Created attachment 105697 [details]
Document + screenshot
Steps to reproduce:
1. Open the attached document (the password is Password1)
2. Close it
3. Open Libreoffice (soffice.exe)
In the main page you can see the preview (text and picture) of the password protected document.
A Password protected document content should not be - in any way - inspected.
Also if you open the odt file as zip archive you can see that the document contains a jpg image. In the previous libreoffice versions even the original name of the jpg (cat.jpg in his example) file was mantained. This is not good because you can argue info about the document content, event if it is password protected.
Operating System: All
Version: 184.108.40.206 release
(In reply to comment #0)
> In the main page you can see the preview (text and picture) of the password
> protected document.
This is fixed for the next stable release (4.3.2).
> Also if you open the odt file as zip archive you can see that the document
> contains a jpg image. In the previous libreoffice versions even the original
> name of the jpg (cat.jpg in his example) file was mantained.
Sorry but I don't understand. Your file indeed contains a jpg file, but it's named 10000000000000EE000000D48748309C.jpg.
*** This bug has been marked as a duplicate of bug 80755 ***
Need to be sure that every jpg file is renamed, because in the past (previous version of libreoffice or openoffice - I don't remember) the original jpg file name was mainained.
Anyway even without password I can know that the document contains a some pictures, and also I can know the exact number of pictures.
A encrypted document should show no information at all about its content.
(In reply to comment #2)
> Anyway even without password I can know that the document contains a some
> pictures, and also I can know the exact number of pictures.
So what? It gives you absolutely nothing as long as you can't see the actual contents of those pictures. It's like saying that password-protected ZIP files are bad, because you can list their contents.
> A encrypted document should show no information at all about its content.
The standard  just says that individual files inside the archive can be encrypted. It doesn't say that the file structure should/can be changed. Now, it should be technically possible to inline the images inside the xml file (or something similar), but I see no point in doing that.