Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-13 03:09:04 +01:00
Code Issues Projects Releases Wiki Activity

[android] reject invalid mime types for image attachments

Browse Source
This commit is contained in:
Torsten Grote
2019-02-18 15:24:34 -03:00
parent f76f9be4ed
commit fc6275b037
4 changed files with 23 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
briar-android/src/main/java/org/briarproject/briar/android/conversation/AttachmentController.java
View File

@@ -44,6 +44,7 @@ import static org.briarproject.bramble.util.IoUtils.tryToClose;
import static org.briarproject.bramble.util.LogUtils.logDuration;
import static org.briarproject.bramble.util.LogUtils.logException;
import static org.briarproject.bramble.util.LogUtils.now;
import static org.briarproject.briar.api.messaging.MessagingConstants.IMAGE_MIME_TYPES;
@NotNullByDefault
class AttachmentController {
@@ -146,6 +147,14 @@ class AttachmentController {
unsentItems.put(uri, item);
}
boolean isValidMimeType(@Nullable String mimeType) {
if (mimeType == null) return false;
for (String supportedType : IMAGE_MIME_TYPES) {
if (supportedType.equals(mimeType)) return true;
}
return false;
}
@DatabaseExecutor
void deleteUnsentAttachments() {
for (AttachmentItem item : unsentItems.values()) {

20
briar-android/src/main/java/org/briarproject/briar/android/conversation/ConversationViewModel.java
View File

@@ -74,7 +74,6 @@ public class ConversationViewModel extends AndroidViewModel implements
@CryptoExecutor
private final Executor cryptoExecutor;
private final TransactionManager db;
private final AndroidExecutor androidExecutor;
private final MessagingManager messagingManager;
private final ContactManager contactManager;
private final SettingsManager settingsManager;
@@ -107,13 +106,12 @@ public class ConversationViewModel extends AndroidViewModel implements
ConversationViewModel(Application application,
@DatabaseExecutor Executor dbExecutor,
@CryptoExecutor Executor cryptoExecutor, TransactionManager db,
AndroidExecutor androidExecutor, MessagingManager messagingManager,
ContactManager contactManager, SettingsManager settingsManager,
MessagingManager messagingManager, ContactManager contactManager,
SettingsManager settingsManager,
PrivateMessageFactory privateMessageFactory) {
super(application);
this.dbExecutor = dbExecutor;
this.cryptoExecutor = cryptoExecutor;
this.androidExecutor = androidExecutor;
this.db = db;
this.messagingManager = messagingManager;
this.contactManager = contactManager;
@@ -197,16 +195,24 @@ public class ConversationViewModel extends AndroidViewModel implements
@Override
public LiveData<AttachmentResult> storeAttachment(Uri uri,
boolean needsSize) {
if (messagingGroupId.getValue() == null) loadGroupId();
// use LiveData to not keep references to view scope
MutableLiveData<AttachmentResult> result = new MutableLiveData<>();
// check first if mime type is supported
ContentResolver contentResolver =
getApplication().getContentResolver();
String mimeType = contentResolver.getType(uri);
if (!attachmentController.isValidMimeType(mimeType)) {
String errorMsg = getApplication().getString(
R.string.image_attach_error_invalid_mime_type, mimeType);
result.setValue(new AttachmentResult(errorMsg));
return result;
}
if (messagingGroupId.getValue() == null) loadGroupId();
observeForeverOnce(messagingGroupId, groupId -> dbExecutor.execute(()
-> {
if (groupId == null) throw new IllegalStateException();
long start = now();
try {
ContentResolver contentResolver =
getApplication().getContentResolver();
attachmentController.createAttachmentHeader(contentResolver,
groupId, uri, needsSize);
result.postValue(new AttachmentResult(uri));