#i125226# disallow absolute and relative paths for DDE servers

sfx2/source/appl/impldde.cxx

@@ -260,19 +260,20 @@ sal_Bool SvDDEObject::Connect( SvBaseLink * pSvLink )
         // check the suitability of starting the DDE server
         const SvtSecurityOptions aSecOpts;
         bool bForbidden = (aSecOpts.GetMacroSecurityLevel() == eNEVER_EXECUTE);
-        bForbidden |= (bInWinExec != sal_False);
+        bForbidden |= (sServer.SearchChar( L":./%\\") != STRING_NOTFOUND);
         static const char* aBadServers[] = { "cmd", "rundll32" };
         for( int i = 0; i < sizeof(aBadServers)/sizeof(*aBadServers); ++i)
-            bForbidden |= (sServer.CompareIgnoreCaseToAscii( aBadServers[i]) == COMPARE_EQUAL );
+            bForbidden |= (sServer.CompareIgnoreCaseToAscii( aBadServers[i]) == COMPARE_EQUAL);
 
         // try to start the DDE server if it is not there already
+        bForbidden |= (bInWinExec != sal_False);
         if( !bForbidden )
         {
             ByteString aCmdLine( sServer, RTL_TEXTENCODING_ASCII_US );
             aCmdLine.Append( ".exe " );
             aCmdLine.Append( ByteString( sTopic, RTL_TEXTENCODING_ASCII_US ) );
 
-            if( WinExec( aCmdLine.GetBuffer(), SW_SHOWMINIMIZED ) < 32 )
+            if( WinExec( aCmdLine.GetBuffer(), SW_SHOWMINIMIZED ) < 32 ) // TODO: use CreateProcess() instead
                 nError = DDELINK_ERROR_APP;
             else
             {