting. I'm realizing that it make this useful, a system administrator would probably need a way to insert the user's username or WinNT domain\username into the path. So for example, the system administrator could set RestrictedPath to \\fileserver\userfiles\$(username) and OOo would make the appropriate substitution. The same feature would be useful with any of the path variables in org.openoffice.Office.Common/Path. See http://api.openoffice.org/docs/DevelopersGuide/OfficeDev/OfficeDev.xhtml#1_2 _7_2_Path_Variables Is there a way to do this already? If not, I think it would make sense to add this to framework\source\services\substitutepathvars.cxx (and possibly also to svtools\source\config\pathoptions.cxx Allen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Allen, I'm trying to get RestrictedPath working, as described under Declaring the Permitted Folders in http://ui.openoffice.org/specification/FileDialog_RestrictedPaths.sxw I'm using OOo v2.0.3 under WinXP. Do you use system dialogs, or OOo's own dialogs? The feature only works with the latter ... Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
I'm trying to get RestrictedPath working, as described under Declaring the Permitted Folders in http://ui.openoffice.org/specification/FileDialog_RestrictedPaths.sxw I'm using OOo v2.0.3 under WinXP. Do you use system dialogs, or OOo's own dialogs? The feature only works with the latter ... Hello Frank, I'm using what is compiled into the OOo Windows binary distribution and configured by default, which I'm guessing is the system dialogs. Is there a way to select OOo's dialogs, either at run-time or build-time? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Allen, I'm using what is compiled into the OOo Windows binary distribution and configured by default, which I'm guessing is the system dialogs. Is there a way to select OOo's dialogs, either at run-time or build-time? At runtime, Tools|Options|OpenOffice.org|General|[X] Use OpenOffice.org dialogs is the place to control this. For build time, I'm not sure whether there is a pre-configured way to disable this. The implementation for the Windows file picker is in fpicker/source/win32. You'll need to disable the build there. And/Or you'd need to disable the packaging of the respective libraries (fop.dll, fps.dll, and fpicker.uno.dll, I assume (!)) in the scp2 module. Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
Is there a way to select OOo's dialogs, either at run-time or build-time? At runtime, Tools|Options|OpenOffice.org|General|[X] Use OpenOffice.org dialogs is the place to control this. That and the corresponding configuration option (org.openoffice.Office.Common/Misc/UseSystemFileDialog = false) both worked to switch to OOo's dialogs. With that setting, RestrictedPath mostly worked. With only one directory in the RestrictedPath, the behavior was not quite what I expected. It allowed me to navigate up to the parent directories, all the way to the root (c:\). It didn't allow me to save there, but it was unexpected I was able navigate there since this was above the restricted directory. When I had more than one directory in RestrictedPath, it made more sense. By allowing me to navigate up the parents all the way to the root (c:\), I was able to get from one directory to the other. So it mostly worked, but the behavior was not what I expected when I had only one directory in the RestrictedPath. Thank you for the assistance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Allen, With that setting, RestrictedPath mostly worked. With only one directory in the RestrictedPath, the behavior was not quite what I expected. It allowed me to navigate up to the parent directories, all the way to the root (c:\). It didn't allow me to save there, but it was unexpected I was able navigate there since this was above the restricted directory. Hmm. For multiple paths, as you found, it is useful to be able to travel above the paths. But for one path, it might make sense to let this single path be the virtual root in the file picker. Are you interesting in fixing this? Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
With that setting, RestrictedPath mostly worked. With only one directory in the RestrictedPath, the behavior was not quite what I expected. It allowed me to navigate up to the parent directories, all the way to the root (c:\). It didn't allow me to save there, but it was unexpected I was able navigate there since this was above the restricted directory. Hmm. For multiple paths, as you found, it is useful to be able to travel above the paths. But for one path, it might make sense to let this single path be the virtual root in the file picker. Are you interesting in fixing this? Hello Frank, The answer is yes, but. I would be interested in fixing it, but I'm not sure when I would be able to get to it. I do have a potential customer who is interested in this feature, and if that is an issue for him then I will fix it. I would also be interested in changing RestrictedPath from an environmental variable to a configuration (.xcs/.xcu) setting. Is there a specific reason an environment variable was chosen over a configuration setting? How could changing to a configuration setting be done without adversely affecting existing users -- use the configuration value if it is set, otherwise look to the environment variable? Allen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi Allen, The answer is yes, but. I would be interested in fixing it, but I'm not sure when I would be able to get to it. I do have a potential customer who is interested in this feature, and if that is an issue for him then I will fix it. Ah, I'm looking forward to when you come asking *where* in the code to fix it :) I would also be interested in changing RestrictedPath from an environmental variable to a configuration (.xcs/.xcu) setting. Is there a specific reason an environment variable was chosen over a configuration setting? The idea was to have a feature which prevents users from changing the respective setting. Nowadays, where the configuration supports locking settings into readonly state, probably nothing is to say against making this a configuration setting. How could changing to a configuration setting be done without adversely affecting existing users -- use the configuration value if it is set, otherwise look to the environment variable? The order probably doesn't matter, but something like this, yes. Ciao Frank -- - Frank Schönheit, Software Engineer [EMAIL PROTECTED] - - Sun Microsystems http://www.sun.com/staroffice - - OpenOffice.org Database http://dba.openoffice.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
Ah, I'm looking forward to when you come asking *where* in the code to fix it :) That's easy to find. There are only about a dozen matches in the source code for RestrictedPath and RestrictedPaths ;-) The idea was to have a feature which prevents users from changing the respective setting. Nowadays, where the configuration supports locking settings into readonly state, probably nothing is to say against making this a configuration setting. That was my concern, too, which is why I didn't understand the choice of a environment variable. On Windows XP, you have both system variables and user variables. If both values are set, the user value overrides the system value. In fact, I just tried this, setting two different values for RestrictedPath, one in a system variable in the other in a user variable, and OOo used the user value. Is there something I'm missing? Allen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [dev] RestrictedPath working under Windows?
Hi, Frank Schönheit - Sun Microsystems Germany schrieb: I would also be interested in changing RestrictedPath from an environmental variable to a configuration (.xcs/.xcu) setting. Is there a specific reason an environment variable was chosen over a configuration setting? The idea was to have a feature which prevents users from changing the respective setting. Nowadays, where the configuration supports locking settings into readonly state, probably nothing is to say against making this a configuration setting. So how was that supposed to be used? I assume that would be by editing the soffice script to set that variable before invoking soffice.bin? (Otherwise a user could always overwrite an environment variable just as easily.) Not well suited for Windows use then, where there is no existing script How could changing to a configuration setting be done without adversely affecting existing users -- use the configuration value if it is set, otherwise look to the environment variable? The order probably doesn't matter, but something like this, yes. The most correct would be to use a configuration value with no default, which means you get a NIL value (a VOID Any in UNO) when reading. Then you could have VOID - look at environment Non NIL - Use the value If the setting is a list of pathes or URLs, the best value type would be string-list (Sequence String in UNO) . Note that an empty string-list is distinct from NIL. The one thing this doesn't permit, is using an empty string-list to signify NO allowed folders. HTH, Jörg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [dev] RestrictedPath working under Windows?
The most correct would be to use a configuration value with no default, which means you get a NIL value (a VOID Any in UNO) when reading. Then you could have VOID - look at environment Non NIL - Use the value IMHO, that is overkill. It is true that would allow an empty RestrictedPath to be set in the .xcu file that could not be overridden by a user environmental variable, but what is the benefit? If the user overrides an empty RestrictedPath, I don't see the harm. It would be less complex and therefore less prone to system administrator and programmer error to just treat a nil and empty string the same. I suggest: if .xcu value not empty: use it else: look to environment - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[dev] RestrictedPath working under Windows?
I'm trying to get RestrictedPath working, as described under Declaring the Permitted Folders in http://ui.openoffice.org/specification/FileDialog_RestrictedPaths.sxw I'm using OOo v2.0.3 under WinXP. If I set the environment variable RestrictedPath, my user directory is set to the first component, as described under Standard Working Directory in the above referenced document. [I see this happens at OOC680_m7\desktop\source\app\app.cxx lines 1548-1558, and is distinct from the remaining functionality implemented via OOC680_m7\svtools\source\misc\restrictedpaths.cxx] None of the other functionality works, in particular, restricting where the file chooser can navigate and where a document can be saved. Is this working under Windows? I see a few fixed issues that only address unix-type paths: http://qa.openoffice.org/issues/show_bug.cgi?id=53649 http://qa.openoffice.org/issues/show_bug.cgi?id=53939 If it does work under Windows, is there a special format for the RestrictedPath variable? I've tried c:\temp c:/temp \temp /temp file:///c:/temp All of these successfully change my user directory, but don't do anything else. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]