From f262b5849129c6192170833fe71837efb6269f06 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Caol=C3=A1n=20McNamara?= Date: Thu, 30 Jan 2025 20:37:38 +0000 Subject: [PATCH] Filter out more unwanted command URIs Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016 Tested-by: Jenkins Reviewed-by: Xisco Fauli Reviewed-By: Daniel Leidert Origin: https://git.libreoffice.org/core/+/7105fb698f897ddb38bd60315444c07356689e14%5E%21 Bug: https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080 Bug: https://github.com/advisories/ghsa-gcgr-r4x5-w79r Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-1080 Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-1080 Gbp-Pq: Name CVE-2025-1080.patch --- desktop/source/app/cmdlineargs.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx index 54cc7f868d3..417de029152 100644 --- a/desktop/source/app/cmdlineargs.cxx +++ b/desktop/source/app/cmdlineargs.cxx @@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur if (nURIlen < 0) nURIlen = rest2.getLength(); auto const uri = rest2.copy(0, nURIlen); - if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) { + if (INetURLObject(uri).IsExoticProtocol()) { // Let the "Open" machinery process the full command URI (leading to failure, by intention, // as the "Open" machinery does not know about those command URI schemes): curEvt = CommandLineEvent::Open; -- 2.30.2