| appopen.cxx (4160b053) | appopen.cxx (807d5754) |
|---|---|
| 1/************************************************************** 2 * 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance --- 916 unchanged lines hidden (view full) --- 925 aURL.Complete = aFileName; 926 Reference < XURLTransformer > xTrans( ::comphelper::getProcessServiceFactory()->createInstance( 927 ::rtl::OUString::createFromAscii("com.sun.star.util.URLTransformer" )), UNO_QUERY ); 928 xTrans->parseStrict( aURL ); 929 INetURLObject aINetURLObject(aURL.Complete); 930 INetProtocol aINetProtocol = aINetURLObject.GetProtocol(); 931 SvtExtendedSecurityOptions aExtendedSecurityOptions; 932 SvtExtendedSecurityOptions::OpenHyperlinkMode eMode = aExtendedSecurityOptions.GetOpenHyperlinkMode(); | 1/************************************************************** 2 * 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance --- 916 unchanged lines hidden (view full) --- 925 aURL.Complete = aFileName; 926 Reference < XURLTransformer > xTrans( ::comphelper::getProcessServiceFactory()->createInstance( 927 ::rtl::OUString::createFromAscii("com.sun.star.util.URLTransformer" )), UNO_QUERY ); 928 xTrans->parseStrict( aURL ); 929 INetURLObject aINetURLObject(aURL.Complete); 930 INetProtocol aINetProtocol = aINetURLObject.GetProtocol(); 931 SvtExtendedSecurityOptions aExtendedSecurityOptions; 932 SvtExtendedSecurityOptions::OpenHyperlinkMode eMode = aExtendedSecurityOptions.GetOpenHyperlinkMode(); |
| 933 if ( eMode == SvtExtendedSecurityOptions::OPEN_WITHSECURITYCHECK ) | 933 if ( eMode == SvtExtendedSecurityOptions::OPEN_NEVER && aINetProtocol != INET_PROT_VND_SUN_STAR_HELP ) |
| 934 { | 934 { |
| 935 /*!!! pb: #i49802# no security warning any longer 936 ardovm: Restored security checks in March 2021 */ 937 // Check if file URL is a directory. This is not insecure! 938 sal_Bool bIsDir = aINetURLObject.hasFinalSlash() || 939 ( osl::Directory(aURL.Main).open() == 940 osl::Directory::E_None ); 941 // Use SvtExtendedSecurityOptions::IsSecureHyperlink() 942 // to check the extension of the link destination. 943 sal_Bool bSafeExtension = aExtendedSecurityOptions.IsSecureHyperlink(aURL.Complete); 944 // We consider some protocols unsafe 945 sal_Bool bUnsafeProtocol; 946 switch (aINetProtocol) { 947 case INET_PROT_HTTP: 948 case INET_PROT_HTTPS: 949 bSafeExtension = true; // trust the browser to prevent unsafe extensions 950 // case INET_PROT_FTP: 951 case INET_PROT_VND_SUN_STAR_HELP: 952 case INET_PROT_MAILTO: 953 bUnsafeProtocol = false; 954 break; 955 default: // Anything else, including INET_PROT_FILE 956 bUnsafeProtocol = true; 957 break; 958 } 959 if ( (!bIsDir && !bSafeExtension) || bUnsafeProtocol ) 960 { 961 // Security check for local files depending on the extension 962 vos::OGuard aGuard( Application::GetSolarMutex() ); 963 Window *pWindow = SFX_APP()->GetTopWindow(); 964 965 String aSecurityWarningBoxTitle( SfxResId( RID_SECURITY_WARNING_TITLE )); 966 WarningBox aSecurityWarningBox( pWindow, SfxResId( RID_SECURITY_WARNING_HYPERLINK )); 967 aSecurityWarningBox.SetText( aSecurityWarningBoxTitle ); 968 969 // Replace %s with the real file name 970 String aMsgText = aSecurityWarningBox.GetMessText(); 971 String aMainURL( aURL.Main ); 972 String aFileNameInMsg; 973 974 if (!utl::LocalFileHelper::ConvertURLToPhysicalName( aMainURL, aFileNameInMsg )) { 975 aFileNameInMsg = aMainURL; 976 } 977 aMsgText.SearchAndReplaceAscii( "%s", aFileNameInMsg ); 978 aSecurityWarningBox.SetMessText( aMsgText ); 979 980 if( aSecurityWarningBox.Execute() == RET_NO ) 981 return; 982 } 983 } 984 else if ( eMode == SvtExtendedSecurityOptions::OPEN_NEVER && aINetProtocol != INET_PROT_VND_SUN_STAR_HELP ) 985 { | |
| 986 vos::OGuard aGuard( Application::GetSolarMutex() ); 987 Window *pWindow = SFX_APP()->GetTopWindow(); 988 989 String aSecurityWarningBoxTitle( SfxResId( RID_SECURITY_WARNING_TITLE )); 990 WarningBox aSecurityWarningBox( pWindow, SfxResId( RID_SECURITY_WARNING_NO_HYPERLINKS )); 991 aSecurityWarningBox.SetText( aSecurityWarningBoxTitle ); 992 aSecurityWarningBox.Execute(); 993 return; --- 98 unchanged lines hidden (view full) --- 1092 if ( !bFound ) 1093 { 1094 sal_Bool bLoadInternal = sal_False; 1095 1096 // security reservation: => we have to check the referer before executing 1097 if (SFX_APP()->IsSecureURL(rtl::OUString(), &aReferer)) 1098 { 1099 ::rtl::OUString aURLString( aURL.Complete ); | 935 vos::OGuard aGuard( Application::GetSolarMutex() ); 936 Window *pWindow = SFX_APP()->GetTopWindow(); 937 938 String aSecurityWarningBoxTitle( SfxResId( RID_SECURITY_WARNING_TITLE )); 939 WarningBox aSecurityWarningBox( pWindow, SfxResId( RID_SECURITY_WARNING_NO_HYPERLINKS )); 940 aSecurityWarningBox.SetText( aSecurityWarningBoxTitle ); 941 aSecurityWarningBox.Execute(); 942 return; --- 98 unchanged lines hidden (view full) --- 1041 if ( !bFound ) 1042 { 1043 sal_Bool bLoadInternal = sal_False; 1044 1045 // security reservation: => we have to check the referer before executing 1046 if (SFX_APP()->IsSecureURL(rtl::OUString(), &aReferer)) 1047 { 1048 ::rtl::OUString aURLString( aURL.Complete ); |
| 1049 // Before letting the OS execute the URL, we may have to request for 1050 // confirmation 1051 if ( eMode == SvtExtendedSecurityOptions::OPEN_WITHSECURITYCHECK ) { 1052 // Check if file URL is a directory. This is not insecure! 1053 sal_Bool bIsDir = aINetURLObject.hasFinalSlash() || 1054 ( osl::Directory(aURL.Main).open() == 1055 osl::Directory::E_None ); 1056 // Use SvtExtendedSecurityOptions::IsSecureHyperlink() 1057 // to check the extension of the link destination. 1058 sal_Bool bSafeExtension = aExtendedSecurityOptions.IsSecureHyperlink(aURL.Complete); 1059 if (!bIsDir && !bSafeExtension) { 1060 // Security check for local files depending on the extension 1061 vos::OGuard aGuard( Application::GetSolarMutex() ); 1062 Window *pWindow = SFX_APP()->GetTopWindow(); |
|
| 1100 | 1063 |
| 1064 String aSecurityWarningBoxTitle( SfxResId( RID_SECURITY_WARNING_TITLE )); 1065 WarningBox aSecurityWarningBox( pWindow, SfxResId( RID_SECURITY_WARNING_HYPERLINK )); 1066 aSecurityWarningBox.SetText( aSecurityWarningBoxTitle ); 1067 1068 // Replace %s with the real file name 1069 String aMsgText = aSecurityWarningBox.GetMessText(); 1070 String aMainURL( aURL.Main ); 1071 String aFileNameInMsg; 1072 1073 if (!utl::LocalFileHelper::ConvertURLToPhysicalName( aMainURL, aFileNameInMsg )) { 1074 aFileNameInMsg = aMainURL; 1075 } 1076 aMsgText.SearchAndReplaceAscii( "%s", aFileNameInMsg ); 1077 aSecurityWarningBox.SetMessText( aMsgText ); 1078 1079 if( aSecurityWarningBox.Execute() == RET_NO ) 1080 return; 1081 } 1082 } |
|
| 1101 try 1102 { 1103 // give os this file 1104 xSystemShellExecute->execute( aURLString, ::rtl::OUString(), SystemShellExecuteFlags::DEFAULTS ); 1105 } 1106 catch ( ::com::sun::star::lang::IllegalArgumentException& ) 1107 { 1108 vos::OGuard aGuard( Application::GetSolarMutex() ); --- 260 unchanged lines hidden --- | 1083 try 1084 { 1085 // give os this file 1086 xSystemShellExecute->execute( aURLString, ::rtl::OUString(), SystemShellExecuteFlags::DEFAULTS ); 1087 } 1088 catch ( ::com::sun::star::lang::IllegalArgumentException& ) 1089 { 1090 vos::OGuard aGuard( Application::GetSolarMutex() ); --- 260 unchanged lines hidden --- |