File CVE-2023-6186-5.patch of Package libreoffice.31887

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-6186-5.patch of Package libreoffice.31887

From 76cb7253a19ef73ce465bb388be002f4f7d7ddd7 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 22 Nov 2023 21:14:41 +0000
Subject: [PATCH] reuse AllowedLinkProtocolFromDocument in impress/draw

Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
---

diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index 881d5aa..eeaa121 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -33,6 +33,7 @@
 #include <sfx2/docfile.hxx>
 #include <sfx2/request.hxx>
 #include <sfx2/templatedlg.hxx>
+#include <svl/stritem.hxx>
 #include <editeng/eeitem.hxx>
 
 #include <svx/svxids.hrc>
@@ -192,26 +193,32 @@
         {
             bool bIntercept = false;
             ::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
-            if (pDocShell)
+            ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
+            if (pViewShell)
             {
-                ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
-                if (pViewShell)
+                if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
                 {
-                    if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
+                    // Prevent documents from opening while the slide
+                    // show is running, except when this request comes
+                    // from a shape interaction.
+                    if (rReq.GetArgs() == nullptr)
                     {
-                        // Prevent documents from opening while the slide
-                        // show is running, except when this request comes
-                        // from a shape interaction.
-                        if (rReq.GetArgs() == nullptr)
-                        {
-                            bIntercept = true;
-                        }
+                        bIntercept = true;
                     }
                 }
             }
 
             if (!bIntercept)
             {
+                if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
+                {
+                    if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
+                                                                                        pViewShell->GetObjectShell(),
+                                                                                        pViewShell->GetFrameWeld()))
+                    {
+                        return;
+                    }
+                }
                 SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
             }
             else

Places

File CVE-2023-6186-5.patch of Package libreoffice.31887

Places