scripting/source/protocolhandler/scripthandler.cxx |   56 ++++++++++++---------
 sfx2/source/notify/eventsupplier.cxx               |   39 +++++++++++++-
 2 files changed, 68 insertions(+), 27 deletions(-)

New commits:
commit a1140054b4031fe64e073bb4a5c443018c8532c2
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Aug 14 15:24:05 2019 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Wed Aug 14 17:52:29 2019 +0200

    revert part of 'warn on load when a document binds an event to a macro'
    
    i.e.
    commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
    Author: Caolán McNamara <caol...@redhat.com>
    Date:   Wed Aug 7 17:37:11 2019 +0100
    
    because then extensions that add a entry to menus results in menu
    entries that cannot run in the start center where there is no document.
    
    If allowed when there is no document, it would still result in the
    odd behaviour that such menu entries would not work in a document which
    contained macros or macro-calls if permission was denied to run them
    
    Add a similar check instead to SfxEvents_Impl::Execute
    
    Change-Id: I8084ab2dc66bb95e2562a3dba188c721d44a5676
    Reviewed-on: https://gerrit.libreoffice.org/77465
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>

diff --git a/scripting/source/protocolhandler/scripthandler.cxx 
b/scripting/source/protocolhandler/scripthandler.cxx
index 965827bbde6e..1fbf0c8bbc46 100644
--- a/scripting/source/protocolhandler/scripthandler.cxx
+++ b/scripting/source/protocolhandler/scripthandler.cxx
@@ -122,7 +122,6 @@ void SAL_CALL 
ScriptProtocolHandler::dispatchWithNotification(
     const URL& aURL, const Sequence < PropertyValue >& lArgs,
     const Reference< XDispatchResultListener >& xListener )
 {
-
     bool bSuccess = false;
     Any invokeResult;
     bool bCaughtException = false;
@@ -132,32 +131,42 @@ void SAL_CALL 
ScriptProtocolHandler::dispatchWithNotification(
     {
         try
         {
-            // obtain the component for our security check
-            Reference< XEmbeddedScripts > xDocumentScripts;
-            if ( getScriptInvocation() )
-                xDocumentScripts.set( 
m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
-
-            OSL_ENSURE( xDocumentScripts.is(), 
"ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" 
);
-            if ( !xDocumentScripts.is() || 
!xDocumentScripts->getAllowMacroExecution() )
+            css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+                css::uri::UriReferenceFactory::create(m_xContext));
+            css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+                urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW);
+            auto const loc = uri->getParameter("location");
+            bool bIsDocumentScript = loc == "document";
+
+            if ( bIsDocumentScript )
             {
-                if ( xListener.is() )
+                // obtain the component for our security check
+                Reference< XEmbeddedScripts > xDocumentScripts;
+                if ( getScriptInvocation() )
+                    xDocumentScripts.set( 
m_xScriptInvocation->getScriptContainer(), UNO_SET_THROW );
+
+                OSL_ENSURE( xDocumentScripts.is(), 
"ScriptProtocolHandler::dispatchWithNotification: can't do the security check!" 
);
+                if ( !xDocumentScripts.is() || 
!xDocumentScripts->getAllowMacroExecution() )
                 {
-                    css::frame::DispatchResultEvent aEvent(
-                            static_cast< ::cppu::OWeakObject* >( this ),
-                            css::frame::DispatchResultState::FAILURE,
-                            invokeResult );
-                    try
-                    {
-                        xListener->dispatchFinished( aEvent ) ;
-                    }
-                    catch(const RuntimeException &)
+                    if ( xListener.is() )
                     {
-                        TOOLS_WARN_EXCEPTION("scripting",
-                            "ScriptProtocolHandler::dispatchWithNotification: 
caught RuntimeException"
-                            "while dispatchFinished with failure of the 
execution");
+                        css::frame::DispatchResultEvent aEvent(
+                                static_cast< ::cppu::OWeakObject* >( this ),
+                                css::frame::DispatchResultState::FAILURE,
+                                invokeResult );
+                        try
+                        {
+                            xListener->dispatchFinished( aEvent ) ;
+                        }
+                        catch(const RuntimeException &)
+                        {
+                            TOOLS_WARN_EXCEPTION("scripting",
+                                
"ScriptProtocolHandler::dispatchWithNotification: caught RuntimeException"
+                                "while dispatchFinished with failure of the 
execution");
+                        }
                     }
+                    return;
                 }
-                return;
             }
 
             // Creates a ScriptProvider ( if one is not created already )
@@ -194,7 +203,8 @@ void SAL_CALL 
ScriptProtocolHandler::dispatchWithNotification(
 
             // attempt to protect the document against the script tampering 
with its Undo Context
             std::unique_ptr< ::framework::DocumentUndoGuard > pUndoGuard;
-            pUndoGuard.reset( new ::framework::DocumentUndoGuard( 
m_xScriptInvocation ) );
+            if ( bIsDocumentScript )
+                pUndoGuard.reset( new ::framework::DocumentUndoGuard( 
m_xScriptInvocation ) );
 
             bSuccess = false;
             while ( !bSuccess )
diff --git a/sfx2/source/notify/eventsupplier.cxx 
b/sfx2/source/notify/eventsupplier.cxx
index 356d28c1430a..fffe1fe39de0 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -19,11 +19,13 @@
 
 #include <com/sun/star/beans/PropertyValue.hpp>
 
+#include <com/sun/star/document/XEmbeddedScripts.hpp>
+#include <com/sun/star/document/XScriptInvocationContext.hpp>
 #include <com/sun/star/util/URL.hpp>
-
 #include <com/sun/star/frame/Desktop.hpp>
 #include <com/sun/star/util/URLTransformer.hpp>
 #include <com/sun/star/util/XURLTransformer.hpp>
+#include <com/sun/star/uno/XInterface.hpp>
 #include <tools/urlobj.hxx>
 #include <tools/diagnose_ex.h>
 #include <svl/macitem.hxx>
@@ -48,6 +50,8 @@
 #include <macroloader.hxx>
 
 using namespace css;
+using namespace ::com::sun::star;
+
 
 
     //  --- XNameReplace ---
@@ -151,6 +155,29 @@ sal_Bool SAL_CALL SfxEvents_Impl::hasElements()
     return maEventNames.hasElements();
 }
 
+namespace
+{
+    bool lcl_isScriptAccessAllowed_nothrow(const 
uno::Reference<uno::XInterface>& rxScriptContext)
+    {
+        try
+        {
+            uno::Reference<document::XEmbeddedScripts> 
xScripts(rxScriptContext, uno::UNO_QUERY);
+            if (!xScripts.is())
+            {
+                uno::Reference<document::XScriptInvocationContext> 
xContext(rxScriptContext, uno::UNO_QUERY_THROW);
+                xScripts.set(xContext->getScriptContainer(), 
uno::UNO_SET_THROW);
+            }
+
+            return xScripts->getAllowMacroExecution();
+        }
+        catch( const uno::Exception& )
+        {
+            DBG_UNHANDLED_EXCEPTION("sfx.doc");
+        }
+        return false;
+    }
+}
+
 void SfxEvents_Impl::Execute( uno::Any const & aEventData, const 
document::DocumentEvent& aTrigger, SfxObjectShell* pDoc )
 {
     uno::Sequence < beans::PropertyValue > aProperties;
@@ -189,6 +216,12 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, 
const document::Docum
     if (aScript.isEmpty())
         return;
 
+    if (!pDoc)
+        pDoc = SfxObjectShell::Current();
+
+    if (pDoc && !lcl_isScriptAccessAllowed_nothrow(pDoc->GetModel()))
+        return;
+
     if (aType == STAR_BASIC)
     {
         uno::Any aAny;
@@ -206,9 +239,7 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, 
const document::Docum
 
         if (bAllowed)
         {
-            SfxViewFrame* pView = pDoc ?
-                SfxViewFrame::GetFirst( pDoc ) :
-                SfxViewFrame::Current();
+            SfxViewFrame* pView = SfxViewFrame::GetFirst(pDoc);
 
             uno::Reference
                 < frame::XDispatchProvider > xProv;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to