Let sysadmins disable individual file format filters

It makes sense to disable a filter, as a temporary security measure,
when there is a 0-day vulnerability in it.

E.g., when 0-day found in AbiWord filter, this config snippet disables it:
<item oor:path="/org.openoffice.TypeDetection.Filter">
    <node oor:name="Filters">
        <node oor:name="AbiWord">
            <prop oor:name="Enabled" oor:finalized="true">
                <value>false</value>
            </prop>
        </node>
    </node>
</item>

Reviewed-on: https://gerrit.libreoffice.org/50961Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
(cherry picked from commit 4547fa2c)

Change-Id: I8b84250c7e4aac3555877d23f58ed13a2210ebfc
Reviewed-on: https://gerrit.libreoffice.org/51058Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>

filter/source/config/cache/constant.hxx

@@ -60,6 +60,7 @@
 #define  PROPNAME_TEMPLATENAME      "TemplateName"
 #define  PROPNAME_FILEFORMATVERSION "FileFormatVersion"
 #define  PROPNAME_EXPORTEXTENSION   "ExportExtension"
+#define  PROPNAME_ENABLED           "Enabled"
 
 /** @short  used to identify a frame loader or detect service item
             property against the configuration API and can be used

filter/source/config/cache/filtercache.cxx

@@ -63,10 +63,11 @@ FilterCache::FilterCache()
     , m_eFillState(E_CONTAINS_NOTHING                      )
 {
     int i = 0;
-    OUString sStandardProps[9];
+    OUString sStandardProps[10];
 
     sStandardProps[i++] = PROPNAME_USERDATA;
     sStandardProps[i++] = PROPNAME_TEMPLATENAME;
+    sStandardProps[i++] = PROPNAME_ENABLED;
     // E_READ_UPDATE only above
     sStandardProps[i++] = PROPNAME_TYPE;
     sStandardProps[i++] = PROPNAME_FILEFORMATVERSION;
@@ -79,9 +80,9 @@ FilterCache::FilterCache()
 
     // E_READ_NOTHING -> creative nothingness.
     m_aStandardProps[E_READ_STANDARD] =
-        css::uno::Sequence< OUString >(sStandardProps + 2, 7);
+        css::uno::Sequence< OUString >(sStandardProps + 3, 7);
     m_aStandardProps[E_READ_UPDATE] =
-        css::uno::Sequence< OUString >(sStandardProps, 2);
+        css::uno::Sequence< OUString >(sStandardProps, 3);
     m_aStandardProps[E_READ_ALL] =
         css::uno::Sequence< OUString >(sStandardProps,
                                        SAL_N_ELEMENTS(sStandardProps));

include/sfx2/docfilt.hxx

@@ -61,6 +61,7 @@ class SFX2_DLLPUBLIC SfxFilter
     sal_uIntPtr     nVersion;
     SotClipboardFormatId lFormat;
     sal_uInt16      nDocIcon;
+    bool mbEnabled;
 
 public:
     SfxFilter( const OUString& rProvider, const OUString& rFilterName );
@@ -73,7 +74,8 @@ public:
                sal_uInt16 nDocIcon,
                const OUString &rMimeType,
                const OUString &rUserData,
-               const OUString& rServiceName );
+               const OUString& rServiceName,
+               bool bEnabled = true );
     ~SfxFilter();
 
     bool IsAllowedAsTemplate() const { return bool(nFormatType & SfxFilterFlags::TEMPLATE); }
@@ -118,6 +120,7 @@ public:
                     css::lang::WrappedTargetException,
                     css::uno::RuntimeException,
                     std::exception );
+     bool IsEnabled() const  { return mbEnabled; }
 };
 
 #endif

include/tools/errcode.hxx

@@ -241,6 +241,8 @@ inline sal_uInt32 ERRCODE_TOERROR( ErrCode x )
                                          ERRCODE_AREA_IO)
 #define ERRCODE_IO_NOTSTORABLEINBINARYFORMAT      CAST_TO_UINT32(39UL |ERRCODE_CLASS_FORMAT|\
                                          ERRCODE_AREA_IO)
+#define ERRCODE_IO_FILTERDISABLED     CAST_TO_UINT32(40UL |ERRCODE_CLASS_FORMAT|\
+                                         ERRCODE_AREA_IO)
 
 // FsysErrorCodes
 

officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs

@@ -94,6 +94,14 @@
           this filter.</desc>
         </info>
       </prop>
+      <prop oor:name="Enabled" oor:type="xs:boolean" oor:nillable="false">
+        <info>
+          <desc>Whether the filter is enabled. It makes sense to disable a filter,
+          as a temporary security measure, when there is a 0-day vulnerability in
+          it.</desc>
+        </info>
+        <value>true</value>
+      </prop>
     </group>
   </templates>
   <component>

sfx2/source/bastyp/fltfnc.cxx

@@ -933,6 +933,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
         OUString sExtension          ;
         OUString sPattern            ;
         OUString sServiceName        ;
+        bool bEnabled = true         ;
 
         // first get directly available properties
         sal_Int32 nFilterPropertyCount = lFilterProperties.getLength();
@@ -1027,6 +1028,11 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
                     }
                 }
             }
+            else if ( lFilterProperties[nFilterProperty].Name == "Enabled" )
+            {
+                lFilterProperties[nFilterProperty].Value >>= bEnabled;
+            }
+
         }
 
         if ( sServiceName.isEmpty() )
@@ -1064,7 +1070,8 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
                                      (sal_uInt16)nDocumentIconId ,
                                      sMimeType               ,
                                      sUserData               ,
-                                     sServiceName ));
+                                     sServiceName            ,
+                                     bEnabled ));
             rList.push_back( pFilter );
         }
         else
@@ -1079,6 +1086,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
             pFilt->aMimeType    = sMimeType;
             pFilt->aUserData    = sUserData;
             pFilt->aServiceName = sServiceName;
+            pFilt->mbEnabled    = bEnabled;
         }
 
         SfxFilter* pFilt = const_cast<SfxFilter*>(pFilter.get());

sfx2/source/doc/docfilt.cxx

@@ -43,7 +43,8 @@ SfxFilter::SfxFilter( const OUString& rProvider, const OUString &rFilterName ) :
     nFormatType(SfxFilterFlags::NONE),
     nVersion(0),
     lFormat(SotClipboardFormatId::NONE),
-    nDocIcon(0)
+    nDocIcon(0),
+    mbEnabled(true)
 {
 }
 
@@ -55,7 +56,8 @@ SfxFilter::SfxFilter( const OUString &rName,
                       sal_uInt16 nIcon,
                       const OUString &rMimeType,
                       const OUString &rUsrDat,
-                      const OUString &rServiceName ):
+                      const OUString &rServiceName,
+                      bool bEnabled ):
     aWildCard(rWildCard, ';'),
     aTypeName(rTypNm),
     aUserData(rUsrDat),
@@ -66,7 +68,8 @@ SfxFilter::SfxFilter( const OUString &rName,
     nFormatType(nType),
     nVersion(SOFFICE_FILEFORMAT_50),
     lFormat(lFmt),
-    nDocIcon(nIcon)
+    nDocIcon(nIcon),
+    mbEnabled(bEnabled)
 {
     OUString aExts = GetWildcard().getGlob();
     OUString aShort, aLong;

sfx2/source/doc/objstor.cxx

@@ -658,6 +658,12 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
     pImpl->nLoadedFlags = SfxLoadedFlags::NONE;
     pImpl->bModelInitialized = false;
 
+    if (pFilter && !pFilter->IsEnabled())
+    {
+        SetError( ERRCODE_IO_FILTERDISABLED, OSL_LOG_PREFIX );
+    }
+
+
     //TODO/LATER: make a clear strategy how to handle "UsesStorage" etc.
     bool bOwnStorageFormat = IsOwnStorageFormat( *pMedium );
     bool bHasStorage = IsPackageStorageFormat_Impl( *pMedium );

svx/source/src/errtxt.src

@@ -508,6 +508,10 @@ Resource RID_ERRHDL
     {
         Text [ en-US ] = "File format error found at $(ARG1)(row,col).";
     };
+    String ERRCODE_IO_FILTERDISABLED
+    {
+        Text [ en-US ] = "The filter for this file format is disabled in configuration. Please contact your systems administrator.";
+    };
 };
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */