Fixed security issue for startActivity with potential malicious intent.
This commit is contained in:
parent
330b78b301
commit
9559b8850e
|
@ -170,7 +170,6 @@ public interface IntentConstants {
|
||||||
String EXTRA_NEXT_PAGINATION = "next_pagination";
|
String EXTRA_NEXT_PAGINATION = "next_pagination";
|
||||||
String EXTRA_PREV_PAGINATION = "prev_pagination";
|
String EXTRA_PREV_PAGINATION = "prev_pagination";
|
||||||
String EXTRA_PAGINATION = "pagination";
|
String EXTRA_PAGINATION = "pagination";
|
||||||
String EXTRA_EXTRA_INTENT = "extra_intent";
|
|
||||||
String EXTRA_IS_MY_ACCOUNT = "is_my_account";
|
String EXTRA_IS_MY_ACCOUNT = "is_my_account";
|
||||||
String EXTRA_TAB_TYPE = "tab_type";
|
String EXTRA_TAB_TYPE = "tab_type";
|
||||||
String EXTRA_ACCOUNT = "account";
|
String EXTRA_ACCOUNT = "account";
|
||||||
|
@ -217,7 +216,6 @@ public interface IntentConstants {
|
||||||
String EXTRA_LOADING_MORE = "loading_more";
|
String EXTRA_LOADING_MORE = "loading_more";
|
||||||
String EXTRA_PINNED_STATUS_IDS = "pinned_status_ids";
|
String EXTRA_PINNED_STATUS_IDS = "pinned_status_ids";
|
||||||
String EXTRA_SHOULD_INIT_LOADER = "should_init_loader";
|
String EXTRA_SHOULD_INIT_LOADER = "should_init_loader";
|
||||||
String EXTRA_START_INTENT = "start_intent";
|
|
||||||
String EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY = "select_only_item_automatically";
|
String EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY = "select_only_item_automatically";
|
||||||
String EXTRA_OBJECT = "object";
|
String EXTRA_OBJECT = "object";
|
||||||
String EXTRA_SIMPLE_LAYOUT = "simple_layout";
|
String EXTRA_SIMPLE_LAYOUT = "simple_layout";
|
||||||
|
|
|
@ -84,13 +84,6 @@ class AccountSelectorActivity : BaseActivity(), OnItemClickListener {
|
||||||
private val isSelectOnlyItemAutomatically: Boolean
|
private val isSelectOnlyItemAutomatically: Boolean
|
||||||
get() = intent.getBooleanExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, false)
|
get() = intent.getBooleanExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, false)
|
||||||
|
|
||||||
private val startIntent: Intent?
|
|
||||||
get() {
|
|
||||||
val startIntent = intent.getParcelableExtra<Intent>(EXTRA_START_INTENT)
|
|
||||||
startIntent?.setExtrasClassLoader(TwidereApplication::class.java.classLoader)
|
|
||||||
return startIntent
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun onCreate(savedInstanceState: Bundle?) {
|
override fun onCreate(savedInstanceState: Bundle?) {
|
||||||
super.onCreate(savedInstanceState)
|
super.onCreate(savedInstanceState)
|
||||||
setContentView(R.layout.activity_account_selector)
|
setContentView(R.layout.activity_account_selector)
|
||||||
|
@ -157,12 +150,6 @@ class AccountSelectorActivity : BaseActivity(), OnItemClickListener {
|
||||||
data.putExtra(EXTRA_ACCOUNT_KEY, account.key)
|
data.putExtra(EXTRA_ACCOUNT_KEY, account.key)
|
||||||
data.putExtra(EXTRA_EXTRAS, intent.getBundleExtra(EXTRA_EXTRAS))
|
data.putExtra(EXTRA_EXTRAS, intent.getBundleExtra(EXTRA_EXTRAS))
|
||||||
|
|
||||||
val startIntent = startIntent
|
|
||||||
if (startIntent != null) {
|
|
||||||
startIntent.putExtra(EXTRA_ACCOUNT_KEY, account.key)
|
|
||||||
startActivity(startIntent)
|
|
||||||
}
|
|
||||||
|
|
||||||
setResult(Activity.RESULT_OK, data)
|
setResult(Activity.RESULT_OK, data)
|
||||||
finish()
|
finish()
|
||||||
}
|
}
|
||||||
|
|
|
@ -705,7 +705,6 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
|
||||||
if (handleExtraIntent && refreshOnStart) {
|
if (handleExtraIntent && refreshOnStart) {
|
||||||
twitterWrapper.refreshAll()
|
twitterWrapper.refreshAll()
|
||||||
}
|
}
|
||||||
val extraIntent = intent.getParcelableExtra<Intent>(EXTRA_EXTRA_INTENT)
|
|
||||||
|
|
||||||
val uri = intent.data
|
val uri = intent.data
|
||||||
@CustomTabType
|
@CustomTabType
|
||||||
|
@ -725,7 +724,7 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (initialTab == -1 && (extraIntent == null || !handleExtraIntent)) {
|
if (initialTab == -1 && !handleExtraIntent) {
|
||||||
// Tab not found, open account specific page
|
// Tab not found, open account specific page
|
||||||
when (tabType) {
|
when (tabType) {
|
||||||
CustomTabType.NOTIFICATIONS_TIMELINE -> {
|
CustomTabType.NOTIFICATIONS_TIMELINE -> {
|
||||||
|
@ -739,10 +738,6 @@ class HomeActivity : BaseActivity(), OnClickListener, OnPageChangeListener, Supp
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (extraIntent != null && handleExtraIntent) {
|
|
||||||
extraIntent.setExtrasClassLoader(classLoader)
|
|
||||||
startActivity(extraIntent)
|
|
||||||
}
|
|
||||||
return initialTab
|
return initialTab
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,6 +46,7 @@ import org.mariotaku.ktextension.set
|
||||||
import org.mariotaku.ktextension.toDoubleOr
|
import org.mariotaku.ktextension.toDoubleOr
|
||||||
import org.mariotaku.twidere.Constants.*
|
import org.mariotaku.twidere.Constants.*
|
||||||
import org.mariotaku.twidere.R
|
import org.mariotaku.twidere.R
|
||||||
|
import org.mariotaku.twidere.TwidereConstants
|
||||||
import org.mariotaku.twidere.activity.iface.IControlBarActivity
|
import org.mariotaku.twidere.activity.iface.IControlBarActivity
|
||||||
import org.mariotaku.twidere.activity.iface.IControlBarActivity.ControlBarShowHideHelper
|
import org.mariotaku.twidere.activity.iface.IControlBarActivity.ControlBarShowHideHelper
|
||||||
import org.mariotaku.twidere.constant.*
|
import org.mariotaku.twidere.constant.*
|
||||||
|
@ -131,9 +132,7 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
|
||||||
selectIntent.putExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, true)
|
selectIntent.putExtra(EXTRA_SELECT_ONLY_ITEM_AUTOMATICALLY, true)
|
||||||
selectIntent.putExtra(EXTRA_ACCOUNT_HOST, accountHost)
|
selectIntent.putExtra(EXTRA_ACCOUNT_HOST, accountHost)
|
||||||
selectIntent.putExtra(EXTRA_ACCOUNT_TYPE, accountType)
|
selectIntent.putExtra(EXTRA_ACCOUNT_TYPE, accountType)
|
||||||
selectIntent.putExtra(EXTRA_START_INTENT, intent)
|
startActivityForResult(selectIntent, REQUEST_SELECT_ACCOUNT)
|
||||||
startActivity(selectIntent)
|
|
||||||
finish()
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -210,6 +209,13 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
|
||||||
Analyzer.log(PurchaseFinished.create(data!!))
|
Analyzer.log(PurchaseFinished.create(data!!))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
REQUEST_SELECT_ACCOUNT -> {
|
||||||
|
if (requestCode == Activity.RESULT_OK && data != null) {
|
||||||
|
startActivity(Intent(intent).putExtra(TwidereConstants.EXTRA_ACCOUNT_KEY,
|
||||||
|
data.getParcelableExtra<UserKey>(TwidereConstants.EXTRA_ACCOUNT_KEY)))
|
||||||
|
}
|
||||||
|
finish()
|
||||||
|
}
|
||||||
else -> {
|
else -> {
|
||||||
super.onActivityResult(requestCode, resultCode, data)
|
super.onActivityResult(requestCode, resultCode, data)
|
||||||
}
|
}
|
||||||
|
@ -928,4 +934,8 @@ class LinkHandlerActivity : BaseActivity(), SystemWindowInsetsCallback, IControl
|
||||||
val value = getQueryParameter(QUERY_PARAM_USER_KEY) ?: getQueryParameter(QUERY_PARAM_USER_ID)
|
val value = getQueryParameter(QUERY_PARAM_USER_KEY) ?: getQueryParameter(QUERY_PARAM_USER_ID)
|
||||||
return value?.let(UserKey::valueOf)
|
return value?.let(UserKey::valueOf)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
companion object {
|
||||||
|
const val REQUEST_SELECT_ACCOUNT = 101
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue