mirrors/element-android
1
0
Fork 0
mirror of https://github.com/element-hq/element-android synced 2024-11-28 05:31:21 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3064 from TR-SLimey/fix-path-traversal-file-save-api29

Browse source 
When downloading a file in <= API 29, replace dangerous characters with underscores
This commit is contained in:
Benoit Marty 2021-03-26 15:34:03 +01:00 committed by GitHub
commit 5c89179c47
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
vector/src/main/java/im/vector/app/core/utils/ExternalApplicationsUtil.kt
View file

@ -514,7 +514,7 @@ fun selectTxtFileToWrite(
@Suppress("DEPRECATION")
fun saveFileIntoLegacy(sourceFile: File, dstDirPath: File, outputFilename: String?): File? {
// defines another name for the external media
val dstFileName: String
var dstFileName: String
// build a filename is not provided
if (null == outputFilename) {
@ -529,6 +529,9 @@ fun saveFileIntoLegacy(sourceFile: File, dstDirPath: File, outputFilename: Strin
dstFileName = outputFilename
}
// remove dangerous characters from the filename
dstFileName = dstFileName.replace(Regex("""[/\\]"""), "_")
var dstFile = File(dstDirPath, dstFileName)
// if the file already exists, append a marker