summaryrefslogtreecommitdiffstats
path: root/debian/patches/ZDI-CAN-17859.diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/ZDI-CAN-17859.diff290
1 files changed, 290 insertions, 0 deletions
diff --git a/debian/patches/ZDI-CAN-17859.diff b/debian/patches/ZDI-CAN-17859.diff
new file mode 100644
index 000000000..9b668c4b3
--- /dev/null
+++ b/debian/patches/ZDI-CAN-17859.diff
@@ -0,0 +1,290 @@
+From e36986a3a7f448722961bde79691fb2f225c48ea Mon Sep 17 00:00:00 2001
+From: Stephan Bergmann <sbergman@redhat.com>
+Date: Tue, 30 Aug 2022 14:04:52 +0200
+Subject: These commands are always URLs already
+
+Conflicts:
+ wizards/source/scriptforge/SF_Session.xba
+
+Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
+Tested-by: Jean-Pierre Ledure <jp@ledure.be>
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+---
+ wizards/source/access2base/DoCmd.xba | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/wizards/source/access2base/DoCmd.xba b/wizards/source/access2base/DoCmd.xba
+index 27b0d74be34f..26755a8d901d 100644
+--- a/wizards/source/access2base/DoCmd.xba
++++ b/wizards/source/access2base/DoCmd.xba
+@@ -2655,7 +2655,7 @@ Private Sub _ShellExecute(sCommand As String)
+
+ Dim oShell As Object
+ Set oShell = createUnoService(&quot;com.sun.star.system.SystemShellExecute&quot;)
+- oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
++ oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
+
+ End Sub &apos; _ShellExecute V0.8.5
+
+--
+cgit v1.2.1
+
+From 7c299586526c29875d2d1438c95580c18835c99b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 30 Aug 2022 17:01:08 +0100
+Subject: check IFrame "FrameURL" target
+
+similiar to
+
+commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
+Date: Wed Aug 7 17:37:11 2019 +0100
+
+ warn on load when a document binds an event to a macro
+
+Conflicts:
+ sfx2/source/doc/iframe.cxx
+ sw/source/filter/html/htmlplug.cxx
+ sw/source/filter/xml/xmltexti.cxx
+
+Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+---
+ sfx2/source/appl/macroloader.cxx | 9 +++++++--
+ sfx2/source/doc/iframe.cxx | 20 +++++++++++++++-----
+ sfx2/source/inc/macroloader.hxx | 2 ++
+ sw/source/filter/html/htmlplug.cxx | 7 ++++++-
+ sw/source/filter/xml/xmltexti.cxx | 9 +++++++--
+ 5 files changed, 37 insertions(+), 10 deletions(-)
+
+diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx
+index 98e036e0a7ea..b50d1e63c789 100644
+--- a/sfx2/source/appl/macroloader.cxx
++++ b/sfx2/source/appl/macroloader.cxx
+@@ -68,10 +68,10 @@ css::uno::Sequence<OUString> SAL_CALL SfxMacroLoader::getSupportedServiceNames()
+ return { "com.sun.star.frame.ProtocolHandler" };
+ }
+
+-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
++SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>& xFrame)
+ {
+ SfxObjectShell* pDocShell = nullptr;
+- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
++
+ if ( xFrame.is() )
+ {
+ SfxFrame* pFrame=nullptr;
+@@ -96,6 +96,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+ return pDocShell;
+ }
+
++SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
++{
++ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
++ return SfxMacroLoader::GetObjectShell(xFrame);
++}
+
+ uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch(
+ const util::URL& aURL ,
+diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
+index 8b1271545dfb..aea851894286 100644
+--- a/sfx2/source/doc/iframe.cxx
++++ b/sfx2/source/doc/iframe.cxx
+@@ -38,10 +38,12 @@
+ #include <svtools/miscopt.hxx>
+ #include <svl/itemprop.hxx>
+ #include <sfx2/frmdescr.hxx>
++#include <sfx2/objsh.hxx>
+ #include <sfx2/sfxdlg.hxx>
+ #include <toolkit/helper/vclunohelper.hxx>
+ #include <vcl/window.hxx>
+ #include <tools/debug.hxx>
++#include <macroloader.hxx>
+
+ using namespace ::com::sun::star;
+
+@@ -159,6 +161,19 @@ sal_Bool SAL_CALL IFrameObject::load(
+ {
+ if ( SvtMiscOptions().IsPluginsEnabled() )
+ {
++ util::URL aTargetURL;
++ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
++ uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
++ xTrans->parseStrict( aTargetURL );
++
++ if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
++ {
++ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
++ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
++ if (pDoc && !pDoc->AdjustMacroMode())
++ return false;
++ }
++
+ DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
+ VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
+ VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
+@@ -181,11 +196,6 @@ sal_Bool SAL_CALL IFrameObject::load(
+ if ( xFramesSupplier.is() )
+ mxFrame->setCreator( xFramesSupplier );
+
+- util::URL aTargetURL;
+- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
+- uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
+- xTrans->parseStrict( aTargetURL );
+-
+ uno::Sequence < beans::PropertyValue > aProps(2);
+ aProps[0].Name = "PluginMode";
+ aProps[0].Value <<= sal_Int16(2);
+diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx
+index 9e1dfba18ed0..b3e7a5ec1abc 100644
+--- a/sfx2/source/inc/macroloader.hxx
++++ b/sfx2/source/inc/macroloader.hxx
+@@ -82,6 +82,8 @@ public:
+ virtual void SAL_CALL addStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
+
+ virtual void SAL_CALL removeStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
++
++ static SfxObjectShell* GetObjectShell(const css::uno::Reference<css::frame::XFrame>& xFrame);
+ };
+
+ #endif
+diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
+index a0da671de733..eb707040adb2 100644
+--- a/sw/source/filter/html/htmlplug.cxx
++++ b/sw/source/filter/html/htmlplug.cxx
+@@ -1087,7 +1087,12 @@ void SwHTMLParser::InsertFloatingFrame()
+ bool bHasBorder = aFrameDesc.HasFrameBorder();
+ Size aMargin = aFrameDesc.GetMargin();
+
+- xSet->setPropertyValue("FrameURL", uno::makeAny( aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) );
++ OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
++
++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
++ NotifyMacroEventRead();
++
++ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
+ xSet->setPropertyValue("FrameName", uno::makeAny( aName ) );
+
+ if ( eScroll == ScrollingMode::Auto )
+diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
+index 788bec5c2d47..169cbdc1534d 100644
+--- a/sw/source/filter/xml/xmltexti.cxx
++++ b/sw/source/filter/xml/xmltexti.cxx
+@@ -853,9 +853,14 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
+ uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
+ if ( xSet.is() )
+ {
++ OUString sHRef = URIHelper::SmartRel2Abs(
++ INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
++
++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
++ GetXMLImport().NotifyMacroEventRead();
++
+ xSet->setPropertyValue("FrameURL",
+- makeAny( URIHelper::SmartRel2Abs(
+- INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ) ) );
++ makeAny( sHRef ) );
+
+ xSet->setPropertyValue("FrameName",
+ makeAny( rName ) );
+--
+cgit v1.2.1
+
+From 2f7e7dbebb28123b1e608c30af6cc335e7b5ed2f Mon Sep 17 00:00:00 2001
+From: Stephan Bergmann <sbergman@redhat.com>
+Date: Thu, 1 Sep 2022 17:33:51 +0200
+Subject: Filter out unwanted command URIs
+
+Conflicts:
+ desktop/source/app/cmdlineargs.cxx
+
+Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+---
+ desktop/source/app/cmdlineargs.cxx | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
+index 381147cd534e..f004f4b179dd 100644
+--- a/desktop/source/app/cmdlineargs.cxx
++++ b/desktop/source/app/cmdlineargs.cxx
+@@ -28,6 +28,7 @@
+ #include "cmdlineargs.hxx"
+ #include <osl/thread.hxx>
+ #include <tools/stream.hxx>
++#include <tools/urlobj.hxx>
+ #include <rtl/ustring.hxx>
+ #include <rtl/process.h>
+ #include <comphelper/lok.hxx>
+@@ -169,7 +170,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
+ }
+ if (nURIlen < 0)
+ nURIlen = rest2.getLength();
+- arg = rest2.copy(0, nURIlen);
++ auto const uri = rest2.copy(0, nURIlen);
++ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
++ // Let the "Open" machinery process the full command URI (leading to failure, by intention,
++ // as the "Open" machinery does not know about those command URI schemes):
++ curEvt = CommandLineEvent::Open;
++ } else {
++ arg = uri;
++ }
+ return curEvt;
+ }
+
+--
+cgit v1.2.1
+
+From 46216a79f440dc972724bb243396b295267530ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 6 Sep 2022 11:38:55 +0100
+Subject: check impress/calc IFrame "FrameURL" target
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+similar to
+
+commit c7450d0b9d02c64ae3da467d329040787039767e
+Date: Tue Aug 30 17:01:08 2022 +0100
+
+ check IFrame "FrameURL" target
+
+Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139480
+Tested-by: Jenkins
+Reviewed-by: Caolán McNamara <caolanm@redhat.com>
+---
+ xmloff/source/draw/ximpshap.cxx | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
+index af0bfc1a7ef0..94ac8532b6c9 100644
+--- a/xmloff/source/draw/ximpshap.cxx
++++ b/xmloff/source/draw/ximpshap.cxx
+@@ -90,6 +90,7 @@
+ #include <basegfx/polygon/b2dpolypolygon.hxx>
+ #include <basegfx/polygon/b2dpolypolygontools.hxx>
+ #include <basegfx/vector/b2dvector.hxx>
++#include <tools/urlobj.hxx>
+ #include <o3tl/any.hxx>
+ #include <o3tl/safeint.hxx>
+
+@@ -3265,6 +3265,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
+
+ if( !maHref.isEmpty() )
+ {
++ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
++ GetImport().NotifyMacroEventRead();
++
+ xProps->setPropertyValue("FrameURL", Any(maHref) );
+ }
+ }
+--
+cgit v1.2.1
+