uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString* pMimeType)
{
- uno::Reference<media::XPlayer> xPlayer;
-
if( rURL.isEmpty() )
- return xPlayer;
+ return nullptr;
if (SvtSecurityOptions().isUntrustedReferer(rReferer))
{
- return xPlayer;
+ return nullptr;
}
+ if (INetURLObject(rURL).IsExoticProtocol())
+ return nullptr;
+
+ uno::Reference<media::XPlayer> xPlayer;
+
if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)
{
uno::Reference<uno::XComponentContext> xContext(::comphelper::getProcessComponentContext());
return nullptr;
}
+ INetURLObject aGraphicURL( maStrLink );
+ if (aGraphicURL.IsExoticProtocol())
+ {
+ SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
+ return nullptr;
+ }
+
// tdf#94088 prepare graphic and state
Graphic aGraphic;
bool bGraphicLoaded = false;
// a 'data:' scheme url and try to load that (embedded graphics)
if(!bGraphicLoaded)
{
- INetURLObject aGraphicURL( maStrLink );
-
if( INetProtocol::Data == aGraphicURL.GetProtocol() )
{
std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData());
#include <comphelper/storagehelper.hxx>
#include <comphelper/mimeconfighelper.hxx>
#include <comphelper/namedvaluecollection.hxx>
+#include <tools/urlobj.hxx>
#include <tools/diagnose_ex.h>
#include <sal/log.hxx>
sal_Int32 nLen = 2;
uno::Sequence< beans::PropertyValue > aArgs( nLen );
+
+ if (INetURLObject(m_aLinkURL).IsExoticProtocol())
+ {
+ SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << m_aLinkURL);
+ return nullptr;
+ }
+
aArgs[0].Name = "URL";
aArgs[0].Value <<= m_aLinkURL;
aArgs[1].Name = "FilterName";
{
OUString referer;
getPropertyValue("Referer") >>= referer;
- if (SvtSecurityOptions().isUntrustedReferer(referer)) {
+ if (SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) {
return false;
}
// the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first
INetURLObject aUrl(rURL);
- if (INetProtocol::NotValid == aUrl.GetProtocol())
+ if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol())
// we treat an invalid URL like we would treat no URL
return;
sReferer = sh->GetMedium()->GetName();
OUString sURL = rValue.get<OUString>();
- if (!SvtSecurityOptions().isUntrustedReferer(sReferer))
+ if (!SvtSecurityOptions().isUntrustedReferer(sReferer) &&
+ !INetURLObject(sURL).IsExoticProtocol())
+ {
rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
+ }
if (rGraphic.IsNone())
rGraphic.SetDefaultType();
rGraphic.setOriginURL(sURL);
// bPercentWidth / bPercentHeight means we have a percent size. If that's not the case and we have no
// size from nWidth / nHeight either, then inspect the image header.
- if ((!bPercentWidth && !nWidth) && (!bPercentHeight && !nHeight) && allowAccessLink(*m_xDoc))
+ if ((!bPercentWidth && !nWidth) && (!bPercentHeight && !nHeight) && allowAccessLink(*m_xDoc) &&
+ !aGraphicURL.IsExoticProtocol())
{
GraphicDescriptor aDescriptor(aGraphicURL);
if (aDescriptor.Detect(/*bExtendedInfo=*/true))
#include <toolkit/controls/unocontrols.hxx>
#include <toolkit/helper/property.hxx>
#include <helper/servicenames.hxx>
+#include <tools/urlobj.hxx>
#include <toolkit/helper/macros.hxx>
#include <unotools/securityoptions.hxx>
ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
{
uno::Reference< graphic::XGraphic > xGraphic;
- if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) )
+ if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol())
return xGraphic;
try
return m_eScheme == INetProtocol::Slot ||
m_eScheme == INetProtocol::Macro ||
m_eScheme == INetProtocol::Uno ||
+ m_eScheme == INetProtocol::VndSunStarExpand ||
isSchemeEqualTo(u"vnd.sun.star.script") ||
isSchemeEqualTo(u"service");
}
/*-----------------------------------------------*/
bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFile )
{
+ if (INetURLObject(sURL).IsExoticProtocol())
+ return false;
+
OUString referer(getUnpackedValueOrDefault(PROP_REFERRER(), OUString()));
if (SvtSecurityOptions().isUntrustedReferer(referer)) {
return false;
ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath,
sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
{
- ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
OUString aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) );
+ if (rPath.IsExoticProtocol())
+ {
+ SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl);
+ return ERRCODE_GRFILTER_FORMATERROR;
+ }
+
+ ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
if (xStream)
{
projects / libreoffice.git / commitdiff