From 6a40c7e2195f15041503bdb0d38d821cebae496d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 11 May 2020 20:46:43 +0100 Subject: [PATCH] CVE-2020-12803 limit forms to http[s] Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93993 Tested-by: Jenkins Reviewed-by: Stephan Bergmann (cherry picked from commit 5d101a65c31e6c2f8dd0edffe05f69055cbd481c) Conflicts: forms/source/xforms/submission.cxx Change-Id: I3ed0bc626f693ec03f610dc7361f93cad914c9d8 origin: https://github.com/LibreOffice/core/commit/ddd7a2f43634bb3e2b2a1978bcf09d8f3fd27bab.patch Gbp-Pq: Name 0097-CVE-2020-12803-limit-forms-to-http-s.patch --- forms/source/xforms/submission.cxx | 3 +++ forms/source/xforms/submission/submission.hxx | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/forms/source/xforms/submission.cxx b/forms/source/xforms/submission.cxx index 3757378c663..81cc0563d39 100644 --- a/forms/source/xforms/submission.cxx +++ b/forms/source/xforms/submission.cxx @@ -255,6 +255,9 @@ bool Submission::doSubmit( const Reference< XInteractionHandler >& xHandler ) } xSubmission->setEncoding(getEncoding()); + if (!xSubmission->IsWebProtocol()) + return false; + CSubmission::SubmissionResult aResult = xSubmission->submit( xHandler ); if (aResult == CSubmission::SUCCESS) diff --git a/forms/source/xforms/submission/submission.hxx b/forms/source/xforms/submission/submission.hxx index 7d726392c73..f93146d5923 100644 --- a/forms/source/xforms/submission/submission.hxx +++ b/forms/source/xforms/submission/submission.hxx @@ -127,6 +127,12 @@ public: , m_xContext(::comphelper::getProcessComponentContext()) {} + bool IsWebProtocol() const + { + INetProtocol eProtocol = m_aURLObj.GetProtocol(); + return eProtocol == INetProtocol::Http || eProtocol == INetProtocol::Https; + } + virtual ~CSubmission() {} void setEncoding(const OUString& aEncoding) -- 2.30.2