projects / libreoffice.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f923690)
CVE-2020-12802 use the LinkManager persist to determine the Referer
authorCaolán McNamara <caolanm@redhat.com>
Mon, 11 May 2020 16:02:50 +0000 (17:02 +0100)
committerBastien Roucariès <rouca@debian.org>
Fri, 29 Dec 2023 09:39:36 +0000 (09:39 +0000)
LibreOffice has a ‘stealth mode’ in which only documents from locations deemed ‘trusted’
are allowed to retrieve remote resources. This mode is not the default mode,
but can be enabled by users who want to disable LibreOffice’s ability to include remote resources within a document.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94061
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 3ee652e1c18186a5de47797aa4b02defcb29c210)

Conflicts:
svx/source/svdraw/svdograf.cxx

Change-Id: I4e93878972492a93af368ffa0560412132431a24

origin: https://github.com/LibreOffice/core/commit/665258448af655f4b9da434ec29d380597b901e6.patch
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2020-12802
bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802

Gbp-Pq: Name 0094-CVE-2020-12802-use-the-LinkManager-persist-to-determ.patch

svx/source/svdraw/svdograf.cxx patch | blob | history

diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx
index 6b0b2bc7b44e0e52894b759413285f4eea4d11ba..0b1f788cd8bf7803b0335fc11d4be418e3af6b8f 100644 (file)
--- a/svx/source/svdraw/svdograf.cxx
+++ b/svx/source/svdraw/svdograf.cxx
@@ -19,8 +19,10 @@
 
 #include <unotools/streamwrap.hxx>
 
+#include <sfx2/docfile.hxx>
 #include <sfx2/lnkbase.hxx>
 #include <math.h>
+#include <sfx2/objsh.hxx>
 #include <tools/helpers.hxx>
 #include <sot/formats.hxx>
 #include <sot/storage.hxx>
@@ -228,8 +230,13 @@ void SdrGraphicLink::RemoveGraphicUpdater()
     {
         sfx2::LinkManager::GetDisplayNames( this, nullptr, &rGrafObj.aFileName, nullptr, &rGrafObj.aFilterName );
 
+        OUString sReferer(getReferer());
+        SfxObjectShell * sh = pLinkManager->GetPersist();
+        if (sh != nullptr && sh->HasName())
+            sReferer = sh->GetMedium()->GetName();
+
         Graphic aGraphic;
-        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, getReferer(), aGraphic))
+        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, sReferer, aGraphic))
         {
             rGrafObj.ImpSetLinkedGraphic(aGraphic);
         }
Unnamed repository; edit this file 'description' to name the repository.