Hallo, in 6.3 version every time is called the same macro script the same warning dialog appears asking permission to execute it. It's very annoying to confirm it every time is activated for example a form control linked to the same basic macro in the same file. I have found the same problem with 6.3.0-1 6.3.1-1 and 6.3.2-1 x86_64 arch linux packages opening the same base file (actually a managing software in basic), still working good with 6.2.5-1 version. I beg you to fix, thanks a lot. ale
Thank you for reporting the bug. To be certain the reported issue is not related to corruption in the user profile, could you please reset your Libreoffice profile ( https://wiki.documentfoundation.org/UserProfile ) and re-test? If the problem still exists, please attach a sample document, as this makes it easier for us to verify the bug. (Please note that the attachment will be public, remove any sensitive information before attaching it. See https://wiki.documentfoundation.org/QA/FAQ#How_can_I_eliminate_confidential_data_from_a_sample_document.3F for help on how to do so.) I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the issue is still present
Created attachment 155119 [details] File with one form "Autores" that call to another form "Biblioteca"
I have the same problem. When trying to open a form from a button with a macro from another form there is a warning message on the existing macro. This started to appear when I moved to LO 6.2.7.1 and it exists too in 6.3.2.1. My previous version 6.0 work fine and the security level was set to high. Now I have to set it to medium and to click on allow macros in order to use the database. I have reset the user profile with no changes in the behavior. It is quite annoying having to click on tis warning message every time I open a form. I attach a file so that you can see the problem. Thanks and best regards Pedro
i tried: - open Biblioteca.odb - the *.odb file itself does not contain macros. - select Forms -> Autores - select button [Biblioteca] but get an error: A Scripting Framework error occurred while running the Basic script vnd.sun.star.script:Standard.Module1.openFormByTag?language=Basic&location=application. Message: The following Basic script could not be found: library: 'Standard' module: 'Module1' method: 'openFormByTag' location: 'application' to make it work, you need also a macro in My Macros/Standard/Module1, e.g.: REM ***** BASIC ***** Sub openFormByTag(oEvt) MsgBox "Hello World" End Sub now i can confirm, with: Version: 6.3.2.2 (x64) Build-ID: 98b30e735bda24bc04ab42594c85f7fd8be07b9c CPU-Threads: 4; BS: Windows 10.0; UI-Render: Standard; VCL: win; Gebietsschema: de-DE (de_DE); UI-Sprache: de-DE Calc: and Security Level: - Very High/High warning: "This document contains macros. Macros may contain viruses. Execution of macros is disabled due to the current macro security setting" -> but macro will be excuted, cause it is located in trusted zone "My Macros" - Medium warning, with an option to activate macros -> macro will be executed, does not matter if one disables macros in dialog, cause it is located in trusted zone "My Macros" - Low no warning -> macro will be executed *not* reproducible (no warnings) with: Version: 6.1.6.3 (x64) Build-ID: 5896ab1714085361c45cf540f76f60673dd96a72 CPU-Threads: 4; BS: Windows 10.0; UI-Render: Standard; Gebietsschema: de-DE (de_DE); Calc: btw: another problem with base and Macro Security Level: Bug 97694 - Base macros cannot be digitally signed
Hello. I wonder if there is a way to declare My Macros as a trusted zone or it comes declared by default. I declared the directories where I save the databases as trusted origin but it does not seem to work; the warning message on macros and viruses keeps showing. In the other hand, I cannot set up My Macros there (I do not know the route) Pedro
(In reply to Pedro from comment #5) > I wonder if there is a way to declare My Macros as a trusted zone or it > comes declared by default. "My Macros" is in trusted zone by default, as mentioned above, with security level "Medium", it does not matter if you disable macros, your macro from "My Macros" will be executed. > I declared the directories where I save the databases as trusted origin but > it does not seem to work; the warning message on macros and viruses keeps > showing. This works for me: Add a Macro Module to the *.odb file and set security level to "Medium" or "Very high" and add the directory where the *.odb file is stored to trusted zone.
Thanks Oliver. I assume that there is no need to declare the database files to the trusted zone since the macros are already in the trusted zone by default.
Created attachment 157652 [details] odb file odb file asking for macro permission every time a form is asked to be opened
Hi, I have tried creating a new profile, re-created macro libraries and then erased my macros. I have changed my db source from mysql jdbc connection to a fake spreadsheet file (see attachments "soffice.ods"). The confirmation is asked every time I try to open a new form window although the security macro level is set to "medium". The problem is independent from DB connection or specific macros, as from personal profile. I suspect the problem is inside the odb file (attached). Could you verify as well? Thanks a lot Alessandro
Created attachment 157653 [details] fake source ods file
I have tried changing profile and creating new file: if I paste the same forms the problem is still there: every time I open the forms this anoising window advising "the document contains macros..." appears. Another strange behaviour is that selecting either "enable" or "disable" button the macros work! So I think the problem is inside form files and I should recreate them manually but it's a huge work.
Now the matter is clearer: the problem occurs every time I try to open a form containing a button linked to a basic macro. It occurs with new profile and with new files too, even inserting db directory origin in trusted sources list. The advice window appears either with medium or high macro security level (although with different alert) every time I try to open the form. Then the macro works independently from my answer.
Bibisected with Linux64-6.4 to https://git.libreoffice.org/core/+/b3edf85e0fe6ca03dc26e1bf531be82193bc9627%5E!/ warn on load when a document binds an event to a macro Adding Cc: to Caolán McNamara I used Oliver's instructions from comment 4. The warning either appears or doesn't upon double-clicking the form Autores. Based on the commit message, not sure if this is the intended result rather than a bug?
It was a deliberate change (due to the flood of CVE-2019-9848, CVE-2019-9852, CVE-2019-9851, CVE-2019-9850, CVE-2019-9853, CVE-2019-9855 and CVE-2019-9854) to warn about documents that merely *call* macros equivalently to documents that *contain* macros. In this case I suspect the approach of comment #5, adding a trusted document location and using it for the trusted odb, is something that should have worked. Maybe it doesn't work because the forms are inside a .odb that itself is inside the trusted location, so my first instinct is to see if that could be made work.
https://gerrit.libreoffice.org/c/core/+/95861 seems to work
*** Bug 133814 has been marked as a duplicate of this bug. ***
Adding a macro to get rid of the macro warning feels funny, indeed.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/02e20dfa733d050e9d37285ad36323b2aad46ffe tdf#128006 allow documents inside odbs to be as trusted as their container It will be available in 7.1.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-0": https://git.libreoffice.org/core/commit/ac65ade24aa10c0a39d7d38576ad54bd00724455 tdf#128006 allow documents inside odbs to be as trusted as their container It will be available in 7.0.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
That should make subdocuments hosted in an odb which is in a "trusted location" as trusted as their wrapper odb document so odbs like this can be put into a designated "trusted location" and the warnings won't appear. Fixed in master and 7-0. Not yet in 6-4, lets give it some time in there to test for fallout before backporting
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-4": https://git.libreoffice.org/core/commit/f9bd290d08f08464103372633462421ba0918754 tdf#128006 allow documents inside odbs to be as trusted as their container It will be available in 6.4.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.