diff options
author | Christian Schneppe <christian@pix-art.de> | 2018-10-20 22:01:04 +0200 |
---|---|---|
committer | Christian Schneppe <christian@pix-art.de> | 2018-10-20 22:01:04 +0200 |
commit | b6d64f1f4338c6c8e0c3ed91983da6aa16024fe0 (patch) | |
tree | 7ef465be27da6f892262a716b59c49b8d25e14d5 /src/main/java/de/pixart/messenger/ui/StartConversationActivity.java | |
parent | b2d98cbd131ca4b926a27886b3c911a992a17d3f (diff) |
Do not insert text shared over XMPP uri when already drafting message
XMPP uris in the style of `xmpp:test@domain.tld?body=Something` can be used to
directly share a message with a specific contact. Previously the text was
always appended to the message currently in draft. The message was never send
automatically. Essentially those links where treated like normal text share
intents (for example when sharing a URL from the browser) but without the
contact selection.
There is a concern (CVE-2018-18467) that when this URI is invoked automatically
and the user is currently drafting a long message to that particular contact
the text could be inserted in the draft field (input box) without the user
noticing.
To circumvent that the text shared over XMPP uris that contain a particular
contact is now appended only if the draft box is currently empty.
Sharing text normally (**with** manual contact selection) is still treated the
same; meaning the shared text will be appended to the current draft. This is
intended behaviour to make the
'Hey I have this cool link here;' *open browser*, *share link* - secenario
work.
Diffstat (limited to 'src/main/java/de/pixart/messenger/ui/StartConversationActivity.java')
-rw-r--r-- | src/main/java/de/pixart/messenger/ui/StartConversationActivity.java | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/main/java/de/pixart/messenger/ui/StartConversationActivity.java b/src/main/java/de/pixart/messenger/ui/StartConversationActivity.java index 7be62165b..5b337abb6 100644 --- a/src/main/java/de/pixart/messenger/ui/StartConversationActivity.java +++ b/src/main/java/de/pixart/messenger/ui/StartConversationActivity.java @@ -493,7 +493,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne contact.setServerName(invite.getName()); } if (contact.isSelf()) { - switchToConversation(contact, null); + switchToConversation(contact); return true; } else if (contact.showInRoster()) { throw new EnterJidDialog.JidError(getString(R.string.contact_already_exists)); @@ -502,7 +502,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite != null && invite.hasFingerprints()) { xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); } - switchToConversation(contact, invite == null ? null : invite.getBody()); + switchToConversationDoNotAppend(contact, invite == null ? null : invite.getBody()); return true; } }); @@ -550,9 +550,14 @@ public class StartConversationActivity extends XmppActivity implements XmppConne return xmppConnectionService.findAccountByJid(jid); } - protected void switchToConversation(Contact contact, String body) { + protected void switchToConversation(Contact contact) { Conversation conversation = xmppConnectionService.findOrCreateConversation(contact.getAccount(), contact.getJid(), false, true); - switchToConversation(conversation, body); + switchToConversation(conversation); + } + + protected void switchToConversationDoNotAppend(Contact contact, String body) { + Conversation conversation = xmppConnectionService.findOrCreateConversation(contact.getAccount(), contact.getJid(), false, true); + switchToConversationDoNotAppend(conversation, body); } @Override @@ -788,7 +793,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite.isAction(XmppUri.ACTION_JOIN)) { Conversation muc = xmppConnectionService.findFirstMuc(invite.getJid()); if (muc != null) { - switchToConversation(muc, invite.getBody()); + switchToConversationDoNotAppend(muc, invite.getBody()); return true; } else { showJoinConferenceDialog(invite.getJid().asBareJid().toString()); @@ -810,7 +815,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite.account != null) { xmppConnectionService.getShortcutService().report(contact); } - switchToConversation(contact, invite.getBody()); + switchToConversationDoNotAppend(contact, invite.getBody()); } return true; } else { @@ -838,7 +843,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (isTrustedSource.isChecked() && invite.hasFingerprints()) { xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); } - switchToConversation(contact, invite.getBody()); + switchToConversationDoNotAppend(contact, invite.getBody()); }); builder.setNegativeButton(R.string.cancel, (dialog, which) -> StartConversationActivity.this.finish()); AlertDialog dialog = builder.create(); |