Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

protect ManageRepo from malformed incoming URIs

Browse Source 
URIs can come from clicking a web page, NFC transmission, QR Code scan, and
more.  This code stops badly formed Uri strings from crashing F-Droid.  It
then shows a Toast error message that it can't understand the incoming URI.
This commit is contained in:
Hans-Christoph Steiner 2014-01-22 21:38:53 -05:00
parent ea9dec34b3
commit bcb7c048b5
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
res/values/strings.xml
View File

@ -81,6 +81,7 @@
<string name="repo_exists_enable">This repo is already setup, confirm that you want to re-enable it.</string>
<string name="repo_exists_and_enabled">The incoming repo is already setup and enabled!</string>
<string name="repo_delete_to_overwrite">You must first delete this repo before you can add one with a different key!</string>
<string name="malformed_repo_uri">Ignoring malformed repo URI: %s</string>
<string name="repo_alrt">The list of used repositories has
changed.\nDo you

16
src/org/fdroid/fdroid/ManageRepo.java
View File

@ -226,13 +226,20 @@ class RepoListFragment extends ListFragment
/* let's see if someone is trying to send us a new repo */
Intent intent = getActivity().getIntent();
/* an URL from a click or a QRCode scan */
/* an URL from a click, NFC, QRCode scan, etc */
Uri uri = intent.getData();
if (uri != null) {
// scheme should only ever be pure ASCII aka Locale.ENGLISH
String scheme = intent.getScheme().toLowerCase(Locale.ENGLISH);
// scheme and host should only ever be pure ASCII aka Locale.ENGLISH
String scheme = intent.getScheme();
String host = uri.getHost();
if (scheme == null || host == null) {
String msg = String.format(getString(R.string.malformed_repo_uri), uri);
Toast.makeText(getActivity(), msg, Toast.LENGTH_LONG).show();
return;
}
scheme = scheme.toLowerCase(Locale.ENGLISH);
host = host.toLowerCase(Locale.ENGLISH);
String fingerprint = uri.getUserInfo();
String host = uri.getHost().toLowerCase(Locale.ENGLISH);
if (scheme.equals("fdroidrepos") || scheme.equals("fdroidrepo")
|| scheme.equals("https") || scheme.equals("http")) {
@ -252,7 +259,6 @@ class RepoListFragment extends ListFragment
.replace(intent.getScheme(), scheme) // downcase scheme
.replace("fdroidrepo", "http"); // make proper URL
showAddRepo(uriString, fingerprint);
Log.i("ManageRepo", uriString + " fingerprint: " + fingerprint);
}
}
}