Issue 81045 - [Automation] BeanShell and JavaScript macros are run on Security Level "Medium" even if macros are disabled
Summary: [Automation] BeanShell and JavaScript macros are run on Security Level "Mediu...
Status: CONFIRMED
Alias: None
Product: App Dev
Classification: Unclassified
Component: scripting (show other issues)
Version: 3.3.0 or older (OOo)
Hardware: All All
: P2 Trivial
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2007-08-27 07:58 UTC by Frank Schönheit
Modified: 2016-12-30 04:13 UTC (History)
2 users (show)

See Also:
Issue Type: TASK
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
document to reproduce the bug case (9.62 KB, application/vnd.oasis.opendocument.text)
2007-08-27 07:59 UTC, Frank Schönheit 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Frank Schönheit 2007-08-27 07:58:27 UTC 
- ensure your Security Level (Tools/Options/OpenOffice.org/Security/Macro
  Security) is set to "Medium"
- open the attached document
=> a dialog pops up warning that the document contains macros, and asking
   whether they should be enabled or disabled
- press "Disable Macros"
- Tools/Macros/Organize Macros/StarOffice Basic
- in the Basic macro organizer, select <document>/Standard/Module1/Main
- press the "Run" button
=> a message box pops up saying that macro execution is disabled (which is
   fine)
- Tools/Macros/Organize Macros/BeanShell
- in the BeanShell macro organizer, select the <document>/Library1/Macro1.bsh
  script
- press the "Run" button
=> the macro is executed, which should not be the case since I disabled
   macro execution for the document
- try the same for the embedded JavaScript macro
=> the macro is executed, too, also ignoring that I disabled macros
Comment 1 Frank Schönheit 2007-08-27 07:59:14 UTC 
Created attachment 47791 [details]
document to reproduce the bug case
Comment 2 Frank Schönheit 2007-08-27 08:00:37 UTC 
adding keyword "security", targeting to 2.x
Comment 3 carsten.driesner 2007-09-03 10:25:56 UTC 
cd: Accepted.
Comment 4 Mathias_Bauer 2008-01-11 09:40:27 UTC 
target 3.x
Comment 5 Mathias_Bauer 2008-01-13 17:21:19 UTC 
Sorry, that should be 3.0
Comment 6 carsten.driesner 2008-05-27 15:27:59 UTC 
cd->ab: Please take over. The dialog has to check the "macro execution mode" of
the document. You can ask "mav" if you need more information.
Comment 7 ab 2008-05-30 11:35:59 UTC 
STARTED
Comment 8 tkr 2008-06-19 10:24:43 UTC 
fixed in cws ab53
Comment 9 ab 2008-06-26 13:56:28 UTC 
The JavaScript and BeanShell macros now are not executed any more,
but unlike in Basic no message box is shown for now, because this
would have been an UI change. This will be handled in #i91098.
Comment 10 ab 2008-06-27 08:44:24 UTC 
ab->tbo: Please verify
Comment 11 b.osi.ooo 2008-07-03 15:38:08 UTC 
verified in CWS ab53 unxlngi: OK
Comment 12 b.osi.ooo 2008-07-14 11:17:50 UTC 
integrated into DEV300m24 - closing
Comment 13 joerg.skottke 2008-08-11 13:34:08 UTC 
Make an automated test out of this.
Target 3.0.1
Comment 14 joerg.skottke 2008-08-11 13:34:49 UTC 
Mine!
Comment 15 joerg.skottke 2008-08-19 10:01:23 UTC 
Adjust target, still need an autotest for this.
Comment 16 joerg.skottke 2009-02-02 09:19:54 UTC 
Retarget
Comment 17 thorsten.ziehm 2009-03-20 11:17:02 UTC 
Retargeted again to 3.2, or is it fixed?
Comment 18 joerg.skottke 2009-10-01 12:17:01 UTC 
Still i did not find the time to create a suitable test and it's not going to
happen for 3.2, setting 3.3.
Comment 19 joerg.skottke 2010-07-07 06:02:55 UTC 
3.x
Comment 20 hans_werner67 2011-03-28 11:51:42 UTC 
Assign to new default-assignee