From efa9dd6ec3a019f24128e02148555f0cd17f1468 Mon Sep 17 00:00:00 2001
From: Cody Henthorne <cody@signal.org>
Date: Thu, 5 Jun 2025 15:33:16 -0400
Subject: [PATCH] Fix path escaping issues.

Acknowledgment to Mouad & Ostorlab team for bringing this to our attention.
---
 .../org/thoughtcrime/securesms/providers/BlobProvider.java    | 4 ++--
 .../org/thoughtcrime/securesms/sharing/v2/ShareRepository.kt  | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/src/main/java/org/thoughtcrime/securesms/providers/BlobProvider.java b/app/src/main/java/org/thoughtcrime/securesms/providers/BlobProvider.java
index de9f1e9147..2c1f6cc2f4 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/providers/BlobProvider.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/providers/BlobProvider.java
@@ -349,7 +349,7 @@ public class BlobProvider {
 
   private static @Nullable String getId(@NonNull Uri uri) {
     if (isAuthority(uri)) {
-      return uri.getPathSegments().get(ID_PATH_SEGMENT);
+      return Uri.encode(uri.getPathSegments().get(ID_PATH_SEGMENT));
     }
     return null;
   }
@@ -422,7 +422,7 @@ public class BlobProvider {
   }
 
   private static @NonNull String buildFileName(@NonNull String id) {
-    return id + ".blob";
+    return Uri.encode(id) + ".blob";
   }
 
   private static @NonNull String getDirectory(@NonNull StorageType storageType) {
diff --git a/app/src/main/java/org/thoughtcrime/securesms/sharing/v2/ShareRepository.kt b/app/src/main/java/org/thoughtcrime/securesms/sharing/v2/ShareRepository.kt
index 860264826c..0e462831ab 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/sharing/v2/ShareRepository.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/sharing/v2/ShareRepository.kt
@@ -72,6 +72,7 @@ class ShareRepository(context: Context) {
   @WorkerThread
   private fun resolve(externalMultiShare: UnresolvedShareData.ExternalMultiShare): ResolvedShareData {
     val mimeTypes: Map<Uri, String> = externalMultiShare.uris
+      .filter { UriUtil.isValidExternalUri(appContext, it) }
       .associateWith { uri -> getMimeType(appContext, uri, null) }
       .filterValues {
         MediaUtil.isImageType(it) || MediaUtil.isVideoType(it)