First cut at annotating 'exotic' filters.

The idea being that we can improve security by warning for these.

Change-Id: I7d993417bfb6a8fe868bc3e07ccbcfe71bf285ff
Reviewed-on: https://gerrit.libreoffice.org/50387
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Andras Timar <andras.timar@collabora.com>

4 files changed, 121 insertions, 1 deletions

diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index e4c8ab9afe4a..2e2d6513319f 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -214,6 +214,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\
     sfx2/source/doc/doctempl \
     sfx2/source/doc/doctemplates \
     sfx2/source/doc/doctemplateslocal \
+    sfx2/source/doc/exoticfileloadexception \
     sfx2/source/doc/frmdescr \
     sfx2/source/doc/graphhelp \
     sfx2/source/doc/guisaveas \
diff --git a/sfx2/source/doc/exoticfileloadexception.cxx b/sfx2/source/doc/exoticfileloadexception.cxx
new file mode 100644
index 000000000000..46b3c63edd65
--- /dev/null
+++ b/sfx2/source/doc/exoticfileloadexception.cxx
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "exoticfileloadexception.hxx"
+
+#include <comphelper/interaction.hxx>
+#include <com/sun/star/document/ExoticFileLoadException.hpp>
+
+using namespace com::sun::star;
+
+ExoticFileLoadException::ExoticFileLoadException(const OUString& rURL,
+                                                 const OUString& rFilterUIName)
+{
+    document::ExoticFileLoadException aReq;
+    aReq.URL = rURL;
+    aReq.FilterUIName = rFilterUIName;
+
+    m_aRequest <<= aReq;
+
+    m_xAbort.set(uno::Reference<task::XInteractionAbort>(new comphelper::OInteractionAbort),
+                 uno::UNO_QUERY);
+    m_xApprove.set(uno::Reference<task::XInteractionApprove>(new comphelper::OInteractionApprove),
+                   uno::UNO_QUERY);
+    m_lContinuations.realloc(2);
+    m_lContinuations[0] = m_xApprove;
+    m_lContinuations[1] = m_xAbort;
+}
+
+bool ExoticFileLoadException::isApprove() const
+{
+    comphelper::OInteractionApprove* pBase
+        = static_cast<comphelper::OInteractionApprove*>(m_xApprove.get());
+    return pBase->wasSelected();
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/source/doc/exoticfileloadexception.hxx b/sfx2/source/doc/exoticfileloadexception.hxx
new file mode 100644
index 000000000000..3f8d480d8fb6
--- /dev/null
+++ b/sfx2/source/doc/exoticfileloadexception.hxx
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef INCLUDED_SFX2_EXOTICFILELOADEXCEPTION_HXX
+#define INCLUDED_SFX2_EXOTICFILELOADEXCEPTION_HXX
+
+#include <com/sun/star/task/XInteractionHandler.hpp>
+#include <cppuhelper/implbase.hxx>
+
+class ExoticFileLoadException : public cppu::WeakImplHelper<css::task::XInteractionRequest>
+{
+    // C++ interface
+public:
+    ExoticFileLoadException(const OUString& rURL, const OUString& rFilterUIName);
+    bool isApprove() const;
+
+    // UNO interface
+public:
+    virtual css::uno::Sequence<css::uno::Reference<css::task::XInteractionContinuation>>
+        SAL_CALL getContinuations() override
+    {
+        return m_lContinuations;
+    }
+    css::uno::Any SAL_CALL getRequest() override { return m_aRequest; }
+
+    // member
+private:
+    css::uno::Any m_aRequest;
+    css::uno::Sequence<css::uno::Reference<css::task::XInteractionContinuation>> m_lContinuations;
+    css::uno::Reference<css::task::XInteractionContinuation> m_xAbort;
+    css::uno::Reference<css::task::XInteractionContinuation> m_xApprove;
+};
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index feff5dfd91a1..13fb401a5e3a 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -81,6 +81,7 @@
 #include <unotools/saveopt.hxx>
 #include <unotools/useroptions.hxx>
 #include <unotools/pathoptions.hxx>
+#include <unotools/securityoptions.hxx>
 #include <tools/urlobj.hxx>
 #include <tools/diagnose_ex.h>
 #include <unotools/ucbhelper.hxx>
@@ -130,6 +131,7 @@
 #include <appbaslib.hxx>
 #include <appdata.hxx>
 #include "objstor.hxx"
+#include "exoticfileloadexception.hxx"
 
 using namespace ::com::sun::star;
 using namespace ::com::sun::star::container;
@@ -651,6 +653,11 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
         SetError( ERRCODE_IO_FILTERDISABLED );
     }
 
+    if ( pFilter && pFilter->IsExoticFormat() && !QueryAllowExoticFormat_Impl( getInteractionHandler(), aBaseURL, pMed->GetFilter()->GetUIName() ) )
+    {
+        SetError( ERRCODE_IO_ABORT );
+    }
+
     // initialize static language table so language-related extensions are learned before the document loads
     (void)SvtLanguageTable::GetLanguageEntryCount();
 
@@ -3557,7 +3564,35 @@ bool SfxObjectShell::QuerySaveSizeExceededModules_Impl( const uno::Reference< ta
     return true;
 }
 
-// comphelper::IEmbeddedHelper
+bool SfxObjectShell::QueryAllowExoticFormat_Impl( const uno::Reference< task::XInteractionHandler >& xHandler, const OUString& rURL, const OUString& rFilterUIName )
+{
+    if ( SvtSecurityOptions().isTrustedLocationUri( rURL ) )
+    {
+        // Always load from trusted location
+        return true;
+    }
+    if ( officecfg::Office::Common::Security::LoadExoticFileFormats::get() == 0 )
+    {
+        // Refuse loading without question
+        return false;
+    }
+    else if ( officecfg::Office::Common::Security::LoadExoticFileFormats::get() == 2 )
+    {
+        // Always load without question
+        return true;
+    }
+    else if ( officecfg::Office::Common::Security::LoadExoticFileFormats::get() == 1 && xHandler.is() )
+    {
+        // Display a warning and let the user decide
+        rtl::Reference<ExoticFileLoadException> xException(new ExoticFileLoadException( rURL, rFilterUIName ));
+        uno::Reference< task::XInteractionRequest > xReq( xException.get() );
+        xHandler->handle( xReq );
+        return xException.get()->isApprove();
+    }
+    // No interaction handler, default is to continue to load
+    return true;
+}
+
 uno::Reference< task::XInteractionHandler > SfxObjectShell::getInteractionHandler() const
 {
     uno::Reference< task::XInteractionHandler > xRet;