[Libreoffice-commits] core.git: sc/inc sc/source

Wed, 10 May 2023 13:29:29 -0700 

 sc/inc/documentlinkmgr.hxx                |    1 +
 sc/inc/globstr.hrc                        |    2 ++
 sc/source/ui/docshell/docsh4.cxx          |   17 ++++++++++++++++-
 sc/source/ui/docshell/documentlinkmgr.cxx |   18 ++++++++++++++++++
 4 files changed, 37 insertions(+), 1 deletion(-)

New commits:
commit a580a69a1e579755f726ffcd2a31a6f4f42c7100
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed May 10 16:38:08 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Wed May 10 22:29:02 2023 +0200

    reinforce the infobar warning when there are both external links...
    
    and WEBSERVICE present. This information is also shown in the
    "help" in the infobar
    
    Change-Id: I1412dc472afba353153b0c91aac1524cefa76aee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151641
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/sc/inc/documentlinkmgr.hxx b/sc/inc/documentlinkmgr.hxx
index e37719a3431c..de36ec40fa81 100644
--- a/sc/inc/documentlinkmgr.hxx
+++ b/sc/inc/documentlinkmgr.hxx
@@ -54,6 +54,7 @@ public:
 
     bool hasDdeLinks() const;
     bool hasDdeOrOleOrWebServiceLinks() const;
+    bool hasExternalRefLinks() const;
 
     bool updateDdeOrOleOrWebServiceLinks(weld::Window* pWin);
 
diff --git a/sc/inc/globstr.hrc b/sc/inc/globstr.hrc
index 01e1ab47219b..600cf9354fc0 100644
--- a/sc/inc/globstr.hrc
+++ b/sc/inc/globstr.hrc
@@ -359,6 +359,8 @@
 #define STR_BY                                  NC_("STR_BY", "by")
 #define STR_ON                                  NC_("STR_ON", "on")
 #define STR_RELOAD_TABLES                       NC_("STR_RELOAD_TABLES", 
"Automatic update of external links has been disabled.")
+#define STR_TRUST_DOCUMENT_WARNING              
NC_("STR_TRUST_DOCUMENT_WARNING", "Are you sure you trust this document?")
+#define STR_WEBSERVICE_WITH_LINKS_WARNING       
NC_("STR_WEBSERVICE_WITH_LINKS_WARNING", "Links to remote locations can be 
constructed that transmit local data to the remote server.")
 #define STR_REIMPORT_AFTER_LOAD                 NC_("STR_REIMPORT_AFTER_LOAD", 
"This file contains queries. The results of these queries were not saved.\nDo 
you want these queries to be repeated?")
 #define STR_INSERT_FULL                         NC_("STR_INSERT_FULL", "Filled 
cells cannot be shifted\nbeyond the sheet.")
 #define STR_TABINSERT_ERROR                     NC_("STR_TABINSERT_ERROR", 
"The table could not be inserted.")
diff --git a/sc/source/ui/docshell/docsh4.cxx b/sc/source/ui/docshell/docsh4.cxx
index 611d6537456e..1a344af959fd 100644
--- a/sc/source/ui/docshell/docsh4.cxx
+++ b/sc/source/ui/docshell/docsh4.cxx
@@ -199,8 +199,23 @@ void ScDocShell::ReloadAllLinks()
     m_pDocument->UpdateAreaLinks();
 }
 
-IMPL_LINK_NOARG( ScDocShell, ReloadAllLinksHdl, weld::Button&, void )
+IMPL_LINK( ScDocShell, ReloadAllLinksHdl, weld::Button&, rButton, void )
 {
+    ScDocument& rDoc = GetDocument();
+    if (rDoc.HasLinkFormulaNeedingCheck() && 
rDoc.GetDocLinkManager().hasExternalRefLinks())
+    {
+        // If we have WEBSERVICE/Dde link and other external links in the 
document, it might indicate some
+        // exfiltration attempt, add *another* warning about this on top of 
the "Security Warning"
+        // shown in the infobar before they got here.
+        std::unique_ptr<weld::MessageDialog> 
xQueryBox(Application::CreateMessageDialog(&rButton,
+                                                       
VclMessageType::Warning, VclButtonsType::YesNo,
+                                                       
ScResId(STR_TRUST_DOCUMENT_WARNING)));
+        
xQueryBox->set_secondary_text(ScResId(STR_WEBSERVICE_WITH_LINKS_WARNING));
+        xQueryBox->set_default_response(RET_NO);
+        if (xQueryBox->run() != RET_YES)
+            return;
+    }
+
     ReloadAllLinks();
 
     ScTabViewShell* pViewSh = GetBestViewShell();
diff --git a/sc/source/ui/docshell/documentlinkmgr.cxx 
b/sc/source/ui/docshell/documentlinkmgr.cxx
index 79a86d08b438..0fb89cfa0d18 100644
--- a/sc/source/ui/docshell/documentlinkmgr.cxx
+++ b/sc/source/ui/docshell/documentlinkmgr.cxx
@@ -21,6 +21,7 @@
 #include <documentlinkmgr.hxx>
 #include <datastream.hxx>
 #include <ddelink.hxx>
+#include <externalrefmgr.hxx>
 #include <webservicelink.hxx>
 #include <strings.hrc>
 #include <scresid.hxx>
@@ -153,6 +154,23 @@ bool 
DocumentLinkManager::hasDdeOrOleOrWebServiceLinks(bool bDde, bool bOle, boo
     return false;
 }
 
+bool DocumentLinkManager::hasExternalRefLinks() const
+{
+    sfx2::LinkManager* pMgr = mpImpl->mpLinkManager;
+    if (!pMgr)
+        return false;
+
+    const sfx2::SvBaseLinks& rLinks = pMgr->GetLinks();
+    for (const auto & rLink : rLinks)
+    {
+        sfx2::SvBaseLink* pBase = rLink.get();
+        if (dynamic_cast<ScExternalRefLink*>(pBase))
+            return true;
+    }
+
+    return false;
+}
+
 bool DocumentLinkManager::updateDdeOrOleOrWebServiceLinks(weld::Window* pWin)
 {
     sfx2::LinkManager* pMgr = mpImpl->mpLinkManager;

Reply via email to