From 9559b8850ef484de807e885b4649e15b1dc361fe Mon Sep 17 00:00:00 2001
From: Mariotaku Lee <mariotaku.lee@gmail.com>
Date: Wed, 17 Jul 2019 18:40:34 +0900
Subject: [PATCH] Fixed security issue for startActivity with potential
 malicious intent.

---
 .../twidere/constant/IntentConstants.java        |  2 --
 .../twidere/activity/AccountSelectorActivity.kt  | 13 -------------
 .../mariotaku/twidere/activity/HomeActivity.kt   |  7 +------
 .../twidere/activity/LinkHandlerActivity.kt      | 16 +++++++++++++---
 4 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/twidere.component.common/src/main/java/org/mariotaku/twidere/constant/IntentConstants.java b/twidere.component.common/src/main/java/org/mariotaku/twidere/constant/IntentConstants.java
index e422d1dbd..7febb234d 100644
--- a/twidere.component.common/src/main/java/org/mariotaku/twidere/constant/IntentConstants.java
+++ b/twidere.component.common/src/main/java/org/mariotaku/twidere/constant/IntentConstants.java
@@ -170,7 +170,6 @@ public interface IntentConstants {
     String EXTRA_NEXT_PAGINATION = "next_pagination";
     String EXTRA_PREV_PAGINATION = "prev_pagination";
     String EXTRA_PAGINATION = "pagination";
-    String EXTRA_EXTRA_INTENT = "extra_intent";
     String EXTRA_IS_MY_ACCOUNT = "is_my_account";
     String EXTRA_TAB_TYPE = "tab_type";
     String EXTRA_ACCOUNT = "account";
@@ -217,7 +216,6 @@ public interface IntentConstants {
     String EXTRA_LOADING_MORE = "loading_more";
     String EXTRA_PINNED_STATUS_IDS = "pinned_status_ids";
     String EXTRA_SHOULD_INIT_LOADER = "should_init_loader";
-    String EXTRA_START_INTENT = "start_intent";
     String EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY = "select_only_item_automatically";
     String EXTRA_OBJECT = "object";
     String EXTRA_SIMPLE_LAYOUT = "simple_layout";
diff --git a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/AccountSelectorActivity.kt b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/AccountSelectorActivity.kt
index 9c1fd6d7f..0376f95ac 100644
--- a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/AccountSelectorActivity.kt
+++ b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/AccountSelectorActivity.kt
@@ -84,13 +84,6 @@ class AccountSelectorActivity : BaseActivity(), OnItemClickListener {
     private val isSelectOnlyItemAutomatically: Boolean
         get() = intent.getBooleanExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, false)
 
-    private val startIntent: Intent?
-        get() {
-            val startIntent = intent.getParcelableExtra<Intent>(EXTRA_START_INTENT)
-            startIntent?.setExtrasClassLoader(TwidereApplication::class.java.classLoader)
-            return startIntent
-        }
-
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         setContentView(R.layout.activity_account_selector)
@@ -157,12 +150,6 @@ class AccountSelectorActivity : BaseActivity(), OnItemClickListener {
         data.putExtra(EXTRA_ACCOUNT_KEY, account.key)
         data.putExtra(EXTRA_EXTRAS, intent.getBundleExtra(EXTRA_EXTRAS))
 
-        val startIntent = startIntent
-        if (startIntent != null) {
-            startIntent.putExtra(EXTRA_ACCOUNT_KEY, account.key)
-            startActivity(startIntent)
-        }
-
         setResult(Activity.RESULT_OK, data)
         finish()
     }
diff --git a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/HomeActivity.kt b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/HomeActivity.kt
index 6fa0e4a00..25bd333ed 100644
--- a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/HomeActivity.kt
+++ b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/HomeActivity.kt
@@ -705,7 +705,6 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
         if (handleExtraIntent && refreshOnStart) {
             twitterWrapper.refreshAll()
         }
-        val extraIntent = intent.getParcelableExtra<Intent>(EXTRA_EXTRA_INTENT)
 
         val uri = intent.data
         @CustomTabType
@@ -725,7 +724,7 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
                     }
                 }
             }
-            if (initialTab == -1 && (extraIntent == null || !handleExtraIntent)) {
+            if (initialTab == -1 && !handleExtraIntent) {
                 // Tab not found, open account specific page
                 when (tabType) {
                     CustomTabType.NOTIFICATIONS_TIMELINE -> {
@@ -739,10 +738,6 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
                 }
             }
         }
-        if (extraIntent != null && handleExtraIntent) {
-            extraIntent.setExtrasClassLoader(classLoader)
-            startActivity(extraIntent)
-        }
         return initialTab
     }
 
diff --git a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/LinkHandlerActivity.kt b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/LinkHandlerActivity.kt
index fb25a6cc5..c31a447f4 100644
--- a/twidere/src/main/kotlin/org/mariotaku/twidere/activity/LinkHandlerActivity.kt
+++ b/twidere/src/main/kotlin/org/mariotaku/twidere/activity/LinkHandlerActivity.kt
@@ -46,6 +46,7 @@ import org.mariotaku.ktextension.set
 import org.mariotaku.ktextension.toDoubleOr
 import org.mariotaku.twidere.Constants.*
 import org.mariotaku.twidere.R
+import org.mariotaku.twidere.TwidereConstants
 import org.mariotaku.twidere.activity.iface.IControlBarActivity
 import org.mariotaku.twidere.activity.iface.IControlBarActivity.ControlBarShowHideHelper
 import org.mariotaku.twidere.constant.*
@@ -131,9 +132,7 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
             selectIntent.putExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, true)
             selectIntent.putExtra(EXTRA_ACCOUNT_HOST, accountHost)
             selectIntent.putExtra(EXTRA_ACCOUNT_TYPE, accountType)
-            selectIntent.putExtra(EXTRA_START_INTENT, intent)
-            startActivity(selectIntent)
-            finish()
+            startActivityForResult(selectIntent, REQUEST_SELECT_ACCOUNT)
             return
         }
 
@@ -210,6 +209,13 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
                     Analyzer.log(PurchaseFinished.create(data!!))
                 }
             }
+            REQUEST_SELECT_ACCOUNT -> {
+                if (requestCode == Activity.RESULT_OK && data != null) {
+                    startActivity(Intent(intent).putExtra(TwidereConstants.EXTRA_ACCOUNT_KEY,
+                            data.getParcelableExtra<UserKey>(TwidereConstants.EXTRA_ACCOUNT_KEY)))
+                }
+                finish()
+            }
             else -> {
                 super.onActivityResult(requestCode, resultCode, data)
             }
@@ -928,4 +934,8 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
         val value = getQueryParameter(QUERY_PARAM_USER_KEY) ?: getQueryParameter(QUERY_PARAM_USER_ID)
         return value?.let(UserKey::valueOf)
     }
+
+    companion object {
+        const val REQUEST_SELECT_ACCOUNT = 101
+    }
 }