consider VndSunStarExpand an exotic protocol
and generally don't bother with it when fetching data from urls Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176645 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Tested-by: Jenkins
This commit is contained in:
Caolán McNamara
parent
40a1affe63
commit
836d73a651
11 changed files with 49 additions and 18 deletions
|
|
@ -171,15 +171,16 @@ void MediaWindowImpl::dispose()
|
|||
|
||||
uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString*)
|
||||
{
|
||||
uno::Reference<media::XPlayer> xPlayer;
|
||||
|
||||
if( rURL.isEmpty() )
|
||||
return xPlayer;
|
||||
return nullptr;
|
||||
|
||||
if (SvtSecurityOptions::isUntrustedReferer(rReferer))
|
||||
{
|
||||
return xPlayer;
|
||||
}
|
||||
return nullptr;
|
||||
|
||||
if (INetURLObject(rURL).IsExoticProtocol())
|
||||
return nullptr;
|
||||
|
||||
uno::Reference<media::XPlayer> xPlayer;
|
||||
|
||||
// currently there isn't anything else, throw any mime type to the media players
|
||||
//if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)
|
||||
|
|
|
|||
|
|
@ -4739,6 +4739,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
INetURLObject aGraphicURL( maStrLink );
|
||||
if (aGraphicURL.IsExoticProtocol())
|
||||
{
|
||||
SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// tdf#94088 prepare graphic and state
|
||||
Graphic aGraphic;
|
||||
bool bGraphicLoaded = false;
|
||||
|
|
@ -4759,8 +4766,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
|
|||
// a 'data:' scheme url and try to load that (embedded graphics)
|
||||
if(!bGraphicLoaded)
|
||||
{
|
||||
INetURLObject aGraphicURL( maStrLink );
|
||||
|
||||
if( INetProtocol::Data == aGraphicURL.GetProtocol() )
|
||||
{
|
||||
std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData());
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@
|
|||
#include <comphelper/namedvaluecollection.hxx>
|
||||
#include <comphelper/propertyvalue.hxx>
|
||||
#include <comphelper/configuration.hxx>
|
||||
#include <tools/urlobj.hxx>
|
||||
#include <unotools/mediadescriptor.hxx>
|
||||
#include <unotools/securityoptions.hxx>
|
||||
|
||||
|
|
@ -403,11 +404,19 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl()
|
|||
uno::Sequence< beans::PropertyValue > aArgs( m_aDocMediaDescriptor.getLength() + nLen );
|
||||
auto pArgs = aArgs.getArray();
|
||||
|
||||
pArgs[0].Name = "URL";
|
||||
if(m_aLinkTempFile.is())
|
||||
pArgs[0].Value <<= m_aLinkTempFile->getUri();
|
||||
OUString sURL;
|
||||
if (m_aLinkTempFile.is())
|
||||
sURL = m_aLinkTempFile->getUri();
|
||||
else
|
||||
pArgs[0].Value <<= m_aLinkURL;
|
||||
sURL = m_aLinkURL;
|
||||
if (INetURLObject(sURL).IsExoticProtocol())
|
||||
{
|
||||
SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << pArgs[0].Value);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
pArgs[0].Name = "URL";
|
||||
pArgs[0].Value <<= sURL;
|
||||
|
||||
pArgs[1].Name = "FilterName";
|
||||
pArgs[1].Value <<= m_aLinkFilterName;
|
||||
|
|
|
|||
|
|
@ -401,7 +401,7 @@ bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, Val
|
|||
{
|
||||
OUString referer;
|
||||
getPropertyValue(u"Referer"_ustr) >>= referer;
|
||||
if (SvtSecurityOptions::isUntrustedReferer(referer)) {
|
||||
if (SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -736,7 +736,7 @@ namespace frm
|
|||
|
||||
// the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first
|
||||
INetURLObject aUrl(rURL);
|
||||
if (INetProtocol::NotValid == aUrl.GetProtocol())
|
||||
if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol())
|
||||
// we treat an invalid URL like we would treat no URL
|
||||
return;
|
||||
|
||||
|
|
|
|||
|
|
@ -537,8 +537,11 @@ bool LinkManager::GetGraphicFromAny(std::u16string_view rMimeType,
|
|||
sReferer = sh->GetMedium()->GetName();
|
||||
|
||||
OUString sURL = rValue.get<OUString>();
|
||||
if (!SvtSecurityOptions::isUntrustedReferer(sReferer))
|
||||
if (!SvtSecurityOptions::isUntrustedReferer(sReferer) &&
|
||||
!INetURLObject(sURL).IsExoticProtocol())
|
||||
{
|
||||
rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
|
||||
}
|
||||
if (rGraphic.IsNone())
|
||||
rGraphic.SetDefaultType();
|
||||
rGraphic.setOriginURL(sURL);
|
||||
|
|
|
|||
|
|
@ -680,7 +680,8 @@ IMAGE_SETEVENT:
|
|||
bool bNeedWidth = (!bPercentWidth && !nWidth) || bRelWidthScale;
|
||||
bool bRelHeightScale = bPercentHeight && nHeight == SwFormatFrameSize::SYNCED;
|
||||
bool bNeedHeight = (!bPercentHeight && !nHeight) || bRelHeightScale;
|
||||
if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc))
|
||||
if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc) &&
|
||||
!aGraphicURL.IsExoticProtocol())
|
||||
{
|
||||
GraphicDescriptor aDescriptor(aGraphicURL);
|
||||
if (aDescriptor.Detect(/*bExtendedInfo=*/true))
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
#include <o3tl/safeint.hxx>
|
||||
#include <controls/formattedcontrol.hxx>
|
||||
#include <toolkit/controls/unocontrols.hxx>
|
||||
#include <tools/urlobj.hxx>
|
||||
#include <helper/property.hxx>
|
||||
#include <toolkit/helper/macros.hxx>
|
||||
#include <unotools/securityoptions.hxx>
|
||||
|
|
@ -69,7 +70,7 @@ css::uno::Reference< css::graphic::XGraphic >
|
|||
ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
|
||||
{
|
||||
uno::Reference< graphic::XGraphic > xGraphic;
|
||||
if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
|
||||
if (_rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol())
|
||||
return xGraphic;
|
||||
|
||||
try
|
||||
|
|
|
|||
|
|
@ -4892,6 +4892,7 @@ bool INetURLObject::IsExoticProtocol() const
|
|||
return m_eScheme == INetProtocol::Slot ||
|
||||
m_eScheme == INetProtocol::Macro ||
|
||||
m_eScheme == INetProtocol::Uno ||
|
||||
m_eScheme == INetProtocol::VndSunStarExpand ||
|
||||
isSchemeEqualTo(u"vnd.sun.star.script") ||
|
||||
isSchemeEqualTo(u"service");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -337,6 +337,10 @@ bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFi
|
|||
if (sURL.matchIgnoreAsciiCase(".component:") || sURL.matchIgnoreAsciiCase("private:factory/"))
|
||||
return false; // No UCB content for .component URLs and factory URLs
|
||||
|
||||
|
||||
if (INetURLObject(sURL).IsExoticProtocol())
|
||||
return false;
|
||||
|
||||
OUString referer(getUnpackedValueOrDefault(PROP_REFERRER, OUString()));
|
||||
if (SvtSecurityOptions::isUntrustedReferer(referer)) {
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -446,10 +446,16 @@ ErrCode GraphicFilter::CanImportGraphic( std::u16string_view rMainUrl, SvStream&
|
|||
ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath,
|
||||
sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
|
||||
{
|
||||
ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
|
||||
SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
|
||||
|
||||
OUString aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) );
|
||||
if (rPath.IsExoticProtocol())
|
||||
{
|
||||
SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl);
|
||||
return ERRCODE_GRFILTER_FORMATERROR;
|
||||
}
|
||||
|
||||
ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
|
||||
std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
|
||||
if (xStream)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue