Issue 81045 - [Automation] BeanShell and JavaScript macros are run on Security Level "Medium" even if macros are disabled
Summary: [Automation] BeanShell and JavaScript macros are run on Security Level "Mediu...
Alias: None
Product: App Dev
Classification: Unclassified
Component: scripting (show other issues)
Version: 3.3.0 or older (OOo)
Hardware: All All
: P2 Trivial
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
Keywords: security
Depends on:
Reported: 2007-08-27 07:58 UTC by Frank Schönheit
Modified: 2016-12-30 04:13 UTC (History)
2 users (show)

See Also:
Issue Type: TASK
Latest Confirmation in: ---
Developer Difficulty: ---

document to reproduce the bug case (9.62 KB, application/vnd.oasis.opendocument.text)
2007-08-27 07:59 UTC, Frank Schönheit
no flags Details

Note You need to log in before you can comment on or make changes to this issue.
Description Frank Schönheit 2007-08-27 07:58:27 UTC
- ensure your Security Level (Tools/Options/
  Security) is set to "Medium"
- open the attached document
=> a dialog pops up warning that the document contains macros, and asking
   whether they should be enabled or disabled
- press "Disable Macros"
- Tools/Macros/Organize Macros/StarOffice Basic
- in the Basic macro organizer, select <document>/Standard/Module1/Main
- press the "Run" button
=> a message box pops up saying that macro execution is disabled (which is
- Tools/Macros/Organize Macros/BeanShell
- in the BeanShell macro organizer, select the <document>/Library1/Macro1.bsh
- press the "Run" button
=> the macro is executed, which should not be the case since I disabled
   macro execution for the document
- try the same for the embedded JavaScript macro
=> the macro is executed, too, also ignoring that I disabled macros
Comment 1 Frank Schönheit 2007-08-27 07:59:14 UTC
Created attachment 47791 [details]
document to reproduce the bug case
Comment 2 Frank Schönheit 2007-08-27 08:00:37 UTC
adding keyword "security", targeting to 2.x
Comment 3 carsten.driesner 2007-09-03 10:25:56 UTC
cd: Accepted.
Comment 4 Mathias_Bauer 2008-01-11 09:40:27 UTC
target 3.x
Comment 5 Mathias_Bauer 2008-01-13 17:21:19 UTC
Sorry, that should be 3.0
Comment 6 carsten.driesner 2008-05-27 15:27:59 UTC
cd->ab: Please take over. The dialog has to check the "macro execution mode" of
the document. You can ask "mav" if you need more information.
Comment 7 ab 2008-05-30 11:35:59 UTC
Comment 8 tkr 2008-06-19 10:24:43 UTC
fixed in cws ab53
Comment 9 ab 2008-06-26 13:56:28 UTC
The JavaScript and BeanShell macros now are not executed any more,
but unlike in Basic no message box is shown for now, because this
would have been an UI change. This will be handled in #i91098.
Comment 10 ab 2008-06-27 08:44:24 UTC
ab->tbo: Please verify
Comment 11 2008-07-03 15:38:08 UTC
verified in CWS ab53 unxlngi: OK
Comment 12 2008-07-14 11:17:50 UTC
integrated into DEV300m24 - closing
Comment 13 joerg.skottke 2008-08-11 13:34:08 UTC
Make an automated test out of this.
Target 3.0.1
Comment 14 joerg.skottke 2008-08-11 13:34:49 UTC
Comment 15 joerg.skottke 2008-08-19 10:01:23 UTC
Adjust target, still need an autotest for this.
Comment 16 joerg.skottke 2009-02-02 09:19:54 UTC
Comment 17 thorsten.ziehm 2009-03-20 11:17:02 UTC
Retargeted again to 3.2, or is it fixed?
Comment 18 joerg.skottke 2009-10-01 12:17:01 UTC
Still i did not find the time to create a suitable test and it's not going to
happen for 3.2, setting 3.3.
Comment 19 joerg.skottke 2010-07-07 06:02:55 UTC
Comment 20 hans_werner67 2011-03-28 11:51:42 UTC
Assign to new default-assignee