consider VndSunStarExpand an exotic protocol

and generally don't bother with it when fetching data
from urls

Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176645
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Jenkins

avmedia/source/viewer/mediawindow_impl.cxx

@@ -171,15 +171,16 @@ void MediaWindowImpl::dispose()
 
 uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString*)
 {
-    uno::Reference<media::XPlayer> xPlayer;
-
     if( rURL.isEmpty() )
-        return xPlayer;
+        return nullptr;
 
     if (SvtSecurityOptions::isUntrustedReferer(rReferer))
-    {
+        return nullptr;
-        return xPlayer;
+
-    }
+    if (INetURLObject(rURL).IsExoticProtocol())
+        return nullptr;
+
+    uno::Reference<media::XPlayer> xPlayer;
 
     // currently there isn't anything else, throw any mime type to the media players
     //if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)

editeng/source/items/frmitems.cxx

@@ -4739,6 +4739,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
             return nullptr;
         }
 
+        INetURLObject aGraphicURL( maStrLink );
+        if (aGraphicURL.IsExoticProtocol())
+        {
+            SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
+            return nullptr;
+        }
+
         // tdf#94088 prepare graphic and state
         Graphic aGraphic;
         bool bGraphicLoaded = false;
@@ -4759,8 +4766,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
         // a 'data:' scheme url and try to load that (embedded graphics)
         if(!bGraphicLoaded)
         {
-            INetURLObject aGraphicURL( maStrLink );
-
             if( INetProtocol::Data == aGraphicURL.GetProtocol() )
             {
                 std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData());

embeddedobj/source/commonembedding/persistence.cxx

@@ -55,6 +55,7 @@
 #include <comphelper/namedvaluecollection.hxx>
 #include <comphelper/propertyvalue.hxx>
 #include <comphelper/configuration.hxx>
+#include <tools/urlobj.hxx>
 #include <unotools/mediadescriptor.hxx>
 #include <unotools/securityoptions.hxx>
 
@@ -403,11 +404,19 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl()
     uno::Sequence< beans::PropertyValue > aArgs( m_aDocMediaDescriptor.getLength() + nLen );
     auto pArgs = aArgs.getArray();
 
-    pArgs[0].Name = "URL";
+    OUString sURL;
-    if(m_aLinkTempFile.is())
+    if (m_aLinkTempFile.is())
-        pArgs[0].Value <<= m_aLinkTempFile->getUri();
+        sURL = m_aLinkTempFile->getUri();
     else
-        pArgs[0].Value <<= m_aLinkURL;
+        sURL = m_aLinkURL;
+    if (INetURLObject(sURL).IsExoticProtocol())
+    {
+        SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << pArgs[0].Value);
+        return nullptr;
+    }
+
+    pArgs[0].Name = "URL";
+    pArgs[0].Value <<= sURL;
 
     pArgs[1].Name = "FilterName";
     pArgs[1].Value <<= m_aLinkFilterName;

forms/source/component/ImageControl.cxx

@@ -401,7 +401,7 @@ bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, Val
 {
     OUString referer;
     getPropertyValue(u"Referer"_ustr) >>= referer;
-    if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+    if (SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) {
         return false;
     }
 

forms/source/component/clickableimage.cxx

@@ -736,7 +736,7 @@ namespace frm
 
         // the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first
         INetURLObject aUrl(rURL);
-        if (INetProtocol::NotValid == aUrl.GetProtocol())
+        if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol())
             // we treat an invalid URL like we would treat no URL
             return;
 

sfx2/source/appl/linkmgr2.cxx

@@ -537,8 +537,11 @@ bool LinkManager::GetGraphicFromAny(std::u16string_view rMimeType,
             sReferer = sh->GetMedium()->GetName();
 
         OUString sURL = rValue.get<OUString>();
-        if (!SvtSecurityOptions::isUntrustedReferer(sReferer))
+        if (!SvtSecurityOptions::isUntrustedReferer(sReferer) &&
+            !INetURLObject(sURL).IsExoticProtocol())
+        {
             rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
+        }
         if (rGraphic.IsNone())
             rGraphic.SetDefaultType();
         rGraphic.setOriginURL(sURL);

sw/source/filter/html/htmlgrin.cxx

@@ -680,7 +680,8 @@ IMAGE_SETEVENT:
     bool bNeedWidth = (!bPercentWidth && !nWidth) || bRelWidthScale;
     bool bRelHeightScale = bPercentHeight && nHeight == SwFormatFrameSize::SYNCED;
     bool bNeedHeight = (!bPercentHeight && !nHeight) || bRelHeightScale;
-    if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc))
+    if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc) &&
+        !aGraphicURL.IsExoticProtocol())
     {
         GraphicDescriptor aDescriptor(aGraphicURL);
         if (aDescriptor.Detect(/*bExtendedInfo=*/true))

toolkit/source/controls/unocontrols.cxx

@@ -31,6 +31,7 @@
 #include <o3tl/safeint.hxx>
 #include <controls/formattedcontrol.hxx>
 #include <toolkit/controls/unocontrols.hxx>
+#include <tools/urlobj.hxx>
 #include <helper/property.hxx>
 #include <toolkit/helper/macros.hxx>
 #include <unotools/securityoptions.hxx>
@@ -69,7 +70,7 @@ css::uno::Reference< css::graphic::XGraphic >
 ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
 {
     uno::Reference< graphic::XGraphic > xGraphic;
-    if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
+    if (_rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol())
         return xGraphic;
 
     try

tools/source/fsys/urlobj.cxx

@@ -4892,6 +4892,7 @@ bool INetURLObject::IsExoticProtocol() const
     return m_eScheme == INetProtocol::Slot ||
            m_eScheme == INetProtocol::Macro ||
            m_eScheme == INetProtocol::Uno ||
+           m_eScheme == INetProtocol::VndSunStarExpand ||
            isSchemeEqualTo(u"vnd.sun.star.script") ||
            isSchemeEqualTo(u"service");
 }

unotools/source/misc/mediadescriptor.cxx

@@ -337,6 +337,10 @@ bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFi
     if (sURL.matchIgnoreAsciiCase(".component:") || sURL.matchIgnoreAsciiCase("private:factory/"))
         return false; // No UCB content for .component URLs and factory URLs
 
+
+    if (INetURLObject(sURL).IsExoticProtocol())
+        return false;
+
     OUString referer(getUnpackedValueOrDefault(PROP_REFERRER, OUString()));
     if (SvtSecurityOptions::isUntrustedReferer(referer)) {
         return false;

vcl/source/filter/graphicfilter.cxx

@@ -446,10 +446,16 @@ ErrCode GraphicFilter::CanImportGraphic( std::u16string_view rMainUrl, SvStream&
 ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath,
                                      sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
 {
-    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
 
     OUString    aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) );
+    if (rPath.IsExoticProtocol())
+    {
+        SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl);
+        return ERRCODE_GRFILTER_FORMATERROR;
+    }
+
+    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
     if (xStream)
     {