[Libreoffice-commits] core.git: sfx2/source

[Mike Kaganski (via logerrit)]

 sfx2/source/doc/docmacromode.cxx |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

New commits:
commit 85a8c29e26f0bf48906312103e57246685d32c7e
Author:     Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Nov 8 09:35:46 2023 +0300
Commit:     Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Wed Nov 8 16:22:00 2023 +0100

    tdf#158090: Limit signed document requirement to High security level
    
    Commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
    2021-01-28) introduced a new requirement, that trusted macro signature
    must be accompanied by valid document signature when the document has
    events calling macros, otherwise macros are not allowed. But this breaks
    multiple workflows, where security level is set to limit users' ability
    to run unsigned macros, where documents aren't signed.
    
    As the first step, limit the security hardening introduced in the said
    commit to High security level; in Medium security level, restore the
    previous behavior.
    
    The plan is to fix more inconsistencies later, and then introduce a
    new separate configuration to require document signature to allow
    trusted macros (enabled by default), so that the combination of its
    default value and the High default security level keep the hardened
    default security implemented currently, while allowing users to opt
    to the previous documented behavior.
    
    Change-Id: I71ff0e531f3a42fbee7828982e4fd39f0e9d6ea3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159101
    Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>

diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index ef9546365451..e2c1150c33ef 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -207,9 +207,9 @@ namespace sfx2
                 {
                     return disallowMacroExecution();
                 }
-                else if ( 
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
-                          bHasTrustedMacroSignature &&
-                          !bHasValidContentSignature)
+                else if (nMacroExecutionMode != MacroExecMode::ALWAYS_EXECUTE
+                         && 
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()
+                         && bHasTrustedMacroSignature && 
!bHasValidContentSignature)
                 {
                     // When macros are signed, and the document has events 
which call macros, the document content needs to be signed too.
                     m_xData->m_bHasUnsignedContentError = true;