gronod/talk-android
1
0
Fork 1
mirror of https://github.com/nextcloud/talk-android synced 2025-06-21 04:29:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4356 from nextcloud/fix-partial-path-travel-1

Browse Source 
Adjust cacheDir based on Android version
This commit is contained in:
Marcel Hibbe 2024-10-22 11:41:17 +02:00 committed by GitHub
commit 4ff3702f8b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt
View File

@ -13,6 +13,7 @@ import android.content.ContentResolver
import android.content.Context
import android.database.Cursor
import android.net.Uri
import android.os.Build
import android.provider.OpenableColumns
import android.util.Log
import java.io.File
@ -98,7 +99,17 @@ object FileUtils {
fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File? {
val cachedFile = File(context.cacheDir, filename)
if (!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)) {
val aboveOrEqualAPI26Check =
Build.VERSION.SDK_INT >= Build.VERSION_CODES.O &&
!cachedFile.toPath().normalize().startsWith(context.cacheDir.toPath())
val belowAPI26Check =
Build.VERSION.SDK_INT < Build.VERSION_CODES.O &&
!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)
val isOutsideCacheDir = aboveOrEqualAPI26Check || belowAPI26Check
if (isOutsideCacheDir) {
Log.w(TAG, "cachedFile was not created in cacheDir. Aborting for security reasons.")
cachedFile.delete()
return null