Signed-off-by: rapterjet2004 <juliuslinus1@gmail.com>
This commit is contained in:
rapterjet2004 2024-10-16 08:57:40 -05:00
parent 18e0ae31bc
commit ea7d48fb67
No known key found for this signature in database
GPG key ID: 3AA5FDFED7944099

View file

@ -30,6 +30,7 @@ import android.content.ContentResolver
import android.content.Context import android.content.Context
import android.database.Cursor import android.database.Cursor
import android.net.Uri import android.net.Uri
import android.os.Build
import android.provider.OpenableColumns import android.provider.OpenableColumns
import android.util.Log import android.util.Log
import java.io.File import java.io.File
@ -115,7 +116,17 @@ object FileUtils {
fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File? { fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File? {
val cachedFile = File(context.cacheDir, filename) val cachedFile = File(context.cacheDir, filename)
if (!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)) { val aboveOrEqualAPI26Check =
Build.VERSION.SDK_INT >= Build.VERSION_CODES.O &&
!cachedFile.toPath().normalize().startsWith(context.cacheDir.toPath())
val belowAPI26Check =
Build.VERSION.SDK_INT < Build.VERSION_CODES.O &&
!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)
val isOutsideCacheDir = aboveOrEqualAPI26Check || belowAPI26Check
if (isOutsideCacheDir) {
Log.w(TAG, "cachedFile was not created in cacheDir. Aborting for security reasons.") Log.w(TAG, "cachedFile was not created in cacheDir. Aborting for security reasons.")
cachedFile.delete() cachedFile.delete()
return null return null