From cc62c28fda69ab948f2d169d6a20f3d5c3bfda2e Mon Sep 17 00:00:00 2001
From: Samuel Erb <samrerb@erbbysam.com>
Date: Tue, 17 Sep 2019 12:22:12 -0400
Subject: [PATCH] change default updateDocMode behavior and add new option to
keep old behavior (#510)
(cherry picked from commit acfac594e643f9c44f1c3b8d6d8957190a4d76f2)
Conflicts:
unoconv
unoconv2.py
unoconv3.py
---
unoconv2.py | 27 ++++++++++++++++++---------
unoconv3.py | 27 ++++++++++++++++++---------
2 files changed, 36 insertions(+), 18 deletions(-)
diff --git a/unoconv2.py b/unoconv2.py
index cf45010..22dee0b 100755
--- a/unoconv2.py
+++ b/unoconv2.py
@@ -523,6 +523,7 @@ class Options:
self.template = None
self.timeout = 6
self.verbose = 0
+ self.updateDocMode = UNO_NO_UPDATE
### Get options from the commandline
try:
@@ -530,7 +531,7 @@ class Options:
['connection=', 'debug', 'doctype=', 'export=', 'format=',
'help', 'import', 'listener', 'no-launch', 'output=',
'outputpath', 'password=', 'pipe=', 'port=', 'server=',
- 'timeout=', 'show', 'stdout', 'template', 'verbose',
+ 'timeout=', 'show', 'stdout', 'template', 'unsafe-quiet-update', 'verbose',
'version'] )
except getopt.error, exc:
print 'unoconv: %s, try unoconv -h for a list of all the options' % str(exc)
@@ -609,6 +610,10 @@ class Options:
self.template = arg
elif opt in ['-T', '--timeout']:
self.timeout = int(arg)
+ elif opt in ['--unsafe-quiet-update']:
+ # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html
+ print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.')
+ self.updateDocMode = UNO_QUIET_UPDATE
elif opt in ['-v', '--verbose']:
self.verbose = self.verbose + 1
elif opt in ['-V', '--version']:
@@ -699,6 +704,7 @@ unoconv options:
--stdout write output to stdout
-t, --template=file import the styles from template (.ott)
-T, --timeout=secs timeout after secs if connection to listener fails
+ --unsafe-quiet-update allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input)
-v, --verbose be more and more verbose (-vvv for debugging)
'''
@@ -826,7 +832,7 @@ class Convertor:
phase = "import"
### Load inputfile
- inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=UNO_QUIET_UPDATE)
+ inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode)
# if op.password:
# info = GlobalUnoProps(algorithm-name="PBKDF2", salt="salt", iteration-count=1024, hash="hash")
@@ -859,13 +865,14 @@ class Convertor:
print >>sys.stderr, 'unoconv: template file `%s\' does not exist.' % op.template
exitcode = 1
- ### Update document links
- phase = "update-links"
- try:
- document.updateLinks()
- except AttributeError:
- # the document doesn't implement the XLinkUpdate interface
- pass
+ ### Update document links links if appropriate
+ if op.updateDocMode != UNO_NO_UPDATE:
+ phase = "update-links"
+ try:
+ document.updateLinks()
+ except AttributeError:
+ # the document doesn't implement the XLinkUpdate interface
+ pass
### Update document indexes
phase = "update-indexes"
@@ -1131,6 +1138,7 @@ def run():
### Now that we have found a working pyuno library, let's import some classes
global UnoPropertyValue
global UnoNoConnectException
+ global UNO_NO_UPDATE
global UNO_QUIET_UPDATE
global UnoDisposedException
global UnoIllegalArgumentException
@@ -1142,6 +1150,7 @@ def run():
from com.sun.star.beans import PropertyValue as UnoPropertyValue
from com.sun.star.connection import NoConnectException as UnoNoConnectException
+ from com.sun.star.document.UpdateDocMode import NO_UPDATE as UNO_NO_UPDATE
from com.sun.star.document.UpdateDocMode import QUIET_UPDATE as UNO_QUIET_UPDATE
from com.sun.star.lang import DisposedException as UnoDisposedException
from com.sun.star.lang import IllegalArgumentException as UnoIllegalArgumentException
diff --git a/unoconv3.py b/unoconv3.py
index 84b59f3..da3922f 100755
--- a/unoconv3.py
+++ b/unoconv3.py
@@ -523,6 +523,7 @@ class Options:
self.template = None
self.timeout = 6
self.verbose = 0
+ self.updateDocMode = UNO_NO_UPDATE
### Get options from the commandline
try:
@@ -530,7 +531,7 @@ class Options:
['connection=', 'debug', 'doctype=', 'export=', 'format=',
'help', 'import', 'listener', 'no-launch', 'output=',
'outputpath', 'password=', 'pipe=', 'port=', 'server=',
- 'timeout=', 'show', 'stdout', 'template', 'verbose',
+ 'timeout=', 'show', 'stdout', 'template', 'unsafe-quiet-update', 'verbose',
'version'] )
except getopt.error as exc:
print('unoconv: %s, try unoconv -h for a list of all the options' % str(exc))
@@ -609,6 +610,10 @@ class Options:
self.template = arg
elif opt in ['-T', '--timeout']:
self.timeout = int(arg)
+ elif opt in ['--unsafe-quiet-update']:
+ # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html
+ print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.')
+ self.updateDocMode = UNO_QUIET_UPDATE
elif opt in ['-v', '--verbose']:
self.verbose = self.verbose + 1
elif opt in ['-V', '--version']:
@@ -699,6 +704,7 @@ unoconv options:
--stdout write output to stdout
-t, --template=file import the styles from template (.ott)
-T, --timeout=secs timeout after secs if connection to listener fails
+ --unsafe-quiet-update allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input)
-v, --verbose be more and more verbose (-vvv for debugging)
''', file=sys.stderr)
@@ -826,7 +832,7 @@ class Convertor:
phase = "import"
### Load inputfile
- inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=UNO_QUIET_UPDATE)
+ inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode)
# if op.password:
# info = GlobalUnoProps(algorithm-name="PBKDF2", salt="salt", iteration-count=1024, hash="hash")
@@ -859,13 +865,14 @@ class Convertor:
print('unoconv: template file `%s\' does not exist.' % op.template, file=sys.stderr)
exitcode = 1
- ### Update document links
- phase = "update-links"
- try:
- document.updateLinks()
- except AttributeError:
- # the document doesn't implement the XLinkUpdate interface
- pass
+ ### Update document links if appropriate
+ if op.updateDocMode != UNO_NO_UPDATE:
+ phase = "update-links"
+ try:
+ document.updateLinks()
+ except AttributeError:
+ # the document doesn't implement the XLinkUpdate interface
+ pass
### Update document indexes
phase = "update-indexes"
@@ -1131,6 +1138,7 @@ def run():
### Now that we have found a working pyuno library, let's import some classes
global UnoPropertyValue
global UnoNoConnectException
+ global UNO_NO_UPDATE
global UNO_QUIET_UPDATE
global UnoDisposedException
global UnoIllegalArgumentException
@@ -1142,6 +1150,7 @@ def run():
from com.sun.star.beans import PropertyValue as UnoPropertyValue
from com.sun.star.connection import NoConnectException as UnoNoConnectException
+ from com.sun.star.document.UpdateDocMode import NO_UPDATE as UNO_NO_UPDATE
from com.sun.star.document.UpdateDocMode import QUIET_UPDATE as UNO_QUIET_UPDATE
from com.sun.star.lang import DisposedException as UnoDisposedException
from com.sun.star.lang import IllegalArgumentException as UnoIllegalArgumentException
--
2.24.1