loleaflet/html/framed.doc.html | 5 +++-- loleaflet/src/map/handler/Map.WOPI.js | 5 ++++- wsd/ClientSession.cpp | 5 +++++ wsd/FileServer.cpp | 5 +++-- 4 files changed, 15 insertions(+), 5 deletions(-)
New commits: commit 7c4ba459ff70bf4050ad4a936796845f04f6b127 Author: Ashod Nakashian <[email protected]> AuthorDate: Sat Nov 16 11:59:39 2019 -0500 Commit: Ashod Nakashian <[email protected]> CommitDate: Fri Nov 22 01:51:11 2019 +0100 Encode the ExtendedData to make it safer while embedding in messages Change-Id: I1d4bdb2775d89e9a52a96d833228ca8577ee3561 Reviewed-on: https://gerrit.libreoffice.org/83044 Reviewed-by: Ashod Nakashian <[email protected]> Tested-by: Ashod Nakashian <[email protected]> diff --git a/loleaflet/html/framed.doc.html b/loleaflet/html/framed.doc.html index 80f842c40..df0207c84 100644 --- a/loleaflet/html/framed.doc.html +++ b/loleaflet/html/framed.doc.html @@ -48,7 +48,7 @@ function save() { post({'MessageId': 'Action_Save', - 'Values': { 'Notify': true, 'ExtendedData': 'CustomFlag=CustomValue;AnotherFlag=AnotherValue' } + 'Values': { 'Notify': true, 'ExtendedData': 'CustomFlag=Custom Value;AnotherFlag=AnotherValue' } }); } @@ -126,9 +126,10 @@ <body style="user-select: none;"> + <p>Note: Set net/frame_ancestors in loolwsd.xml to contain 'file:' (without the quotes, but with the colon), otherwise you will get CSP violation. And force reload, or clear caches, otherwise you might get served from the browser cache..</p> <form id="insert-text-form"> Click <button onclick="insertText(document.forms['insert-text-form'].elements['source'].value); return false;">here</button> to insert the following text into the document: - <textarea name="source" value="" rows="10" cols="80"></textarea> + <textarea name="source" value="" rows="5" cols="50"></textarea> </form> <form id="insert-text-form"> diff --git a/loleaflet/src/map/handler/Map.WOPI.js b/loleaflet/src/map/handler/Map.WOPI.js index 9c3201554..dcd401407 100644 --- a/loleaflet/src/map/handler/Map.WOPI.js +++ b/loleaflet/src/map/handler/Map.WOPI.js @@ -142,7 +142,9 @@ L.Map.WOPI = L.Handler.extend({ }, _postMessageListener: function(e) { - if (e.origin !== window.parent.origin) { + + // e.origin === 'null' when sandboxed (i.e. when the parent is a file on local filesystem). + if (e.origin !== 'null' && e.origin !== window.parent.origin) { return; } @@ -321,6 +323,7 @@ L.Map.WOPI = L.Handler.extend({ var dontTerminateEdit = msg.Values && msg.Values['DontTerminateEdit']; var dontSaveIfUnmodified = msg.Values && msg.Values['DontSaveIfUnmodified']; var extendedData = msg.Values && msg.Values['ExtendedData']; + extendedData = encodeURIComponent(extendedData); this._notifySave = msg.Values && msg.Values['Notify']; this._map.save(dontTerminateEdit, dontSaveIfUnmodified, extendedData); diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp index e0ba29bb2..c55985a9f 100644 --- a/wsd/ClientSession.cpp +++ b/wsd/ClientSession.cpp @@ -524,7 +524,12 @@ bool ClientSession::_handleInput(const char *buffer, int length) std::string extendedData; if (tokens.size() > 3) + { getTokenString(tokens[3], "extendedData", extendedData); + std::string decoded; + Poco::URI::decode(extendedData, decoded); + extendedData = decoded; + } constexpr bool isAutosave = false; constexpr bool isExitSave = false; diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 5f49450c1..3cf3fbc51 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -276,7 +276,7 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request, Poco::M std::string path(requestUri.getPath()); if (path.find("loleaflet/" LOOLWSD_VERSION_HASH "/") == std::string::npos) { - LOG_WRN("client - server version mismatch, disabling browser cache."); + LOG_WRN("client - server version mismatch, disabling browser cache. Expected: " LOOLWSD_VERSION_HASH); noCache = true; } @@ -845,7 +845,8 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco:: oss.str(preprocess); } - socket->send(oss.str()); + preprocess = oss.str(); + socket->send(preprocess); LOG_DBG("Sent file: " << relPath << ": " << preprocess); } _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
