Skip to content
Snippets Groups Projects
Commit cbac7817 authored by Nicolas Pomepuy's avatar Nicolas Pomepuy Committed by Duncan McNamara
Browse files

Prevent the thumb provider to distribute files from outside the thumbnails cache

parent 1e89a2a6
No related branches found
No related tags found
1 merge request!1661Prevent the thumb provider to distribute files from outside the thumbnails cache
Pipeline #306480 passed with stage
in 8 minutes and 15 seconds
......@@ -5,7 +5,9 @@ import android.content.ContentValues
import android.database.Cursor
import android.net.Uri
import android.os.ParcelFileDescriptor
import org.videolan.medialibrary.interfaces.Medialibrary
import org.videolan.resources.AndroidDevices
import org.videolan.resources.AppContextProvider
import java.io.File
import java.io.FileNotFoundException
......@@ -30,6 +32,7 @@ class FileProvider : ContentProvider() {
override fun openFile(uri: Uri, mode: String): ParcelFileDescriptor {
val path = uri.path ?: throw SecurityException("Illegal access")
if (path.contains("..")) throw SecurityException("Illegal access")
if (!path.startsWith(AppContextProvider.appContext.getExternalFilesDir(null)!!.absolutePath + Medialibrary.MEDIALIB_FOLDER_NAME)) throw SecurityException("Illegal access")
val file = File(path)
if (!AndroidDevices.mountBL.any { file.canonicalPath.startsWith(it) }) throw SecurityException("Illegal access")
if (file.exists()) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment