diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/ZDI-CAN-17859.diff | 290 |
1 files changed, 290 insertions, 0 deletions
diff --git a/debian/patches/ZDI-CAN-17859.diff b/debian/patches/ZDI-CAN-17859.diff new file mode 100644 index 000000000..9b668c4b3 --- /dev/null +++ b/debian/patches/ZDI-CAN-17859.diff @@ -0,0 +1,290 @@ +From e36986a3a7f448722961bde79691fb2f225c48ea Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann <sbergman@redhat.com> +Date: Tue, 30 Aug 2022 14:04:52 +0200 +Subject: These commands are always URLs already + +Conflicts: + wizards/source/scriptforge/SF_Session.xba + +Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042 +Tested-by: Jean-Pierre Ledure <jp@ledure.be> +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann <sbergman@redhat.com> +--- + wizards/source/access2base/DoCmd.xba | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wizards/source/access2base/DoCmd.xba b/wizards/source/access2base/DoCmd.xba +index 27b0d74be34f..26755a8d901d 100644 +--- a/wizards/source/access2base/DoCmd.xba ++++ b/wizards/source/access2base/DoCmd.xba +@@ -2655,7 +2655,7 @@ Private Sub _ShellExecute(sCommand As String) + + Dim oShell As Object + Set oShell = createUnoService("com.sun.star.system.SystemShellExecute") +- oShell.execute(sCommand, "" , com.sun.star.system.SystemShellExecuteFlags.DEFAULTS) ++ oShell.execute(sCommand, "" , com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY) + + End Sub ' _ShellExecute V0.8.5 + +-- +cgit v1.2.1 + +From 7c299586526c29875d2d1438c95580c18835c99b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> +Date: Tue, 30 Aug 2022 17:01:08 +0100 +Subject: check IFrame "FrameURL" target + +similiar to + +commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627 +Date: Wed Aug 7 17:37:11 2019 +0100 + + warn on load when a document binds an event to a macro + +Conflicts: + sfx2/source/doc/iframe.cxx + sw/source/filter/html/htmlplug.cxx + sw/source/filter/xml/xmltexti.cxx + +Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann <sbergman@redhat.com> +--- + sfx2/source/appl/macroloader.cxx | 9 +++++++-- + sfx2/source/doc/iframe.cxx | 20 +++++++++++++++----- + sfx2/source/inc/macroloader.hxx | 2 ++ + sw/source/filter/html/htmlplug.cxx | 7 ++++++- + sw/source/filter/xml/xmltexti.cxx | 9 +++++++-- + 5 files changed, 37 insertions(+), 10 deletions(-) + +diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx +index 98e036e0a7ea..b50d1e63c789 100644 +--- a/sfx2/source/appl/macroloader.cxx ++++ b/sfx2/source/appl/macroloader.cxx +@@ -68,10 +68,10 @@ css::uno::Sequence<OUString> SAL_CALL SfxMacroLoader::getSupportedServiceNames() + return { "com.sun.star.frame.ProtocolHandler" }; + } + +-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl() ++SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>& xFrame) + { + SfxObjectShell* pDocShell = nullptr; +- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY ); ++ + if ( xFrame.is() ) + { + SfxFrame* pFrame=nullptr; +@@ -96,6 +96,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl() + return pDocShell; + } + ++SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl() ++{ ++ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY ); ++ return SfxMacroLoader::GetObjectShell(xFrame); ++} + + uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch( + const util::URL& aURL , +diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx +index 8b1271545dfb..aea851894286 100644 +--- a/sfx2/source/doc/iframe.cxx ++++ b/sfx2/source/doc/iframe.cxx +@@ -38,10 +38,12 @@ + #include <svtools/miscopt.hxx> + #include <svl/itemprop.hxx> + #include <sfx2/frmdescr.hxx> ++#include <sfx2/objsh.hxx> + #include <sfx2/sfxdlg.hxx> + #include <toolkit/helper/vclunohelper.hxx> + #include <vcl/window.hxx> + #include <tools/debug.hxx> ++#include <macroloader.hxx> + + using namespace ::com::sun::star; + +@@ -159,6 +161,19 @@ sal_Bool SAL_CALL IFrameObject::load( + { + if ( SvtMiscOptions().IsPluginsEnabled() ) + { ++ util::URL aTargetURL; ++ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ); ++ uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); ++ xTrans->parseStrict( aTargetURL ); ++ ++ if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) ++ { ++ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); ++ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); ++ if (pDoc && !pDoc->AdjustMacroMode()) ++ return false; ++ } ++ + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); + VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); + VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); +@@ -181,11 +196,6 @@ sal_Bool SAL_CALL IFrameObject::load( + if ( xFramesSupplier.is() ) + mxFrame->setCreator( xFramesSupplier ); + +- util::URL aTargetURL; +- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ); +- uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); +- xTrans->parseStrict( aTargetURL ); +- + uno::Sequence < beans::PropertyValue > aProps(2); + aProps[0].Name = "PluginMode"; + aProps[0].Value <<= sal_Int16(2); +diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx +index 9e1dfba18ed0..b3e7a5ec1abc 100644 +--- a/sfx2/source/inc/macroloader.hxx ++++ b/sfx2/source/inc/macroloader.hxx +@@ -82,6 +82,8 @@ public: + virtual void SAL_CALL addStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override; + + virtual void SAL_CALL removeStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override; ++ ++ static SfxObjectShell* GetObjectShell(const css::uno::Reference<css::frame::XFrame>& xFrame); + }; + + #endif +diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx +index a0da671de733..eb707040adb2 100644 +--- a/sw/source/filter/html/htmlplug.cxx ++++ b/sw/source/filter/html/htmlplug.cxx +@@ -1087,7 +1087,12 @@ void SwHTMLParser::InsertFloatingFrame() + bool bHasBorder = aFrameDesc.HasFrameBorder(); + Size aMargin = aFrameDesc.GetMargin(); + +- xSet->setPropertyValue("FrameURL", uno::makeAny( aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) ); ++ OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ); ++ ++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro) ++ NotifyMacroEventRead(); ++ ++ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) ); + xSet->setPropertyValue("FrameName", uno::makeAny( aName ) ); + + if ( eScroll == ScrollingMode::Auto ) +diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx +index 788bec5c2d47..169cbdc1534d 100644 +--- a/sw/source/filter/xml/xmltexti.cxx ++++ b/sw/source/filter/xml/xmltexti.cxx +@@ -853,9 +853,14 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra + uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY ); + if ( xSet.is() ) + { ++ OUString sHRef = URIHelper::SmartRel2Abs( ++ INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ); ++ ++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro) ++ GetXMLImport().NotifyMacroEventRead(); ++ + xSet->setPropertyValue("FrameURL", +- makeAny( URIHelper::SmartRel2Abs( +- INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ) ) ); ++ makeAny( sHRef ) ); + + xSet->setPropertyValue("FrameName", + makeAny( rName ) ); +-- +cgit v1.2.1 + +From 2f7e7dbebb28123b1e608c30af6cc335e7b5ed2f Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann <sbergman@redhat.com> +Date: Thu, 1 Sep 2022 17:33:51 +0200 +Subject: Filter out unwanted command URIs + +Conflicts: + desktop/source/app/cmdlineargs.cxx + +Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann <sbergman@redhat.com> +--- + desktop/source/app/cmdlineargs.cxx | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx +index 381147cd534e..f004f4b179dd 100644 +--- a/desktop/source/app/cmdlineargs.cxx ++++ b/desktop/source/app/cmdlineargs.cxx +@@ -28,6 +28,7 @@ + #include "cmdlineargs.hxx" + #include <osl/thread.hxx> + #include <tools/stream.hxx> ++#include <tools/urlobj.hxx> + #include <rtl/ustring.hxx> + #include <rtl/process.h> + #include <comphelper/lok.hxx> +@@ -169,7 +170,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur + } + if (nURIlen < 0) + nURIlen = rest2.getLength(); +- arg = rest2.copy(0, nURIlen); ++ auto const uri = rest2.copy(0, nURIlen); ++ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) { ++ // Let the "Open" machinery process the full command URI (leading to failure, by intention, ++ // as the "Open" machinery does not know about those command URI schemes): ++ curEvt = CommandLineEvent::Open; ++ } else { ++ arg = uri; ++ } + return curEvt; + } + +-- +cgit v1.2.1 + +From 46216a79f440dc972724bb243396b295267530ce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> +Date: Tue, 6 Sep 2022 11:38:55 +0100 +Subject: check impress/calc IFrame "FrameURL" target +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +similar to + +commit c7450d0b9d02c64ae3da467d329040787039767e +Date: Tue Aug 30 17:01:08 2022 +0100 + + check IFrame "FrameURL" target + +Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139480 +Tested-by: Jenkins +Reviewed-by: Caolán McNamara <caolanm@redhat.com> +--- + xmloff/source/draw/ximpshap.cxx | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx +index af0bfc1a7ef0..94ac8532b6c9 100644 +--- a/xmloff/source/draw/ximpshap.cxx ++++ b/xmloff/source/draw/ximpshap.cxx +@@ -90,6 +90,7 @@ + #include <basegfx/polygon/b2dpolypolygon.hxx> + #include <basegfx/polygon/b2dpolypolygontools.hxx> + #include <basegfx/vector/b2dvector.hxx> ++#include <tools/urlobj.hxx> + #include <o3tl/any.hxx> + #include <o3tl/safeint.hxx> + +@@ -3265,6 +3265,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs + + if( !maHref.isEmpty() ) + { ++ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro) ++ GetImport().NotifyMacroEventRead(); ++ + xProps->setPropertyValue("FrameURL", Any(maHref) ); + } + } +-- +cgit v1.2.1 + |