From f9c43426ab2941d240213a50bf67d70d85e3f060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Fri, 3 Nov 2023 17:26:25 +0000 Subject: default to ignoring libreoffice special-purpose protocols in calc hyperlink MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911 Tested-by: Jenkins Tested-by: Caolán McNamara Reviewed-by: Caolán McNamara (cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045 Reviewed-by: Eike Rathke (cherry picked from commit 672716d09c54cb6fdd59baa7da4b8393cf104cd2) --- dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 ++- include/sfx2/docmacromode.hxx | 4 ++- include/sfx2/objsh.hxx | 3 +++ include/sfx2/strings.hrc | 1 + sc/source/core/data/global.cxx | 35 ++++++++++++++++++++++++++- sfx2/source/doc/docmacromode.cxx | 8 ++++-- sfx2/source/doc/objmisc.cxx | 8 +++++- sfx2/source/doc/objxtor.cxx | 1 + sfx2/source/inc/objshimp.hxx | 3 ++- 9 files changed, 59 insertions(+), 7 deletions(-) diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx index 21e45033ea4f..20e77a97cc8e 100644 --- a/dbaccess/source/core/dataaccess/ModelImpl.cxx +++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx @@ -1142,7 +1142,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading() { Reference< XInteractionHandler > xInteraction; xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction ); - return m_aMacroMode.checkMacrosOnLoading( xInteraction ); + const bool bHasMacros = m_aMacroMode.hasMacros(); + return m_aMacroMode.checkMacrosOnLoading(xInteraction, false /*HasValidContentSignature*/, bHasMacros); } void ODatabaseModelImpl::resetMacroExecutionMode() diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx index bd4f13fb016c..0cfca92db308 100644 --- a/include/sfx2/docmacromode.hxx +++ b/include/sfx2/docmacromode.hxx @@ -261,6 +261,8 @@ namespace sfx2 */ static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage ); + bool hasMacros() const; + static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainter ); /** checks the macro execution mode while loading the document. @@ -288,7 +290,7 @@ namespace sfx2 bool checkMacrosOnLoading( const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction, - bool bHasValidContentSignature = false + bool bHasValidContentSignature, bool bHasMacros ); private: diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index 2a56ebe88e07..43df4605fe1d 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -418,6 +418,9 @@ public: void SetMacroCallsSeenWhileLoading(); bool GetMacroCallsSeenWhileLoading() const; + // true if the document had macros (or similar) on load to trigger warning user + bool GetHadCheckedMacrosOnLoad() const; + const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const; bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo ); diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc index 1db36e733c0c..29950ba68ca1 100644 --- a/include/sfx2/strings.hrc +++ b/include/sfx2/strings.hrc @@ -103,6 +103,7 @@ #define STR_GB NC_("STR_GB", "GB") #define STR_QUERY_LASTVERSION NC_("STR_QUERY_LASTVERSION", "Cancel all changes?") #define STR_NO_WEBBROWSER_FOUND NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.") +#define STR_DANGEROUS_TO_OPEN NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?") #define STR_NO_ABS_URI_REF NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" is not an absolute URL that can be passed to an external application to open it.") #define STR_GID_INTERN NC_("STR_GID_INTERN", "Internal") #define STR_GID_APPLICATION NC_("STR_GID_APPLICATION", "Application") diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx index 050fd823b4ee..9696f7d9414d 100644 --- a/sc/source/core/data/global.cxx +++ b/sc/source/core/data/global.cxx @@ -26,7 +26,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -37,6 +39,8 @@ #include #include #include +#include +#include #include #include #include @@ -789,7 +793,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno OUString aUrlName( rURL ); SfxViewFrame* pFrame = nullptr; - const SfxObjectShell* pObjShell = nullptr; + SfxObjectShell* pObjShell = nullptr; OUString aReferName; if ( pScActiveViewShell ) { @@ -823,6 +827,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno aUrlName = aNewUrlName; } + if (INetURLObject(aUrlName).IsExoticProtocol()) + { + // Default to ignoring exotic protocols + bool bAllow = false; + if (pObjShell) + { + // If the document had macros when loaded then follow the allowed macro-mode + if (pObjShell->GetHadCheckedMacrosOnLoad()) + bAllow = pObjShell->AdjustMacroMode(); + else // otherwise ask the user, defaulting to cancel + { + assert(pFrame && "if we have pObjShell we have pFrame"); + //Reuse URITools::onOpenURI warning string + std::unique_ptr xQueryBox(Application::CreateMessageDialog(pFrame->GetWindow().GetFrameWeld(), + VclMessageType::Warning, VclButtonsType::YesNo, + SfxResId(STR_DANGEROUS_TO_OPEN))); + xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)", + INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous))); + xQueryBox->set_default_response(RET_NO); + bAllow = xQueryBox->run() == RET_YES; + } + } + if (!bAllow) + { + SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName); + return; + } + } + SfxStringItem aUrl( SID_FILE_NAME, aUrlName ); SfxStringItem aTarget( SID_TARGETNAME, rTarget ); if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 4d15ad30cb01..50782c3cd1b2 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -458,8 +458,12 @@ namespace sfx2 return bHasMacros; } + bool DocumentMacroMode::hasMacros() const + { + return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading(); + } - bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature ) + bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool bHasMacros ) { bool bAllow = false; if ( SvtSecurityOptions().IsMacroDisabled() ) @@ -469,7 +473,7 @@ namespace sfx2 } else { - if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()) + if (bHasMacros) { if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()) m_bNeedsContentSigned = true; diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index f71358b568fa..c7418ef127fd 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -954,9 +954,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl() // check macro security const bool bHasValidContentSignature = HasValidSignatures(); - pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature ); + const bool bHasMacros = pImpl->aMacroMode.hasMacros(); + pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature, bHasMacros ); + pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros; } +bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const +{ + return pImpl->m_bHadCheckedMacrosOnLoad; +} void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler ) { diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx index 510c35daf59f..a707bb7c4a27 100644 --- a/sfx2/source/doc/objxtor.cxx +++ b/sfx2/source/doc/objxtor.cxx @@ -237,6 +237,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell ) ,m_bAllowShareControlFileClean( true ) ,m_bConfigOptionsChecked( false ) ,m_bMacroCallsSeenWhileLoading( false ) + ,m_bHadCheckedMacrosOnLoad( false ) ,lErr(ERRCODE_NONE) ,nEventId ( SfxEventHintId::NONE ) ,nLoadedFlags ( SfxLoadedFlags::ALL ) diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx index 3d7b0b69c945..4afdd706d05e 100644 --- a/sfx2/source/inc/objshimp.hxx +++ b/sfx2/source/inc/objshimp.hxx @@ -91,7 +91,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess m_bSharedXMLFlag:1, // whether the document should be edited in shared mode m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed. - m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed. + m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document. + m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded IndexBitSet aBitSet; ErrCode lErr; -- cgit v1.2.1