Add "block untrusted referer links" switch

Change-Id: Id2f2a3dafc3bb7ec6fada6bfda5843348dfac5a1

cui/source/options/optinet2.cxx

@@ -899,6 +899,7 @@ sal_Bool SvxSecurityTabPage::FillItemSet( SfxItemSet& )
         CheckAndSave( *mpSecOptions, SvtSecurityOptions::E_DOCWARN_REMOVEPERSONALINFO, mpSecOptDlg->IsRemovePersInfoChecked(), bModified );
         CheckAndSave( *mpSecOptions, SvtSecurityOptions::E_DOCWARN_RECOMMENDPASSWORD, mpSecOptDlg->IsRecommPasswdChecked(), bModified );
         CheckAndSave( *mpSecOptions, SvtSecurityOptions::E_CTRLCLICK_HYPERLINK, mpSecOptDlg->IsCtrlHyperlinkChecked(), bModified );
+        CheckAndSave( *mpSecOptions, SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS, mpSecOptDlg->IsBlockUntrustedRefererLinksChecked(), bModified );
     }
 
     return bModified;

cui/source/options/securityoptions.cxx

@@ -67,6 +67,9 @@ SecurityOptionsDialog::SecurityOptionsDialog(Window* pParent, SvtSecurityOptions
     get(m_pCtrlHyperlinkCB, "ctrlclick");
     enableAndSet(*pOptions, SvtSecurityOptions::E_CTRLCLICK_HYPERLINK, *m_pCtrlHyperlinkCB,
         *get<FixedImage>("lockctrlclick"));
+    get(m_pBlockUntrustedRefererLinksCB, "blockuntrusted");
+    enableAndSet(*pOptions, SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS, *m_pBlockUntrustedRefererLinksCB,
+        *get<FixedImage>("lockblockuntrusted"));
 }
 
 SecurityOptionsDialog::~SecurityOptionsDialog()

cui/source/options/securityoptions.hxx

@@ -45,7 +45,7 @@ namespace svx
         CheckBox* m_pRemovePersInfoCB;
         CheckBox* m_pRecommPasswdCB;
         CheckBox* m_pCtrlHyperlinkCB;
-
+        CheckBox* m_pBlockUntrustedRefererLinksCB;
 
     public:
         SecurityOptionsDialog( Window* pParent, SvtSecurityOptions* pOptions );
@@ -58,6 +58,7 @@ namespace svx
         bool IsRemovePersInfoChecked() const { return m_pRemovePersInfoCB->IsChecked() != sal_False; }
         bool IsRecommPasswdChecked() const { return m_pRecommPasswdCB->IsChecked() != sal_False; }
         bool IsCtrlHyperlinkChecked() const { return m_pCtrlHyperlinkCB->IsChecked() != sal_False; }
+        bool IsBlockUntrustedRefererLinksChecked() const { return m_pBlockUntrustedRefererLinksCB->IsChecked() != sal_False; }
     };
 
 //........................................................................

cui/uiconfig/ui/securityoptionsdialog.ui

@@ -342,6 +342,24 @@
                             <property name="height">1</property>
                           </packing>
                         </child>
+                        <child>
+                          <object class="GtkCheckButton" id="blockuntrusted">
+                            <property name="label" translatable="yes">Block any links from documents not among the trusted locations (see Macro Security)</property>
+                            <property name="visible">True</property>
+                            <property name="can_focus">True</property>
+                            <property name="receives_default">False</property>
+                            <property name="hexpand">True</property>
+                            <property name="use_underline">True</property>
+                            <property name="xalign">0</property>
+                            <property name="draw_indicator">True</property>
+                          </object>
+                          <packing>
+                            <property name="left_attach">1</property>
+                            <property name="top_attach">3</property>
+                            <property name="width">1</property>
+                            <property name="height">1</property>
+                          </packing>
+                        </child>
                         <child>
                           <object class="GtkImage" id="lockremovepersonal">
                             <property name="can_focus">False</property>
@@ -385,6 +403,20 @@
                             <property name="height">1</property>
                           </packing>
                         </child>
+                        <child>
+                          <object class="GtkImage" id="lockblockuntrusted">
+                            <property name="can_focus">False</property>
+                            <property name="halign">center</property>
+                            <property name="valign">center</property>
+                            <property name="pixbuf">res/lock.png</property>
+                          </object>
+                          <packing>
+                            <property name="left_attach">0</property>
+                            <property name="top_attach">3</property>
+                            <property name="width">1</property>
+                            <property name="height">1</property>
+                          </packing>
+                        </child>
                       </object>
                     </child>
                   </object>

include/unotools/securityoptions.hxx

@@ -79,7 +79,8 @@ class UNOTOOLS_DLLPUBLIC SAL_WARN_UNUSED SvtSecurityOptions : public utl::detail
             E_MACRO_SECLEVEL,
             E_MACRO_TRUSTEDAUTHORS,
             E_MACRO_DISABLE,
-            E_CTRLCLICK_HYPERLINK
+            E_CTRLCLICK_HYPERLINK,
+            E_BLOCKUNTRUSTEDREFERERLINKS
         };
 
         enum MacroAction
@@ -188,6 +189,12 @@ class UNOTOOLS_DLLPUBLIC SAL_WARN_UNUSED SvtSecurityOptions : public utl::detail
         bool isSecureMacroUri(OUString const & uri, OUString const & referer)
             const;
 
+        /**
+           Check whether the given referer URI is untrusted, and links
+           originating from it should not be accessed.
+         */
+        bool isUntrustedReferer(OUString const & referer) const;
+
         /**
            Check whether the given uri is a trusted location.
         */

officecfg/registry/schema/org/openoffice/Office/Common.xcs

@@ -2537,6 +2537,13 @@
           </info>
           <value>true</value>
         </prop>
+        <prop oor:name="BlockUntrustedRefererLinks" oor:type="xs:boolean" oor:nillable="false">
+          <info>
+            <desc>Specifies whether to block any links originating from
+            documents that are not among the trusted locations.</desc>
+          </info>
+          <value>false</value>
+        </prop>
         <prop oor:name="MacroSecurityLevel" oor:type="xs:int" oor:nillable="false">
           <info>
             <desc>Level of Macro security.</desc>

unotools/source/config/securityoptions.cxx

@@ -58,6 +58,7 @@ using namespace ::com::sun::star::uno   ;
 #define PROPERTYNAME_DOCWARN_REMOVEPERSONALINFO "RemovePersonalInfoOnSaving"
 #define PROPERTYNAME_DOCWARN_RECOMMENDPASSWORD  "RecommendPasswordProtection"
 #define PROPERTYNAME_CTRLCLICK_HYPERLINK        "HyperlinksWithCtrlClick"
+#define PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS "BlockUntrustedRefererLinks"
 #define PROPERTYNAME_MACRO_SECLEVEL             "MacroSecurityLevel"
 #define PROPERTYNAME_MACRO_TRUSTEDAUTHORS       "TrustedAuthors"
 #define PROPERTYNAME_MACRO_DISABLE              "DisableMacrosExecution"
@@ -89,11 +90,12 @@ using namespace ::com::sun::star::uno   ;
 #define PROPERTYHANDLE_DOCWARN_REMOVEPERSONALINFO   9
 #define PROPERTYHANDLE_DOCWARN_RECOMMENDPASSWORD    10
 #define PROPERTYHANDLE_CTRLCLICK_HYPERLINK          11
-#define PROPERTYHANDLE_MACRO_SECLEVEL               12
-#define PROPERTYHANDLE_MACRO_TRUSTEDAUTHORS         13
-#define PROPERTYHANDLE_MACRO_DISABLE                14
+#define PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS   12
+#define PROPERTYHANDLE_MACRO_SECLEVEL               13
+#define PROPERTYHANDLE_MACRO_TRUSTEDAUTHORS         14
+#define PROPERTYHANDLE_MACRO_DISABLE                15
 
-#define PROPERTYCOUNT                               15
+#define PROPERTYCOUNT                               16
 #define PROPERTYHANDLE_INVALID                      -1
 
 #define CFG_READONLY_DEFAULT                        sal_False
@@ -200,6 +202,7 @@ class SvtSecurityOptions_Impl : public ConfigItem
         sal_Bool                                    m_bRemoveInfo;
         sal_Bool                                    m_bRecommendPwd;
         sal_Bool                                    m_bCtrlClickHyperlink;
+        sal_Bool                                    m_bBlockUntrustedRefererLinks;
         sal_Int32                                   m_nSecLevel;
         Sequence< SvtSecurityOptions::Certificate > m_seqTrustedAuthors;
         sal_Bool                                    m_bDisableMacros;
@@ -212,6 +215,7 @@ class SvtSecurityOptions_Impl : public ConfigItem
         sal_Bool                                    m_bRORemoveInfo;
         sal_Bool                                    m_bRORecommendPwd;
         sal_Bool                                    m_bROCtrlClickHyperlink;
+        sal_Bool                                    m_bROBlockUntrustedRefererLinks;
         sal_Bool                                    m_bROSecLevel;
         sal_Bool                                    m_bROTrustedAuthors;
         sal_Bool                                    m_bRODisableMacros;
@@ -370,6 +374,13 @@ void SvtSecurityOptions_Impl::SetProperty( sal_Int32 nProperty, const Any& rValu
         }
         break;
 
+        case PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS:
+        {
+            rValue >>= m_bBlockUntrustedRefererLinks;
+            m_bROBlockUntrustedRefererLinks = bRO;
+        }
+        break;
+
         case PROPERTYHANDLE_MACRO_SECLEVEL:
         {
             rValue >>= m_nSecLevel;
@@ -499,6 +510,8 @@ sal_Int32 SvtSecurityOptions_Impl::GetHandle( const OUString& rName )
         nHandle = PROPERTYHANDLE_DOCWARN_RECOMMENDPASSWORD;
     else if( rName == PROPERTYNAME_CTRLCLICK_HYPERLINK )
         nHandle = PROPERTYHANDLE_CTRLCLICK_HYPERLINK;
+    else if( rName == PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS )
+        nHandle = PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS;
     else if( rName == PROPERTYNAME_MACRO_SECLEVEL )
         nHandle = PROPERTYHANDLE_MACRO_SECLEVEL;
     else if( rName == PROPERTYNAME_MACRO_TRUSTEDAUTHORS )
@@ -555,6 +568,10 @@ bool SvtSecurityOptions_Impl::GetOption( SvtSecurityOptions::EOption eOption, sa
             rpValue = &m_bCtrlClickHyperlink;
             rpRO = &m_bROCtrlClickHyperlink;
             break;
+        case SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS:
+            rpValue = &m_bBlockUntrustedRefererLinks;
+            rpRO = &m_bROBlockUntrustedRefererLinks;
+            break;
         default:
             rpValue = NULL;
             rpRO = NULL;
@@ -669,6 +686,14 @@ void SvtSecurityOptions_Impl::Commit()
             }
             break;
 
+            case PROPERTYHANDLE_BLOCKUNTRUSTEDREFERERLINKS:
+            {
+                bDone = !m_bROBlockUntrustedRefererLinks;
+                if( bDone )
+                    lValues[ nRealCount ] <<= m_bBlockUntrustedRefererLinks;
+            }
+            break;
+
             case PROPERTYHANDLE_MACRO_SECLEVEL:
             {
                 bDone = !m_bROSecLevel;
@@ -805,7 +830,9 @@ sal_Bool SvtSecurityOptions_Impl::IsReadOnly( SvtSecurityOptions::EOption eOptio
         case SvtSecurityOptions::E_CTRLCLICK_HYPERLINK:
             bReadonly = m_bROCtrlClickHyperlink;
             break;
-
+        case SvtSecurityOptions::E_BLOCKUNTRUSTEDREFERERLINKS:
+            bReadonly = m_bROBlockUntrustedRefererLinks;
+            break;
 
         // xmlsec05 deprecated
         case SvtSecurityOptions::E_BASICMODE:
@@ -948,6 +975,7 @@ Sequence< OUString > SvtSecurityOptions_Impl::GetPropertyNames()
         OUString(PROPERTYNAME_DOCWARN_REMOVEPERSONALINFO),
         OUString(PROPERTYNAME_DOCWARN_RECOMMENDPASSWORD),
         OUString(PROPERTYNAME_CTRLCLICK_HYPERLINK),
+        OUString(PROPERTYNAME_BLOCKUNTRUSTEDREFERERLINKS),
         OUString(PROPERTYNAME_MACRO_SECLEVEL),
         OUString(PROPERTYNAME_MACRO_TRUSTEDAUTHORS),
         OUString(PROPERTYNAME_MACRO_DISABLE)
@@ -1033,6 +1061,13 @@ bool SvtSecurityOptions::isSecureMacroUri(
     }
 }
 
+bool SvtSecurityOptions::isUntrustedReferer(OUString const & referer) const {
+    MutexGuard g(GetInitMutex());
+    return m_pDataContainer->IsOptionSet(E_BLOCKUNTRUSTEDREFERERLINKS)
+        && !(referer.isEmpty() || referer.startsWithIgnoreAsciiCase("private:")
+             || isTrustedLocationUri(referer));
+}
+
 bool SvtSecurityOptions::isTrustedLocationUri(OUString const & uri) const {
     MutexGuard g(GetInitMutex());
     for (sal_Int32 i = 0; i != m_pDataContainer->m_seqSecureURLs.getLength();