expand LibreLogo check to global events

Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76194
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 85cbe1f06703c0b8e1f15a3d969202d99c66f34b)
Reviewed-on: https://gerrit.libreoffice.org/76540
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name expand-LibreLogo-checks-to-global-events.diff

diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 24b1d82862f9fc1d66587dbadb93f08122d29922..83b5eb654618bcd2e188c866c11292e9db86ae81 100644 (file)
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -409,6 +409,8 @@ public:
     */
     bool                        AdjustMacroMode();
 
+    static bool                 UnTrustedScript(const OUString& rScriptURL);
+
     SvKeyValueIterator*         GetHeaderAttributes();
     void                        ClearHeaderAttributesForSourceViewHack();
     void                        SetHeaderAttributesForSourceViewHack();

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 3016315cd17bfd91a43c8b1f520b3a96e4e9316c..330c475efb8bc8cc6b6ded8ab0b3b9559a287d07 100644 (file)
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1461,16 +1461,12 @@ namespace
     }
 }
 
-namespace {
-
 // don't allow LibreLogo to be used with our mouseover/etc dom-alike events
-bool UnTrustedScript(const OUString& rScriptURL)
+bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
 {
     return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
 }
 
-}
-
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,
     const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const css::uno::Any* pCaller )
 {

diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx
index a2796becd1f8b2d4c2d0127fa4157d004fcdddbd..63d9cb909345f988102de4f12b30173c8feed12c 100644 (file)
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -213,18 +213,24 @@ void SfxEvents_Impl::Execute( uno::Any& aEventData, const document::DocumentEven
         else if (aType == "Service" ||
                   aType == "Script")
         {
-            if ( !aScript.isEmpty() )
+            bool bAllowed = false;
+            util::URL aURL;
+            if (!aScript.isEmpty())
             {
-                SfxViewFrame* pView = pDoc ?
-                    SfxViewFrame::GetFirst( pDoc ) :
-                    SfxViewFrame::Current();
-
                 uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) );
 
-                util::URL aURL;
                 aURL.Complete = aScript;
                 xTrans->parseStrict( aURL );
 
+                bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete);
+            }
+
+            if (bAllowed)
+            {
+                SfxViewFrame* pView = pDoc ?
+                    SfxViewFrame::GetFirst( pDoc ) :
+                    SfxViewFrame::Current();
+
                 uno::Reference
                     < frame::XDispatchProvider > xProv;