2011-09-10 09:36:23 +01:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
|
|
|
/*
|
2013-04-24 17:14:03 +01:00
|
|
|
* This file is part of the LibreOffice project.
|
2011-09-10 09:36:23 +01:00
|
|
|
*
|
2013-04-24 17:14:03 +01:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2011-09-10 09:36:23 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Simple interface to allow serialization of document settings
|
|
|
|
|
|
2013-10-23 19:09:35 +02:00
|
|
|
#ifndef INCLUDED_XMLOFF_SETTINGSSTORE_HXX
|
|
|
|
|
#define INCLUDED_XMLOFF_SETTINGSSTORE_HXX
|
2011-09-10 09:36:23 +01:00
|
|
|
|
|
|
|
|
#include <vector>
|
|
|
|
|
#include <com/sun/star/beans/PropertyValue.hpp>
|
|
|
|
|
#include <com/sun/star/embed/XStorage.hpp>
|
|
|
|
|
|
|
|
|
|
// Scans list of properties for certain URL properties that could refer
|
|
|
|
|
// to internal objects, and initializes from these.
|
|
|
|
|
class DocumentSettingsSerializer {
|
|
|
|
|
public:
|
|
|
|
|
// Import objects and update properties (eliding URLs)
|
|
|
|
|
virtual com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
|
|
|
|
|
filterStreamsFromStorage(
|
rhbz#887420 Implement "block untrusted referer links" feature
For now, this checks for a trusted referer (if the BlockUntrustedRefererLinks
configuration prop is set) in utl::MediaDescriptor::impl_openStreamWithURL and
SvxBrushItem::GetGraphicObject. Checking in additional places will probably be
necessary to block /all/ unwanted communication. Also, some places marked
/*TODO?*/ currently pass in an empty referer (which is always considered
trusted) and will probably need to be adapted.
Ideally, Referer URIs would never be empty (and consistently use something like
<private:user> for cases where access is explicitly initiated by the user and
should never be blocked), but that's a very daunting task, so start small by
identifying the places that potentially need blocking and adding appropriate
Referer URIs there. Also, Referer information should always be computed as
freshly as possible from the context in which an access attempt is made, but,
again, always carrying the information from the context all the way to the
relevant functions is a very daunting task, so for now store the information
upon object instantiation in some cases (SvxBrushItem, SdrGrafObj, ...).
The Referer URI (css.document.MediaDescriptor property; SID_REFERER) was already
used to track macro execution, and there is one place in
SfxApplication::OpenDocExec_Impl where opening of hyperlinks (explicitly clicked
by the user) is done that needs the current document's URI as Referer to check
execution of macro URIs but needs an empty (or <private:user>, see above)
Referer to not block non-macro URIs. Special code has been added there to
handle that.
Change-Id: Iafbdc07a9fe925d9ee580d4f5778448f18f2ebd9
2013-11-14 10:39:27 +01:00
|
|
|
OUString const & referer,
|
2011-09-10 09:36:23 +01:00
|
|
|
const com::sun::star::uno::Reference< com::sun::star::embed::XStorage > &xStorage,
|
|
|
|
|
const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>& aConfigProps ) = 0;
|
|
|
|
|
// Export objects and update properties with relative URLs into this storage
|
|
|
|
|
virtual com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
|
|
|
|
|
filterStreamsToStorage(
|
|
|
|
|
const com::sun::star::uno::Reference< com::sun::star::embed::XStorage > &xStorage,
|
|
|
|
|
const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>& aConfigProps ) = 0;
|
2012-03-14 13:27:56 +01:00
|
|
|
|
|
|
|
|
protected:
|
|
|
|
|
~DocumentSettingsSerializer() {}
|
2011-09-10 09:36:23 +01:00
|
|
|
};
|
|
|
|
|
|
2013-10-23 19:09:35 +02:00
|
|
|
#endif // INCLUDED_XMLOFF_SETTINGSSTORE_HXX
|
2011-09-10 09:36:23 +01:00
|
|
|
|
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|