Do weOwnFile security check only when attaching
The general security check is recommend so a third party can not ask us to send an internal file. But we don’t need to do this for files we attach ourself from within Conversations
This commit is contained in:
parent
657b1cae9d
commit
04ac2264e8
|
@ -1988,7 +1988,8 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
|
|||
final boolean pm = extras.getBoolean(ConversationsActivity.EXTRA_IS_PRIVATE_MESSAGE, false);
|
||||
final List<Uri> uris = extractUris(extras);
|
||||
if (uris != null && uris.size() > 0) {
|
||||
mediaPreviewAdapter.addMediaPreviews(Attachment.of(getActivity(), uris));
|
||||
final List<Uri> cleanedUris = cleanUris(new ArrayList<>(uris));
|
||||
mediaPreviewAdapter.addMediaPreviews(Attachment.of(getActivity(), cleanedUris));
|
||||
toggleInputMethod();
|
||||
return;
|
||||
}
|
||||
|
@ -2033,6 +2034,18 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
|
|||
}
|
||||
}
|
||||
|
||||
private List<Uri> cleanUris(List<Uri> uris) {
|
||||
Iterator<Uri> iterator = uris.iterator();
|
||||
while(iterator.hasNext()) {
|
||||
final Uri uri = iterator.next();
|
||||
if (FileBackend.weOwnFile(getActivity(), uri)) {
|
||||
iterator.remove();
|
||||
Toast.makeText(getActivity(), R.string.security_violation_not_attaching_file, Toast.LENGTH_SHORT).show();
|
||||
}
|
||||
}
|
||||
return uris;
|
||||
}
|
||||
|
||||
private boolean showBlockSubmenu(View view) {
|
||||
final Jid jid = conversation.getJid();
|
||||
if (jid.getLocal() == null) {
|
||||
|
|
|
@ -738,4 +738,5 @@
|
|||
<string name="view_media">View media</string>
|
||||
<string name="media_browser">Media browser</string>
|
||||
<string name="export_channel_name">History export</string>
|
||||
<string name="security_violation_not_attaching_file">File omitted due to security violation.</string>
|
||||
</resources>
|
||||
|
|
Loading…
Reference in New Issue