aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/eu/siacs/conversations/services
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2016-04-07 20:29:40 +0200
committerDaniel Gultsch <daniel@gultsch.de>2016-04-07 20:29:40 +0200
commit0460702710fd46cac0850224f34a275ceb8e2c1f (patch)
tree561776fae8ca69b81adb3c630fdd52178e2d5018 /src/main/java/eu/siacs/conversations/services
parent290f0a123e117ce8e31ef3f9a2d1e896fb4c1ab9 (diff)
check file owner when attaching files or using them as avatar
Diffstat (limited to 'src/main/java/eu/siacs/conversations/services')
-rw-r--r--src/main/java/eu/siacs/conversations/services/XmppConnectionService.java10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
index e9ac38325..2aaf9b622 100644
--- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
+++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
@@ -403,6 +403,11 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
public void attachFileToConversation(final Conversation conversation,
final Uri uri,
final UiCallback<Message> callback) {
+ if (FileBackend.weOwnFile(uri)) {
+ Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
+ callback.error(R.string.security_error_invalid_file_access, null);
+ return;
+ }
final Message message;
if (conversation.getNextEncryption() == Message.ENCRYPTION_PGP) {
message = new Message(conversation, "", Message.ENCRYPTION_DECRYPTED);
@@ -441,6 +446,11 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
}
public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback<Message> callback) {
+ if (FileBackend.weOwnFile(uri)) {
+ Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
+ callback.error(R.string.security_error_invalid_file_access, null);
+ return;
+ }
final String compressPictures = getCompressPicturesPreference();
if ("never".equals(compressPictures)
|| ("auto".equals(compressPictures) && getFileBackend().useImageAsIs(uri))) {