pengjunjie/core
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/core.git synced 2026-04-07 13:55:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1231 from ONLYOFFICE/hotfix/v7.4.1

Browse Source 
Fix bug 63357
This commit is contained in:
Oleg Korshul
2023-07-14 13:22:39 +05:00
committed by GitHub
parent 18cc4c74a6 092df2d20e
commit 988d41bee5
4 changed files with 47 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
DesktopEditor/common/Path.cpp
View File

@ -33,9 +33,9 @@
#include "File.h" #include "File.h"
#if defined(_WIN32) || defined (_WIN64) #if defined(_WIN32) || defined (_WIN64)
#include <tchar.h> #include <tchar.h>
#elif __linux__ || MAC #elif __linux__ || MAC
#include <libgen.h> #include <libgen.h>
#endif #endif
namespace NSSystemPath namespace NSSystemPath
@ -61,7 +61,7 @@ namespace NSSystemPath
sRes = NSFile::CUtf8Converter::GetUnicodeStringFromUTF8((BYTE*)pDirName, strlen(pDirName)); sRes = NSFile::CUtf8Converter::GetUnicodeStringFromUTF8((BYTE*)pDirName, strlen(pDirName));
delete [] pUtf8; delete [] pUtf8;
#endif #endif
return sRes; return sRes;
} }
std::wstring GetFileName(const std::wstring& strFileName) std::wstring GetFileName(const std::wstring& strFileName)
{ {
@ -103,17 +103,19 @@ namespace NSSystemPath
sRes = strLeft + strRight.substr(1); sRes = strLeft + strRight.substr(1);
} }
else if(!bLeftSlash && !bRightSlash) else if(!bLeftSlash && !bRightSlash)
sRes = strLeft + L"/" + strRight; sRes = strLeft + L"/" + strRight;
else else
sRes = strLeft + strRight; sRes = strLeft + strRight;
return sRes; return sRes;
} }
std::string NormalizePath(const std::string& strFileName)
{
const char* pData = strFileName.c_str();
int nLen = (int) strFileName.length();
char* pDataNorm = new char[nLen + 1]; template<class CHAR, class STRING = std::basic_string<CHAR, std::char_traits<CHAR>, std::allocator<CHAR>>>
STRING NormalizePathTemplate(const STRING& strFileName)
{
const CHAR* pData = strFileName.c_str();
int nLen = (int) strFileName.length();
CHAR* pDataNorm = new CHAR[nLen + 1];
int* pSlashPoints = new int[nLen + 1]; int* pSlashPoints = new int[nLen + 1];
int nStart = 0; int nStart = 0;
@ -122,10 +124,10 @@ namespace NSSystemPath
int nCurrentW = 0; int nCurrentW = 0;
bool bIsUp = false; bool bIsUp = false;
#if !defined(_WIN32) && !defined (_WIN64) #if !defined(_WIN32) && !defined (_WIN64)
if (pData[nCurrent] == '/' || pData[nCurrent] == '\\') if (pData[nCurrent] == '/' || pData[nCurrent] == '\\')
pDataNorm[nCurrentW++] = pData[nCurrent]; pDataNorm[nCurrentW++] = pData[nCurrent];
#endif #endif
while (nCurrent < nLen) while (nCurrent < nLen)
{ {
if (pData[nCurrent] == '/' || pData[nCurrent] == '\\') if (pData[nCurrent] == '/' || pData[nCurrent] == '\\')
@ -135,7 +137,7 @@ namespace NSSystemPath
bIsUp = false; bIsUp = false;
if ((nCurrent - nStart) == 2) if ((nCurrent - nStart) == 2)
{ {
if (pData[nStart] == (char)'.' && pData[nStart + 1] == (char)'.') if (pData[nStart] == (CHAR)'.' && pData[nStart + 1] == (CHAR)'.')
{ {
if (nCurrentSlash > 0) if (nCurrentSlash > 0)
{ {
@ -147,7 +149,7 @@ namespace NSSystemPath
} }
if (!bIsUp) if (!bIsUp)
{ {
pDataNorm[nCurrentW++] = (char)'/'; pDataNorm[nCurrentW++] = (CHAR)'/';
++nCurrentSlash; ++nCurrentSlash;
pSlashPoints[nCurrentSlash] = nCurrentW; pSlashPoints[nCurrentSlash] = nCurrentW;
} }
@ -160,13 +162,22 @@ namespace NSSystemPath
++nCurrent; ++nCurrent;
} }
pDataNorm[nCurrentW] = (char)'\0'; pDataNorm[nCurrentW] = (CHAR)'\0';
std::string result = std::string(pDataNorm, nCurrentW); STRING result = STRING(pDataNorm, nCurrentW);
delete[] pDataNorm; delete[] pDataNorm;
delete[] pSlashPoints; delete[] pSlashPoints;
return result; return result;
} }
std::string NormalizePath(const std::string& strFileName)
{
return NormalizePathTemplate<char>(strFileName);
}
std::wstring NormalizePath(const std::wstring& strFileName)
{
return NormalizePathTemplate<wchar_t>(strFileName);
}
} }

9
DesktopEditor/common/Path.h
View File

@ -38,10 +38,11 @@
namespace NSSystemPath namespace NSSystemPath
{ {
KERNEL_DECL std::wstring GetDirectoryName(const std::wstring& strFileName); KERNEL_DECL std::wstring GetDirectoryName(const std::wstring& strFileName);
KERNEL_DECL std::wstring GetFileName(const std::wstring& strFileName); KERNEL_DECL std::wstring GetFileName(const std::wstring& strFileName);
KERNEL_DECL std::wstring Combine(const std::wstring& strLeft, const std::wstring& strRight); KERNEL_DECL std::wstring Combine(const std::wstring& strLeft, const std::wstring& strRight);
KERNEL_DECL std::string NormalizePath(const std::string& strFileName); KERNEL_DECL std::string NormalizePath(const std::string& strFileName);
KERNEL_DECL std::wstring NormalizePath(const std::wstring& strFileName);
} }
#endif //_BUILD_PATH_CROSSPLATFORM_H_ #endif //_BUILD_PATH_CROSSPLATFORM_H_

21
DesktopEditor/xmlsec/src/src/OOXMLVerifier.cpp
View File

@ -330,6 +330,17 @@ public:
{ {
if (m_arFilesInManifest.find(*i) == m_arFilesInManifest.end()) if (m_arFilesInManifest.find(*i) == m_arFilesInManifest.end())
{ {
// пустые файлы нет смысла добавлять
std::wstring sFile = *i;
CManifestFileInfo oInfo;
oInfo.m_pFolder = m_pFolder;
oInfo.SetFilePath(sFile);
std::string sXmlRels = m_pFolder->readXml(sFile);
COOXMLRelationships _rels(sXmlRels, &oInfo);
if (0 == _rels.rels.size())
continue;
m_valid = OOXML_SIGNATURE_INVALID; m_valid = OOXML_SIGNATURE_INVALID;
break; break;
} }
@ -346,8 +357,8 @@ public:
oInfo.m_pFolder = m_pFolder; oInfo.m_pFolder = m_pFolder;
oInfo.SetFilePath(sFile); oInfo.SetFilePath(sFile);
std::string sXml = m_pFolder->readXml(sFile); std::string sXmlRels = m_pFolder->readXml(sFile);
COOXMLRelationships _rels(sXml, &oInfo); COOXMLRelationships _rels(sXmlRels, &oInfo);
for (std::vector<COOXMLRelationship>::const_iterator relsIter = _rels.rels.begin(); relsIter != _rels.rels.end(); relsIter++) for (std::vector<COOXMLRelationship>::const_iterator relsIter = _rels.rels.begin(); relsIter != _rels.rels.end(); relsIter++)
{ {
@ -529,12 +540,6 @@ public:
sCalcValue = m_cert->GetHash(sXml, nAlg); sCalcValue = m_cert->GetHash(sXml, nAlg);
sValue = U_TO_UTF8((node.ReadNodeText(L"DigestValue"))); sValue = U_TO_UTF8((node.ReadNodeText(L"DigestValue")));
MakeBase64_NOCRLF(sValue); MakeBase64_NOCRLF(sValue);
// нельзя иметь ссылки на несуществующие файлы, так как это может быть использовано как взлом
// добавили стили, удалили файл - подписали - и можно подкидывать ЛЮБОЙ styles.xml и подпись будет валидной.
// так же можно подменять картинки и любой другой контент внешний.
if (oInfo.IsExitRemovedFile())
sCalcValue = "";
} }
if (sCalcValue != sValue) if (sCalcValue != sValue)

20
DesktopEditor/xmlsec/src/src/XmlRels.h
View File

@ -37,20 +37,11 @@ public:
m_sAliasDirectory = NSFile::GetDirectoryName(m_sAliasDirectory); // ../ from _rels/ m_sAliasDirectory = NSFile::GetDirectoryName(m_sAliasDirectory); // ../ from _rels/
} }
void CheckAliasExist(const std::wstring& sFile)
{
if (!m_pFolder->exists(GetHeadPath(sFile)))
++m_nCountUnexistedFile;
}
bool IsExitRemovedFile()
{
return (0 != m_nCountUnexistedFile) ? true : false;
}
std::wstring GetHeadPath(const std::wstring& sFile) std::wstring GetHeadPath(const std::wstring& sFile)
{ {
return m_sAliasDirectory + L"/" + sFile; std::wstring sFullPath = m_sAliasDirectory + L"/" + sFile;
sFullPath = L"/" + NSSystemPath::NormalizePath(sFullPath);
return sFullPath;
} }
}; };
@ -166,11 +157,6 @@ public:
if (check_need->find(sRid) != check_need->end()) if (check_need->find(sRid) != check_need->end())
rels.push_back(oCurrentRel); rels.push_back(oCurrentRel);
} }
if (oCurrentRel.target_mode == L"Internal")
{
m_pFileInfo->CheckAliasExist(oCurrentRel.target);
}
} }
} }