pengjunjie/core
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/core.git synced 2026-02-10 18:05:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added a restriction on the scope of files in OFD format.

Browse Source
This commit is contained in:
Green
2025-04-22 13:29:16 +03:00
parent ab62a3ebcf
commit c66cb32dde
15 changed files with 80 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
OFDFile/src/Base.cpp
View File

@ -57,10 +57,13 @@ bool CDocInfo::Read(CXmlReader& oLiteReader)
return true;
}
void CDocBody::ReadSignatures(const std::wstring& wsFilePath, const std::wstring& wsRootPath)
void CDocBody::ReadSignatures(const std::wstring& wsFilePath, IFolder* pFolder)
{
if (wsFilePath.empty() || !CanUseThisPath(wsFilePath, pFolder->getFullFilePath(L"")))
return;
CXmlReader oLiteReader;
if (!oLiteReader.FromFile(CombinePaths(wsRootPath, wsFilePath)) || !oLiteReader.ReadNextNode() || L"ofd:Signatures" != oLiteReader.GetName())
if (!oLiteReader.FromFile(CombinePaths(pFolder->getFullFilePath(L""), wsFilePath)) || !oLiteReader.ReadNextNode() || L"ofd:Signatures" != oLiteReader.GetName())
return;
const int nDepth = oLiteReader.GetDepth();
@ -81,7 +84,7 @@ void CDocBody::ReadSignatures(const std::wstring& wsFilePath, const std::wstring
do
{
if ("BaseLoc" == oLiteReader.GetNameA())
AddToContainer(CSignature::Read(oLiteReader.GetText(), wsRootPath), m_arSignatures);
AddToContainer(CSignature::Read(oLiteReader.GetText(), pFolder), m_arSignatures);
} while (oLiteReader.MoveToNextAttribute());
oLiteReader.MoveToElement();
@ -123,14 +126,9 @@ CDocBody* CDocBody::Read(CXmlReader& oLiteReader, IFolder* pFolder)
}
}
else if ("ofd:DocRoot" == sNodeName)
{
const std::wstring wsPath = NSSystemPath::ShortenPath(oLiteReader.GetText2());
if (!wsPath.empty() && L'.' != wsPath.front())
pDocBody->m_oDocument.Read(pFolder->getFullFilePath(wsPath));
}
pDocBody->m_oDocument.Read(oLiteReader.GetText2(), pFolder);
else if ("ofd:Signatures" == sNodeName)
pDocBody->ReadSignatures(oLiteReader.GetText2(), pFolder->getFullFilePath(L""));
pDocBody->ReadSignatures(oLiteReader.GetText2(), pFolder);
}
return pDocBody;

3
OFDFile/src/Base.h
View File

@ -45,11 +45,10 @@ class CDocBody
{
CDocInfo m_oDocInfo;
CDocument m_oDocument;
// std::wstring m_wsPathToDocRoot;
// std::wstring m_wsVersions;
std::vector<CSignature*> m_arSignatures;
void ReadSignatures(const std::wstring& wsFilePath, const std::wstring& wsRootPath);
void ReadSignatures(const std::wstring& wsFilePath, IFolder* pFolder);
public:
CDocBody();
~CDocBody();

12
OFDFile/src/Document.cpp
View File

@ -44,15 +44,16 @@ bool CDocument::Empty() const
return m_mPages.empty();
}
bool CDocument::Read(const std::wstring& wsFilePath)
bool CDocument::Read(const std::wstring& wsFilePath, IFolder* pFolder)
{
if (wsFilePath.empty())
if (wsFilePath.empty() || !CanUseThisPath(wsFilePath, pFolder->getFullFilePath(L"")))
return false;
CXmlReader oLiteReader;
if (!oLiteReader.FromFile(wsFilePath) || !oLiteReader.ReadNextNode() || L"ofd:Document" != oLiteReader.GetName())
if (!oLiteReader.FromFile(pFolder->getFullFilePath(wsFilePath)) || !oLiteReader.ReadNextNode() || L"ofd:Document" != oLiteReader.GetName())
return false;
const std::wstring wsCoreDirectory{pFolder->getFullFilePath(NSSystemPath::GetDirectoryName(wsFilePath))};
const int nDepth = oLiteReader.GetDepth();
std::wstring wsNodeName;
@ -61,7 +62,7 @@ bool CDocument::Read(const std::wstring& wsFilePath)
wsNodeName = oLiteReader.GetName();
if (L"ofd:CommonData" == wsNodeName)
m_oCommonData.Read(oLiteReader, NSSystemPath::GetDirectoryName(wsFilePath));
m_oCommonData.Read(oLiteReader, wsCoreDirectory);
else if (L"ofd:Pages" == wsNodeName)
{
const int nPagesDepth = oLiteReader.GetDepth();
@ -69,6 +70,7 @@ bool CDocument::Read(const std::wstring& wsFilePath)
int nID = -1;
std::wstring wsBaseLoc;
while (oLiteReader.ReadNextSiblingNode(nPagesDepth))
{
if (L"ofd:Page" != oLiteReader.GetName() || 2 > oLiteReader.GetAttributesCount() || !oLiteReader.MoveToFirstAttribute())
@ -88,7 +90,7 @@ bool CDocument::Read(const std::wstring& wsFilePath)
if (-1 == nID)
nID = m_mPages.size() + 1;
CPage* pPage = CPage::Read(CombinePaths(NSSystemPath::GetDirectoryName(wsFilePath), wsBaseLoc));
CPage* pPage = CPage::Read(wsBaseLoc, wsCoreDirectory);
if (nullptr != pPage)
m_mPages.insert(std::make_pair(m_mPages.size(), pPage));

4
OFDFile/src/Document.h
View File

@ -4,7 +4,7 @@
#include "Page.h"
#include "../../DesktopEditor/graphics/IRenderer.h"
#include "../../DesktopEditor/graphics/pro/Fonts.h"
#include "../../OfficeUtils/src/ZipFolder.h"
namespace OFD
{
@ -34,7 +34,7 @@ public:
bool Empty() const;
bool Read(const std::wstring& wsFilePath);
bool Read(const std::wstring& wsFilePath, IFolder* pFolder);
bool DrawPage(IRenderer* pRenderer, int nPageIndex) const;

6
OFDFile/src/Page.cpp
View File

@ -13,12 +13,12 @@ CPage::CPage()
CPage::~CPage()
{}
CPage* CPage::Read(const std::wstring& wsFilePath)
CPage* CPage::Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath)
{
if (wsFilePath.empty())
if (wsFilePath.empty() || !CanUseThisPath(wsFilePath, wsRootPath))
return nullptr;
std::wstring wsNormalizedPath = wsFilePath;
std::wstring wsNormalizedPath = CombinePaths(wsRootPath, wsFilePath);
if (L"xml" != NSFile::GetFileExtention(wsNormalizedPath))
wsNormalizedPath = CombinePaths(wsNormalizedPath, L"Content.xml");

2
OFDFile/src/Page.h
View File

@ -17,7 +17,7 @@ public:
CPage();
~CPage();
static CPage* Read(const std::wstring& wsFilePath);
static CPage* Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath);
void Draw(IRenderer* pRenderer, const CCommonData& oCommonData) const;
void GetPageSize(double& dWidth, double& dHeight) const;

14
OFDFile/src/Res.cpp
View File

@ -36,16 +36,18 @@ inline void AddElementToMap(T* pElement, unsigned int unIndex, std::map<unsigned
mElements.insert(std::make_pair(unIndex, pElement));
}
bool CRes::Read(const std::wstring& wsFilePath)
bool CRes::Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath)
{
if (wsFilePath.empty())
if (wsFilePath.empty() || !CanUseThisPath(wsFilePath, wsRootPath))
return false;
const std::wstring wsFullPath{CombinePaths(wsRootPath, wsFilePath)};
CXmlReader oLiteReader;
if (!oLiteReader.FromFile(wsFilePath) || !oLiteReader.ReadNextNode() || L"ofd:Res" != oLiteReader.GetName() || oLiteReader.IsEmptyNode())
if (!oLiteReader.FromFile(wsFullPath) || !oLiteReader.ReadNextNode() || L"ofd:Res" != oLiteReader.GetName() || oLiteReader.IsEmptyNode())
return false;
std::wstring wsRootPath;
std::wstring wsResRootPath;
if (0 != oLiteReader.GetAttributesCount() && oLiteReader.MoveToFirstAttribute())
{
@ -56,7 +58,7 @@ bool CRes::Read(const std::wstring& wsFilePath)
if ("BaseLoc" == sNodeName)
{
wsRootPath = CombinePaths(NSDirectory::GetFolderPath(wsFilePath), oLiteReader.GetText());
wsResRootPath = CombinePaths(NSDirectory::GetFolderPath(wsFullPath), oLiteReader.GetText());
break;
}
} while (oLiteReader.MoveToNextAttribute());
@ -86,7 +88,7 @@ bool CRes::Read(const std::wstring& wsFilePath)
PARSE_CONTAINER(container_name, element_name, element_type, melements, new element_type(oLiteReader))
#define PARSE_CONTAINER_WITH_PATH(container_name, element_name, element_type, melements)\
PARSE_CONTAINER(container_name, element_name, element_type, melements, new element_type(oLiteReader, wsRootPath))
PARSE_CONTAINER(container_name, element_name, element_type, melements, new element_type(oLiteReader, wsResRootPath))
const int nDepth = oLiteReader.GetDepth();

4
OFDFile/src/Res.h
View File

@ -9,7 +9,7 @@
#include "Types/MultiMedia.h"
#include "Types/CompositeGraphicUnit.h"
#include "../../DesktopEditor/graphics/pro/Fonts.h"
#include "../../OfficeUtils/src/ZipFolder.h"
namespace OFD
{
@ -24,7 +24,7 @@ public:
CRes();
~CRes();
bool Read(const std::wstring& wsFilePath);
bool Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath);
const CColorSpace* GetColorSpace(unsigned int unId) const;
const CDrawParam* GetDrawParam(unsigned int unId) const;

6
OFDFile/src/Types/CommonData.cpp
View File

@ -1,8 +1,6 @@
#include "CommonData.h"
#include "../Utils/Utils.h"
#include "../../../DesktopEditor/common/Path.h"
namespace OFD
{
CCommonData::CCommonData()
@ -37,14 +35,14 @@ bool CCommonData::Read(CXmlReader& oLiteReader, const std::wstring& wsRootPath)
if (nullptr == m_pPublicRes)
m_pPublicRes = new CRes();
m_pPublicRes->Read(CombinePaths(wsRootPath, oLiteReader.GetText2()));
m_pPublicRes->Read(oLiteReader.GetText2(), wsRootPath);
}
else if ("ofd:DocumentRes" == sNodeName)
{
if(nullptr == m_pDocumentRes)
m_pDocumentRes = new CRes();
m_pDocumentRes->Read(CombinePaths(wsRootPath, oLiteReader.GetText2()));
m_pDocumentRes->Read(oLiteReader.GetText2(), wsRootPath);
}
else if ("ofd:MaxUnitID" == sNodeName)
m_unMaxUnitID = oLiteReader.GetUInteger();

6
OFDFile/src/Types/Font.cpp
View File

@ -45,7 +45,11 @@ CFont::CFont(CXmlReader& oXmlReader, const std::wstring& wsRootPath)
{
if ("ofd:FontFile" == oXmlReader.GetNameA())
{
m_wsFilePath = CombinePaths(wsRootPath, oXmlReader.GetText2());
const std::wstring wsPath{oXmlReader.GetText2()};
if (CanUseThisPath(wsPath, wsRootPath))
m_wsFilePath = CombinePaths(wsRootPath, wsPath);
break;
}
}

6
OFDFile/src/Types/MultiMedia.cpp
View File

@ -39,7 +39,11 @@ CMultiMedia::CMultiMedia(CXmlReader& oXmlReader, const std::wstring& wsRootPath)
{
if ("ofd:MediaFile" == oXmlReader.GetNameA())
{
m_wsFilePath = CombinePaths(wsRootPath, oXmlReader.GetText2());
const std::wstring wsPath{oXmlReader.GetText2()};
if (CanUseThisPath(wsPath, wsRootPath))
m_wsFilePath = CombinePaths(wsRootPath, wsPath);
break;
}
}

10
OFDFile/src/Types/Signature.cpp
View File

@ -9,18 +9,18 @@ namespace OFD
CSignature::CSignature()
{}
CSignature* CSignature::Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath)
CSignature* CSignature::Read(const std::wstring& wsFilePath, IFolder* pFolder)
{
if (wsFilePath.empty())
if (wsFilePath.empty() || !CanUseThisPath(wsFilePath, pFolder->getFullFilePath(L"")))
return nullptr;
CXmlReader oLiteReader;
if (!oLiteReader.FromFile(CombinePaths(wsRootPath, wsFilePath)) || !oLiteReader.ReadNextNode() || L"ofd:Signature" != oLiteReader.GetName() || oLiteReader.IsEmptyNode())
if (!oLiteReader.FromFile(CombinePaths(pFolder->getFullFilePath(L""), wsFilePath)) || !oLiteReader.ReadNextNode() || L"ofd:Signature" != oLiteReader.GetName() || oLiteReader.IsEmptyNode())
return nullptr;
CSignature *pSignature = new CSignature();
pSignature->m_wsRootPath = wsRootPath;
pSignature->m_wsRootPath = pFolder->getFullFilePath(L"");
const int nDepth = oLiteReader.GetDepth();
@ -29,7 +29,7 @@ CSignature* CSignature::Read(const std::wstring& wsFilePath, const std::wstring&
if ("ofd:SignedInfo" == oLiteReader.GetNameA())
pSignature->m_oSignedInfo.Read(oLiteReader);
else if ("ofd:SignedValue" == oLiteReader.GetNameA())
pSignature->m_wsSignedValue = CombinePaths(wsRootPath, oLiteReader.GetText2());
pSignature->m_wsSignedValue = CombinePaths(pSignature->m_wsRootPath, oLiteReader.GetText2());
}
return pSignature;

5
OFDFile/src/Types/Signature.h
View File

@ -3,6 +3,9 @@
#include "../../../DesktopEditor/graphics/pro/Fonts.h"
#include "../../../DesktopEditor/graphics/IRenderer.h"
#include "../../../OfficeUtils/src/ZipFolder.h"
#include "../Utils/XmlReader.h"
#include "../Utils/Types.h"
@ -66,7 +69,7 @@ class CSignature
public:
CSignature();
static CSignature* Read(const std::wstring& wsFilePath, const std::wstring& wsRootPath);
static CSignature* Read(const std::wstring& wsFilePath, IFolder* pFolder);
bool Draw(IRenderer* pRenderer, unsigned int unPageIndex, NSFonts::IApplicationFonts* pFonts) const;
};

3
OFDFile/src/Types/TemplatePage.cpp
View File

@ -1,7 +1,6 @@
#include "TemplatePage.h"
#include "../Page.h"
#include "../Utils/Utils.h"
namespace OFD
{
@ -17,7 +16,7 @@ CTemplatePage::CTemplatePage(CXmlReader& oXmlReader, const std::wstring& wsRootP
sAttributeName = oXmlReader.GetNameA();
if ("BaseLoc" == sAttributeName)
m_pPage = CPage::Read(CombinePaths(wsRootPath, oXmlReader.GetText()));
m_pPage = CPage::Read(oXmlReader.GetText(), wsRootPath);
else if ("ZOrder" == sAttributeName)
m_eZOrder = GetZOrderFromString(oXmlReader.GetTextA());
} while (oXmlReader.MoveToNextAttribute());

26
OFDFile/src/Utils/Utils.h
View File

@ -9,6 +9,9 @@
#include <cfloat>
#include "../../../DesktopEditor/common/Path.h"
#include "../../../DesktopEditor/common/ProcessEnv.h"
#include <boost/algorithm/string/predicate.hpp>
namespace OFD
{
@ -140,6 +143,29 @@ inline std::wstring CombinePaths(const std::wstring& wsFirstPath, const std::wst
return NSSystemPath::Combine(wsFirstPath, wsNewSecondPath);
}
inline bool GetStatusUsingExternalLocalFiles()
{
return false;
if (NSProcessEnv::IsPresent(NSProcessEnv::Converter::gc_allowPrivateIP))
return NSProcessEnv::GetBoolValue(NSProcessEnv::Converter::gc_allowPrivateIP);
return true;
}
inline bool CanUseThisPath(const std::wstring& wsPath, const std::wstring& wsRootPath)
{
if (GetStatusUsingExternalLocalFiles())
return true;
const std::wstring wsFullPath = NSSystemPath::ShortenPath(NSSystemPath::Combine(wsRootPath, wsPath));
if (!wsRootPath.empty())
return boost::starts_with(wsFullPath, wsRootPath);
return !boost::starts_with(wsFullPath, L"../");
}
inline bool IsZeroValue(const double& dValue)
{
return DBL_EPSILON > std::abs(dValue);