Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2026-05-15 12:40:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update isValidExternalUri.

Browse Source
This commit is contained in:
Greyson Parrelli
2026-04-08 18:31:00 +00:00
committed by jeffrey-signal
parent cd92feb2b7
commit 5310c19b99
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/java/org/thoughtcrime/securesms/util/UriUtil.kt
+5 -1
View File
@@ -15,7 +15,8 @@ object UriUtil {
/**
* Ensures that an external URI is valid and doesn't contain any references to internal files or
* any other trickiness.
* any other trickiness. Rejects file:// URIs that reference internal storage, and content:// URIs
* whose authority belongs to this application's own content providers.
*/
@JvmStatic
fun isValidExternalUri(context: Context, uri: Uri): Boolean {
@@ -29,6 +30,9 @@ object UriUtil {
} catch (e: IOException) {
return false
}
} else if (ContentResolver.SCHEME_CONTENT == uri.scheme) {
val authority = uri.authority ?: return false
return !authority.startsWith(context.packageName)
} else {
return true
}
app/src/test/java/org/thoughtcrime/securesms/util/UriUtilTest_isValidExternalUri.java
+4
View File
@@ -34,6 +34,10 @@ public class UriUtilTest_isValidExternalUri {
public static Collection<Object[]> data() {
return Arrays.asList(new Object[][]{
{ "content://other.app.package.name.org/path/public.txt", true },
{ "content://" + APPLICATION_ID + ".part/part/42", false },
{ "content://" + APPLICATION_ID + ".blob/blob/42", false },
{ "content://" + APPLICATION_ID + ".avatar/avatar/42", false },
{ "content://" + APPLICATION_ID + ".fileprovider/external_files/f", false },
{ "file:///sdcard/public.txt", true },
{"file:///data/data/" + APPLICATION_ID + "/private.txt", false },
{"file:///any/path/with/package/name/" + APPLICATION_ID, false },