From: Caolán McNamara <caolanm@redhat.com>
Date: Mon, 11 May 2020 19:46:43 +0000 (+0100)
Subject: CVE-2020-12803 limit forms to http[s]
X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u11^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6a40c7e2195f15041503bdb0d38d821cebae496d;p=libreoffice.git

CVE-2020-12803 limit forms to http[s]

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93993
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 5d101a65c31e6c2f8dd0edffe05f69055cbd481c)

Conflicts:
	forms/source/xforms/submission.cxx

Change-Id: I3ed0bc626f693ec03f610dc7361f93cad914c9d8

origin: https://github.com/LibreOffice/core/commit/ddd7a2f43634bb3e2b2a1978bcf09d8f3fd27bab.patch

Gbp-Pq: Name 0097-CVE-2020-12803-limit-forms-to-http-s.patch
---

diff --git a/forms/source/xforms/submission.cxx b/forms/source/xforms/submission.cxx
index 3757378c663..81cc0563d39 100644
--- a/forms/source/xforms/submission.cxx
+++ b/forms/source/xforms/submission.cxx
@@ -255,6 +255,9 @@ bool Submission::doSubmit( const Reference< XInteractionHandler >& xHandler )
     }
 
     xSubmission->setEncoding(getEncoding());
+    if (!xSubmission->IsWebProtocol())
+        return false;
+
     CSubmission::SubmissionResult aResult = xSubmission->submit( xHandler );
 
     if (aResult == CSubmission::SUCCESS)
diff --git a/forms/source/xforms/submission/submission.hxx b/forms/source/xforms/submission/submission.hxx
index 7d726392c73..f93146d5923 100644
--- a/forms/source/xforms/submission/submission.hxx
+++ b/forms/source/xforms/submission/submission.hxx
@@ -127,6 +127,12 @@ public:
         , m_xContext(::comphelper::getProcessComponentContext())
     {}
 
+    bool IsWebProtocol() const
+    {
+        INetProtocol eProtocol = m_aURLObj.GetProtocol();
+        return eProtocol == INetProtocol::Http || eProtocol == INetProtocol::Https;
+    }
+
     virtual ~CSubmission() {}
 
     void setEncoding(const OUString& aEncoding)