scripting/source/protocolhandler/scripthandler.cxx | 9 +++++++-- scripting/source/pyprov/pythonscript.py | 4 +++- sfx2/source/doc/objmisc.cxx | 21 ++++++++++++--------- shell/source/win32/SysShExec.cxx | 4 +++- 4 files changed, 25 insertions(+), 13 deletions(-)
New commits: commit 34c38548620ec20d34741badf94356c6987291da Author: Mike Kaganski <mike.kagan...@collabora.com> AuthorDate: Thu Aug 1 10:52:12 2019 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Wed Aug 21 20:31:16 2019 +0200 tdf#126641: don't fail on file URLs with fragment This only fixes part that the URL refuses to open the target file. Honoring fragment isn't fixed here, since it's the system call to ShellExecuteExW that in this case internally converts the file URL into a system path, and strips the fragment from it. Regression from commit d59ec4cd1660410fa1b18c50d2d83b1417a82ddc. Change-Id: I6c9ed27e9a5bd7f2780dd3be96f816a6e825e043 Reviewed-on: https://gerrit.libreoffice.org/76778 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com> (cherry picked from commit 2207269a84c7c9920af3385b837ce67978c720b4) Reviewed-on: https://gerrit.libreoffice.org/76848 Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit dd2b7919058fc0e23a7117d39110d3ecaaad1fb2) Reviewed-on: https://gerrit.libreoffice.org/76881 Reviewed-by: Michael Stahl <michael.st...@cib.de> Reviewed-on: https://gerrit.libreoffice.org/77893 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index 4786e4ddedc7..910aae1c095f 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -315,7 +315,9 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa } if (uri->getScheme().equalsIgnoreAsciiCase("file")) { OUString pathname; - auto const e1 = osl::FileBase::getSystemPathFromFileURL(aCommand, pathname); + uri->clearFragment(); // getSystemPathFromFileURL fails for URLs with fragment + auto const e1 + = osl::FileBase::getSystemPathFromFileURL(uri->getUriReference(), pathname); if (e1 != osl::FileBase::E_None) { throw css::lang::IllegalArgumentException( ("XSystemShellExecute.execute, getSystemPathFromFileURL <" + aCommand commit 8ac0acb0e4a9017fdde8515fd5f7957307767e5b Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Sat Aug 3 16:37:48 2019 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Wed Aug 21 20:30:57 2019 +0200 keep name percent-encoded Change-Id: I470c4b24192c3e3c9b556a9bbb3b084359e0033b Reviewed-on: https://gerrit.libreoffice.org/77006 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> Reviewed-on: https://gerrit.libreoffice.org/77896 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py index f1b2bfc75ee3..64e1337d642e 100644 --- a/scripting/source/pyprov/pythonscript.py +++ b/scripting/source/pyprov/pythonscript.py @@ -219,7 +219,9 @@ class MyUriHelper: # path to the .py file + "$functionname, arguments, etc xStorageUri = self.m_uriRefFac.parse(scriptURI) - sStorageUri = xStorageUri.getName().replace( "|", "/" ); + # getName will apply url-decoding to the name, so encode back + sStorageUri = xStorageUri.getName().replace("%", "%25") + sStorageUri = sStorageUri.replace( "|", "/" ) # path to the .py file, relative to the base sFileUri = sStorageUri[0:sStorageUri.find("$")] commit 1c1207a220577afb12ea3e53b9c244c8a8076bce Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Tue Aug 6 13:29:22 2019 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Wed Aug 21 20:30:40 2019 +0200 Properly obtain location Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8 Reviewed-on: https://gerrit.libreoffice.org/77019 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42) Reviewed-on: https://gerrit.libreoffice.org/77023 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> Reviewed-on: https://gerrit.libreoffice.org/77897 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx index f8ad8c7fd63d..332d4833a6f2 100644 --- a/scripting/source/protocolhandler/scripthandler.cxx +++ b/scripting/source/protocolhandler/scripthandler.cxx @@ -49,6 +49,7 @@ #include <com/sun/star/uno/XComponentContext.hpp> #include <com/sun/star/uri/XUriReference.hpp> +#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp> #include <com/sun/star/uri/UriReferenceFactory.hpp> #include <memory> @@ -135,8 +136,12 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( { try { - bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) !=-1 ); - // TODO: isn't this somewhat strange? This should be a test for a location=document parameter, shouldn't it? + css::uno::Reference<css::uri::XUriReferenceFactory> urifac( + css::uri::UriReferenceFactory::create(m_xContext)); + css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri( + urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW); + auto const loc = uri->getParameter("location"); + bool bIsDocumentScript = loc == "document"; if ( bIsDocumentScript ) { diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index f6712b5cdff9..e0343f824fca 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1379,19 +1379,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon SAL_INFO("sfx", "in CallXScript" ); ErrCode nErr = ERRCODE_NONE; - bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 ); - // TODO: we should parse the URL, and check whether there is a parameter with this name. - // Otherwise, we might find too much. - if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) - return ERRCODE_IO_ACCESSDENIED; - - if ( UnTrustedScript(_rScriptURL) ) - return ERRCODE_IO_ACCESSDENIED; - bool bCaughtException = false; Any aException; try { + css::uno::Reference<css::uri::XUriReferenceFactory> urifac( + css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())); + css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri( + urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW); + auto const loc = uri->getParameter("location"); + bool bIsDocumentScript = loc == "document"; + if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) + return ERRCODE_IO_ACCESSDENIED; + + if ( UnTrustedScript(_rScriptURL) ) + return ERRCODE_IO_ACCESSDENIED; + // obtain/create a script provider Reference< provider::XScriptProvider > xScriptProvider; Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY ); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits