Example of safe control registration VC

xiaoxiao2021-03-06  117

// Suredoc.h: Declaration of the csuredoc

#ifndef __suredoc_h_

#define __suredoc_h_

#include "resource.h" // main symbols

#include "atlctl.h"

/

// Csuredoc

Class ATL_NO_VTABLE CSUREDOC:

Public CComObjectrootex ,

Public CCOMCOCLASS ,

Public IDispatchImpl ,

Public IOBJECTSAFETYIMPL

| InterfaceSafe_for_Untrusted_data>

{

PUBLIC:

Csuredoc ()

{

}

DECLARE_REGISTRY_RESOURCEID (iDR_suredoc)

Declare_protect_final_construct ()

Begin_COM_MAP (CsureDoc)

COM_ITERFACE_ENTRY (IssureDoc)

COM_ITERFACE_ENTRY (Idispatch)

COM_Interface_entry (IOBJECTSAFETY)

END_COM_MAP ()

STDMETHOD (GetInterfacesafetyOptions) (Refiid RIID,

DWORD * PDWSUPPORTEDOPTIONS,

DWORD * PDWENABLEDOPTIONS)

{

ATLTRACE (_T ("COBJECTSAFETYIMPL :: GetInterfaceSafetyOptions / N"))

IF (! pdwsupportedOptions ||! pdwenabledoptions)

Return E_FAIL;

Lpunknown punk;

IF (_internalQueryinterface (riid, (void **) & punk) == E_NOINTERFACE) {

// Our Object Doesn't Even Support this interface.

Return E_NOINTERFACE;

} else {

// Cleanup after ourselves.

punk-> release ();

punk = null;

}

IF (riid == iid_idispatch) {

// idispatch is an interface used for scripting. If Your

// Control Supports Other Idispatch or Dual Interfaces, you

// May Decide to add. Client Wants to Know

// IF Object Is Safe for Scripting. Only Indicate Safe for

// scripting when the interface is safe.

* pdwsupportedOptions = interfacesafe_for_untrusted_caller;

* pdwenabledoptions = m_dwcurrentsafety &

Interfacesafe_for_untrusted_caller;

Return S_OK;} else if ((riid == iid_ipersistStreaminit) ||

(riid == iid_ipersistStorage)) {

// IID_IPERSISTREAMINIT AND IID_IPERSISTSTREAGE ARE

// Interfaces use for initialization. if Your Control

// supports Other Persistence Interfaces, You May Decide To

// Add them here as well. Client Wants To Know IF Object IS

// Safe for Initializing. Only Indicate Safe for Initializing

//hen the interface is safe.

* pdwsupportedOptions = interfacesafe_for_untrusted_data;

* pdwenabledoptions = m_dwcurrentsafety &

Interfacesafe_for_untrusted_data;

Return S_OK;

} else {

// We are say no other interfacs in this control area

// Safe for Initializing or scripting.

* pdwsupportedOptions = 0;

* PDWENABLEDOPTION = 0;

Return E_FAIL;

}

}

STDMETHOD (SETINTERFACESAFETYOPTION) (Refiid RIID,

DWORD DWOptionSetmask,

DWORD DWENABLEDOPTIONS)

{

ATLTRACE ("COBJECTSAFETYIMPL :: SetInterfaceSafetyOptions / N"));

IF (! dwoptionSetmask &&! dwenabledoptions) Return E_FAIL;

Lpunknown punk;

IF (_internalQueryinterface (riid, (void **) & punk) == E_NOINTERFACE) {

// Our Object Doesn't Even Support this interface.

Return E_NOINTERFACE;

} else {

// Cleanup after ourselves.

punk-> release ();

punk = null;

}

// storeur current safe level to return in

// getInterfacesafetyOptions

M_dwcurrentsafety | = DWENABLEDOPTIONS & DWOPTIONSETMASK;

IF ((RIID == iid_idispatch) &&

(m_dwcurrentsafety & interfacesafe_for_untrusted_caller)) {

// Client Wants US to Disable Any Functionality That Would

// make the control unsafe for scripting. The Same Applies To

// Any Other IDispatch or Dual Interfaces Your Control MAY

// Support. Becauseur control is safe for scripting by // default we need Return S_OK.

Return S_OK;

Else IF ((RIID == iid_ipersistStreaminit) ||

(RIID == iid_ipersistStorage)) &&

(m_dwcurrentsafety & interfacesafe_for_untrusted_data)) {

// Client Wants US to make the control safe for initializing

// from Persistent Data. for these Interfaces, this Control

// Is Safe So We Return S_ok. for any interfacs That Are Not

// Safe, We would return E_FAIL.

Return S_OK;

} else {

// this Control Doesn't Allow Initialization or scripting

// from any other interfaces so return e_fail.

Return E_FAIL;

}

}

// isured

PUBLIC:

Void deleteepf (CSTRING & STRPATH);

STDMETHOD (/ * [out] * / variant * pvsourcefile, / * [out] * / variant * pvdestfile, / * [out, retval] * / long * lret);

STDMETHOD (/ * [out, retval] * / long * lret);

STDMETHOD (/ * [in] * / bstr bstrdocfile, / * [out, retval] * / long * LRET);

STDMETHOD (/ * [out, retval] * / variant * pvinfo);

protected:

BOOL EPXTOEPF (CSTRING & STRPATH);

CString M_Strinfo;

}

#ENDIF / / __ Suredoc_H_

转载请注明原文地址:https://www.9cbs.com/read-125482.html

New Post(0)