Some missing "block untrusted referer links" for form controls

...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a document

Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>

5 files changed, 15 insertions, 6 deletions

diff --git a/toolkit/inc/helper/property.hxx b/toolkit/inc/helper/property.hxx
index 013f73496482..9a26e06a9902 100644
--- a/toolkit/inc/helper/property.hxx
+++ b/toolkit/inc/helper/property.hxx
@@ -205,6 +205,7 @@ namespace com::sun::star::uno {
 #define BASEPROPERTY_HIGHLIGHT_COLOR                169
 #define BASEPROPERTY_HIGHLIGHT_TEXT_COLOR           170
 #define BASEPROPERTY_TYPEDITEMLIST                  171 // AnySequence
+#define BASEPROPERTY_REFERER                        172
 
 
 // These properties are not bound, they are always extracted from the BASEPROPERTY_FONTDESCRIPTOR property
diff --git a/toolkit/source/awt/vclxwindows.cxx b/toolkit/source/awt/vclxwindows.cxx
index ee9127a99a7f..76f4a6af1e2b 100644
--- a/toolkit/source/awt/vclxwindows.cxx
+++ b/toolkit/source/awt/vclxwindows.cxx
@@ -206,6 +206,7 @@ namespace toolkit
 
 void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds )
 {
+    PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0);
     VCLXWindow::ImplGetPropertyIds( rIds );
 }
 
diff --git a/toolkit/source/controls/dialogcontrol.cxx b/toolkit/source/controls/dialogcontrol.cxx
index 56a1d0ffa066..ea0c4ccfaf7a 100644
--- a/toolkit/source/controls/dialogcontrol.cxx
+++ b/toolkit/source/controls/dialogcontrol.cxx
@@ -417,7 +417,7 @@ void UnoDialogControl::PrepareWindowDescriptor( css::awt::WindowDescriptor& rDes
         ( !aImageURL.isEmpty() ))
     {
         OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL), uno::Any(aImageURL));
-        xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+        xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
         ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::Any( xGraphic ), true );
     }
 }
@@ -632,7 +632,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const Sequence< PropertyChang
                 ( !aImageURL.isEmpty() ))
             {
                 OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)), uno::Any(aImageURL));
-                xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+                xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
             }
             ImplSetPropertyValue(  GetPropertyName( BASEPROPERTY_GRAPHIC), uno::Any( xGraphic ), true );
             break;
diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx
index 02642652d222..452d1dc41542 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
 #include <toolkit/controls/unocontrols.hxx>
 #include <helper/property.hxx>
 #include <toolkit/helper/macros.hxx>
+#include <unotools/securityoptions.hxx>
 
 // for introspection
 #include <awt/vclxwindows.hxx>
@@ -61,14 +62,14 @@ uno::Reference< graphic::XGraphic >
 ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference< graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL )
 {
     xOutGraphicObj = nullptr;
-    return ImageHelper::getGraphicFromURL_nothrow( _rURL );
+    return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" );
 }
 
 css::uno::Reference< css::graphic::XGraphic >
-ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL )
+ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
 {
     uno::Reference< graphic::XGraphic > xGraphic;
-    if ( _rURL.isEmpty() )
+    if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
         return xGraphic;
 
     try
@@ -605,7 +606,11 @@ void GraphicControlModel::setFastPropertyValue_NoBroadcast( std::unique_lock<std
                 mbAdjustingGraphic = true;
                 OUString sImageURL;
                 OSL_VERIFY( rValue >>= sImageURL );
-                setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC, uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) );
+                css::uno::Any any;
+                getFastPropertyValue(rGuard, any, BASEPROPERTY_REFERER);
+                OUString referer;
+                any >>= referer;
+                setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC, uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) );
                 mbAdjustingGraphic = false;
             }
             break;
diff --git a/toolkit/source/helper/property.cxx b/toolkit/source/helper/property.cxx
index 945c4b016a64..db33e8a28ba6 100644
--- a/toolkit/source/helper/property.cxx
+++ b/toolkit/source/helper/property.cxx
@@ -271,6 +271,8 @@ static const ImpPropertyInfoMap & ImplGetPropertyInfos()
         DECL_PROP_3     ( "InactiveSelectionBackgroundColor", INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
         DECL_PROP_3     ( "ActiveSelectionTextColor",         ACTIVE_SEL_TEXT_COLOR,         sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
         DECL_PROP_3     ( "InactiveSelectionTextColor",       INACTIVE_SEL_TEXT_COLOR,       sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
+
+        DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID),
     };
     return aImplPropertyInfos;
 }