[3/6] CVE-2023-6186 warn about exotic protocols as well

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158902
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit aafe05584e601236e84a165f2816b187189cfb77)
(cherry picked from commit 799f0225d7171e6c04324ace1f31c7fe976662a4)
(cherry picked from commit ae06669597e5a485676ba4394822cba8bb88d394)
(cherry picked from commit a7138808fbb8eb263af436ee4227cbe9c829b676)
(cherry picked from commit 19316aacbb9f1774565a157d21e70c88c490cef6)
(cherry picked from commit 13c0bdee068ad4af1f4e03461580ec7bddeb0d63)
(cherry picked from commit f7f3aab1c9f49a4e56711c7fd3b32da793b00a43)

Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f

Gbp-Pq: Name 0084-3-6-CVE-2023-6186-warn-about-exotic-protocols-as-wel.patch

diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
index 955eeab36ee9514f893fdc497a78c698c69c52f1..859dbea3ab8a5a44b7111788f8629cf11a72db94 100644 (file)
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1008,7 +1008,7 @@ void SwHTMLParser::InsertFloatingFrame()
 
                 OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
 
-                if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+                if (INetURLObject(sHRef).IsExoticProtocol())
                     NotifyMacroEventRead();
 
                 xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );

diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 8366f0ae38045a9d460d169f1a6e2dbda0607525..a786ace2f2a6f46cb1197c2cc0626b6ca258e848 100644 (file)
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -857,7 +857,7 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
                 OUString sHRef = URIHelper::SmartRel2Abs(
                             INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
 
-                if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+                if (INetURLObject(sHRef).IsExoticProtocol())
                     GetXMLImport().NotifyMacroEventRead();
 
                 xSet->setPropertyValue("FrameURL",

diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index de34ff30642193e02efbd46bac578375b9fcc28c..bb84332e0facce9a537b6a153f34bb1644971a48 100644 (file)
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4962,7 +4962,8 @@ bool INetURLObject::IsExoticProtocol() const
     return m_eScheme == INetProtocol::Slot ||
            m_eScheme == INetProtocol::Macro ||
            m_eScheme == INetProtocol::Uno ||
-           isSchemeEqualTo(u"vnd.sun.star.script");
+           isSchemeEqualTo(u"vnd.sun.star.script") ||
+           isSchemeEqualTo(u"service");
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index 2ee7a98be54705d9078d142f3add13cf7003c875..8adbfd794ddf23fee96e7677bfe9f2cfcf8f9957 100644 (file)
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -3275,7 +3275,7 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
 
             if( !maHref.isEmpty() )
             {
-                if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+                if (INetURLObject(maHref).IsExoticProtocol())
                     GetImport().NotifyMacroEventRead();
 
                 xProps->setPropertyValue("FrameURL", Any(maHref) );