From 0460702710fd46cac0850224f34a275ceb8e2c1f Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Thu, 7 Apr 2016 20:29:40 +0200 Subject: check file owner when attaching files or using them as avatar --- .../eu/siacs/conversations/services/XmppConnectionService.java | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/main/java/eu/siacs/conversations/services/XmppConnectionService.java') diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java index e9ac38325..2aaf9b622 100644 --- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java @@ -403,6 +403,11 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa public void attachFileToConversation(final Conversation conversation, final Uri uri, final UiCallback callback) { + if (FileBackend.weOwnFile(uri)) { + Log.d(Config.LOGTAG,"trying to attach file that belonged to us"); + callback.error(R.string.security_error_invalid_file_access, null); + return; + } final Message message; if (conversation.getNextEncryption() == Message.ENCRYPTION_PGP) { message = new Message(conversation, "", Message.ENCRYPTION_DECRYPTED); @@ -441,6 +446,11 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa } public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback callback) { + if (FileBackend.weOwnFile(uri)) { + Log.d(Config.LOGTAG,"trying to attach file that belonged to us"); + callback.error(R.string.security_error_invalid_file_access, null); + return; + } final String compressPictures = getCompressPicturesPreference(); if ("never".equals(compressPictures) || ("auto".equals(compressPictures) && getFileBackend().useImageAsIs(uri))) { -- cgit v1.2.3