From: Caolán McNamara <caolanm@redhat.com>
Date: Tue, 23 Jul 2019 14:31:05 +0000 (+0100)
Subject: expand LibreLogo check to global events
X-Git-Tag: archive/raspbian/1%5.2.7-1+rpi1+deb9u11^2~9
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f02731efbc58d16796f957f2521ed21f16a42f3b;p=libreoffice.git

expand LibreLogo check to global events

Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76194
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 85cbe1f06703c0b8e1f15a3d969202d99c66f34b)
Reviewed-on: https://gerrit.libreoffice.org/76540
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>

Gbp-Pq: Name expand-LibreLogo-checks-to-global-events.diff
---

diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 24b1d82862f..83b5eb65461 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -409,6 +409,8 @@ public:
     */
     bool                        AdjustMacroMode();
 
+    static bool                 UnTrustedScript(const OUString& rScriptURL);
+
     SvKeyValueIterator*         GetHeaderAttributes();
     void                        ClearHeaderAttributesForSourceViewHack();
     void                        SetHeaderAttributesForSourceViewHack();
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 3016315cd17..330c475efb8 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1461,16 +1461,12 @@ namespace
     }
 }
 
-namespace {
-
 // don't allow LibreLogo to be used with our mouseover/etc dom-alike events
-bool UnTrustedScript(const OUString& rScriptURL)
+bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
 {
     return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
 }
 
-}
-
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL,
     const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const css::uno::Any* pCaller )
 {
diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx
index a2796becd1f..63d9cb90934 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -213,18 +213,24 @@ void SfxEvents_Impl::Execute( uno::Any& aEventData, const document::DocumentEven
         else if (aType == "Service" ||
                   aType == "Script")
         {
-            if ( !aScript.isEmpty() )
+            bool bAllowed = false;
+            util::URL aURL;
+            if (!aScript.isEmpty())
             {
-                SfxViewFrame* pView = pDoc ?
-                    SfxViewFrame::GetFirst( pDoc ) :
-                    SfxViewFrame::Current();
-
                 uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) );
 
-                util::URL aURL;
                 aURL.Complete = aScript;
                 xTrans->parseStrict( aURL );
 
+                bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete);
+            }
+
+            if (bAllowed)
+            {
+                SfxViewFrame* pView = pDoc ?
+                    SfxViewFrame::GetFirst( pDoc ) :
+                    SfxViewFrame::Current();
+
                 uno::Reference
                     < frame::XDispatchProvider > xProv;