Skip to content

Commit

Permalink
Sanitize file path on download
Browse files Browse the repository at this point in the history 
This fixes matrix-org/matrix-android-sdk#228.
  • Loading branch information
@christarazi
christarazi committed Feb 25, 2018
1 parent 0be745a commit 0c94e62
Showing 1 changed file with 10 additions and 9 deletions.
19 changes: 10 additions & 9 deletions vector/src/main/java/im/vector/fragments/VectorMessageListFragment.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,8 @@
import android.app.AlertDialog;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.SharedPreferences;
import android.net.Uri;
import android.os.Bundle;
import android.preference.PreferenceManager;
import android.provider.Browser;
import android.support.v4.app.FragmentManager;
import android.text.TextUtils;
Expand All @@ -43,8 +41,8 @@
import com.google.gson.JsonElement;

import org.matrix.androidsdk.MXSession;
import org.matrix.androidsdk.adapters.MessageRow;
import org.matrix.androidsdk.adapters.AbstractMessagesAdapter;
import org.matrix.androidsdk.adapters.MessageRow;
import org.matrix.androidsdk.crypto.data.MXDeviceInfo;
import org.matrix.androidsdk.crypto.data.MXUsersDevicesMap;
import org.matrix.androidsdk.data.RoomState;
Expand All @@ -54,12 +52,12 @@
import org.matrix.androidsdk.listeners.MXMediaDownloadListener;
import org.matrix.androidsdk.rest.callback.ApiCallback;
import org.matrix.androidsdk.rest.callback.SimpleApiCallback;
import org.matrix.androidsdk.rest.model.Event;
import org.matrix.androidsdk.rest.model.MatrixError;
import org.matrix.androidsdk.rest.model.crypto.EncryptedEventContent;
import org.matrix.androidsdk.rest.model.crypto.EncryptedFileInfo;
import org.matrix.androidsdk.rest.model.Event;
import org.matrix.androidsdk.rest.model.message.FileMessage;
import org.matrix.androidsdk.rest.model.message.ImageMessage;
import org.matrix.androidsdk.rest.model.MatrixError;
import org.matrix.androidsdk.rest.model.message.Message;
import org.matrix.androidsdk.rest.model.message.VideoMessage;
import org.matrix.androidsdk.util.JsonUtils;
Expand Down Expand Up @@ -775,6 +773,9 @@ public void onClick(DialogInterface dialog, int which) {
* @param filename the filename
*/
void onMediaAction(final int menuAction, final String mediaUrl, final String mediaMimeType, final String filename, final EncryptedFileInfo encryptedFileInfo) {
// Santize file name in case `m.body` contains a path.
final String trimmedFileName = new File(filename).getName();

MXMediasCache mediasCache = Matrix.getInstance(getActivity()).getMediasCache();
// check if the media has already been downloaded
if (mediasCache.isMediaCached(mediaUrl, mediaMimeType)) {
Expand All @@ -787,7 +788,7 @@ public void onSuccess(File file) {
}

if ((menuAction == ACTION_VECTOR_SAVE) || (menuAction == ACTION_VECTOR_OPEN)) {
CommonActivityUtils.saveMediaIntoDownloads(getActivity(), file, filename, mediaMimeType, new SimpleApiCallback<String>() {
CommonActivityUtils.saveMediaIntoDownloads(getActivity(), file, trimmedFileName, mediaMimeType, new SimpleApiCallback<String>() {
@Override
public void onSuccess(String savedMediaPath) {
if (null != savedMediaPath) {
Expand All @@ -800,8 +801,8 @@ public void onSuccess(String savedMediaPath) {
}
});
} else {
if (null != filename) {
File dstFile = new File(file.getParent(), filename);
if (null != trimmedFileName) {
File dstFile = new File(file.getParent(), trimmedFileName);

if (dstFile.exists()) {
dstFile.delete();
Expand Down Expand Up @@ -858,7 +859,7 @@ public void onDownloadComplete(String aDownloadId) {
VectorMessageListFragment.this.getActivity().runOnUiThread(new Runnable() {
@Override
public void run() {
onMediaAction(menuAction, mediaUrl, mediaMimeType, filename, encryptedFileInfo);
onMediaAction(menuAction, mediaUrl, mediaMimeType, trimmedFileName, encryptedFileInfo);
}
});
}
Expand Down

0 comments on commit 0c94e62

Please sign in to comment.