Dosyalar · f0a9ca24fd4bf79cac908bf0d6fdb8905dc504db · LibreOffice / core

rhbz#887420 Implement "block untrusted referer links" feature · f0a9ca24

Stephan Bergmann Kas 14, 2013 yazdı

For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks
configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and
SvxBrushItem::GetGraphicObject.  Checking in additional places will probably be
necessary to block /all/ unwanted communication.  Also, some places marked
/*TODO?*/ currently pass in an empty referer (which is always considered
trusted) and will probably need to be adapted.

Ideally, Referer URIs would never be empty (and consistently use something like
<private:user> for cases where access is explicitly initiated by the user and
should never be blocked), but that's a very daunting task, so start small by
identifying the places that potentially need blocking and adding appropriate
Referer URIs there.  Also, Referer information should always be computed as
freshly as possible from the context in which an access attempt is made, but,
again, always carrying the information from the context all the way to the
relevant functions is a very daunting task, so for now store the information
upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...).

The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already
used to track macro execution, and there is one place in
SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked
by the user) is done that needs the current document's URI as Referer to check
execution of macro URIs but needs an empty (or <private:user>, see above)
Referer to not block non-macro URIs.  Special code has been added there to
handle that.

Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9

f0a9ca24

Adı	Son kayıt (commit)	Son güncelleme
.git-hooks		Loading commit data...
UnoControls		Loading commit data...
accessibility		Loading commit data...
android		Loading commit data...
animations		Loading commit data...
apple_remote		Loading commit data...
avmedia		Loading commit data...
basctl		Loading commit data...
basebmp		Loading commit data...
basegfx		Loading commit data...
basic		Loading commit data...
bean		Loading commit data...
bin		Loading commit data...
binaryurp		Loading commit data...
bridges		Loading commit data...
canvas		Loading commit data...
chart2		Loading commit data...
cli_ure		Loading commit data...
codemaker		Loading commit data...
comphelper		Loading commit data...
compilerplugins		Loading commit data...
config_host		Loading commit data...
configmgr		Loading commit data...
connectivity		Loading commit data...
cppcanvas		Loading commit data...
cppu		Loading commit data...
cppuhelper		Loading commit data...
cpputools		Loading commit data...
crashrep		Loading commit data...
cui		Loading commit data...
dbaccess		Loading commit data...
desktop		Loading commit data...
dictionaries @ c6f4f79b
distro-configs		Loading commit data...
drawinglayer		Loading commit data...
dtrans		Loading commit data...
editeng		Loading commit data...
embeddedobj		Loading commit data...
embedserv		Loading commit data...
eventattacher		Loading commit data...
extensions		Loading commit data...
external		Loading commit data...
extras		Loading commit data...
filter		Loading commit data...
firefoxos/sdremote		Loading commit data...
forms		Loading commit data...
formula		Loading commit data...
fpicker		Loading commit data...
framework		Loading commit data...
helpcompiler		Loading commit data...
helpcontent2 @ 26d5b066
hwpfilter		Loading commit data...
i18nlangtag		Loading commit data...
i18npool		Loading commit data...
i18nutil		Loading commit data...
icon-themes		Loading commit data...
idl		Loading commit data...
idlc		Loading commit data...
include		Loading commit data...
instsetoo_native		Loading commit data...
io		Loading commit data...
ios		Loading commit data...
javaunohelper		Loading commit data...
jurt		Loading commit data...
jvmaccess		Loading commit data...
jvmfwk		Loading commit data...
l10ntools		Loading commit data...
librelogo		Loading commit data...
lingucomponent		Loading commit data...
linguistic		Loading commit data...
lotuswordpro		Loading commit data...
m4		Loading commit data...
mysqlc		Loading commit data...
nlpsolver		Loading commit data...
o3tl		Loading commit data...
odk		Loading commit data...
offapi		Loading commit data...
officecfg		Loading commit data...
oovbaapi		Loading commit data...
oox		Loading commit data...
package		Loading commit data...
padmin		Loading commit data...
postprocess		Loading commit data...
psprint_config		Loading commit data...
pyuno		Loading commit data...
qadevOOo		Loading commit data...
readlicense_oo		Loading commit data...
registry		Loading commit data...
remotebridges		Loading commit data...
reportbuilder		Loading commit data...
reportdesign		Loading commit data...
ridljar		Loading commit data...
rsc		Loading commit data...
sal		Loading commit data...
salhelper		Loading commit data...
sax		Loading commit data...
sc		Loading commit data...
scaddins		Loading commit data...
sccomp		Loading commit data...
scp2		Loading commit data...
scripting		Loading commit data...
sd		Loading commit data...
sdext		Loading commit data...
setup_native		Loading commit data...
sfx2		Loading commit data...
shell		Loading commit data...
slideshow		Loading commit data...
smoketest		Loading commit data...
solenv		Loading commit data...
soltools		Loading commit data...
sot		Loading commit data...
starmath		Loading commit data...
stoc		Loading commit data...
store		Loading commit data...
svgio		Loading commit data...
svl		Loading commit data...
svtools		Loading commit data...
svx		Loading commit data...
sw		Loading commit data...
swext		Loading commit data...
sysui		Loading commit data...
test		Loading commit data...
testtools		Loading commit data...
toolkit		Loading commit data...
tools		Loading commit data...
touch		Loading commit data...
translations @ 70db96bb
tubes		Loading commit data...
ucb		Loading commit data...
ucbhelper		Loading commit data...
udkapi		Loading commit data...
unodevtools		Loading commit data...
unoidl		Loading commit data...
unoil		Loading commit data...
unotest		Loading commit data...
unotools		Loading commit data...
unoxml		Loading commit data...
ure		Loading commit data...
uui		Loading commit data...
vbahelper		Loading commit data...
vcl		Loading commit data...
wizards		Loading commit data...
writerfilter		Loading commit data...
writerperfect		Loading commit data...
xmerge		Loading commit data...
xmlhelp		Loading commit data...
xmloff		Loading commit data...
xmlreader		Loading commit data...
xmlscript		Loading commit data...
xmlsecurity		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.gitmodules		Loading commit data...
.gitreview		Loading commit data...
COPYING		Loading commit data...
COPYING.LGPL		Loading commit data...
COPYING.MPL		Loading commit data...
Library_merged.mk		Loading commit data...
Library_urelibs.mk		Loading commit data...
Makefile.fetch		Loading commit data...
Makefile.gbuild		Loading commit data...
Makefile.in		Loading commit data...
README.Android		Loading commit data...
README.Code		Loading commit data...
README.Solaris		Loading commit data...
README.cross		Loading commit data...
Repository.mk		Loading commit data...
RepositoryExternal.mk		Loading commit data...
RepositoryFixes.mk		Loading commit data...
RepositoryModule_build.mk		Loading commit data...
RepositoryModule_host.mk		Loading commit data...
TEMPLATE.SOURCECODE.HEADER		Loading commit data...
autogen.sh		Loading commit data...
config.guess		Loading commit data...
config.sub		Loading commit data...
config_host.mk.in		Loading commit data...
configure.ac		Loading commit data...
download.lst		Loading commit data...
g		Loading commit data...
install-sh		Loading commit data...
lo.xcent.in		Loading commit data...
logerrit		Loading commit data...
unusedcode.README		Loading commit data...
unusedcode.easy		Loading commit data...
unusedcode.exclude		Loading commit data...