aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de/pixart/messenger/ui
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2018-10-04 20:17:58 +0200
committerChristian Schneppe <christian@pix-art.de>2018-10-04 20:17:58 +0200
commit7cf9ad5fee4b6315ef1d53b4f072e30c6be5c55b (patch)
treefd714915470bfa86eb4798fb0d7fff3c9cda4160 /src/main/java/de/pixart/messenger/ui
parent7706b5920700221c84916ac29c7769a9dd3dd176 (diff)
Do weOwnFile security check only when attaching
The general security check is recommend so a third party can not ask us to send an internal file. But we don’t need to do this for files we attach ourself from within the app
Diffstat (limited to 'src/main/java/de/pixart/messenger/ui')
-rw-r--r--src/main/java/de/pixart/messenger/ui/ConversationFragment.java15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/main/java/de/pixart/messenger/ui/ConversationFragment.java b/src/main/java/de/pixart/messenger/ui/ConversationFragment.java
index 215c7d39c..eddf5abdc 100644
--- a/src/main/java/de/pixart/messenger/ui/ConversationFragment.java
+++ b/src/main/java/de/pixart/messenger/ui/ConversationFragment.java
@@ -2245,7 +2245,8 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
final boolean pm = extras.getBoolean(ConversationsActivity.EXTRA_IS_PRIVATE_MESSAGE, false);
final List<Uri> uris = extractUris(extras);
if (uris != null && uris.size() > 0) {
- mediaPreviewAdapter.addMediaPreviews(Attachment.of(getActivity(), uris));
+ final List<Uri> cleanedUris = cleanUris(new ArrayList<>(uris));
+ mediaPreviewAdapter.addMediaPreviews(Attachment.of(getActivity(), cleanedUris));
toggleInputMethod();
return;
}
@@ -2290,6 +2291,18 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
}
}
+ private List<Uri> cleanUris(List<Uri> uris) {
+ Iterator<Uri> iterator = uris.iterator();
+ while (iterator.hasNext()) {
+ final Uri uri = iterator.next();
+ if (FileBackend.weOwnFile(getActivity(), uri)) {
+ iterator.remove();
+ Toast.makeText(getActivity(), R.string.security_violation_not_attaching_file, Toast.LENGTH_SHORT).show();
+ }
+ }
+ return uris;
+ }
+
private boolean showBlockSubmenu(View view) {
final Jid jid = conversation.getJid();
if (jid.getLocal() == null) {