From 7177c523a1b31988666b9337249a4f1d0c36f479 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 19 Oct 2018 15:39:31 +0200 Subject: [PATCH] Do not insert text shared over XMPP uri when already drafting message XMPP uris in the style of `xmpp:test@domain.tld?body=Something` can be used to directly share a message with a specific contact. Previously the text was always appended to the message currently in draft. The message was never send automatically. Essentially those links where treated like normal text share intents (for example when sharing a URL from the browser) but without the contact selection. There is a concern (CVE-2018-18467) that when this URI is invoked automatically and the user is currently drafting a long message to that particular contact the text could be inserted in the draft field (input box) without the user noticing. To circumvent that the text shared over XMPP uris that contain a particular contact is now appended only if the draft box is currently empty. Sharing text normally (**with** manual contact selection) is still treated the same; meaning the shared text will be appended to the current draft. This is intended behaviour to make the 'Hey I have this cool link here;' *open browser*, *share link* - secenario work. --- .../ui/ConversationFragment.java | 13 ++++++++--- .../ui/ConversationsActivity.java | 1 + .../ui/StartConversationActivity.java | 23 +++++++++++-------- .../siacs/conversations/ui/XmppActivity.java | 17 ++++++++++---- src/main/res/values/strings.xml | 1 + 5 files changed, 37 insertions(+), 18 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/ui/ConversationFragment.java b/src/main/java/eu/siacs/conversations/ui/ConversationFragment.java index 220e0a3adbc1937e6acdc38a902115c3c46547ce..0a8f8cf68ffbae710b29d3d30beaf2d3cac9dc1a 100644 --- a/src/main/java/eu/siacs/conversations/ui/ConversationFragment.java +++ b/src/main/java/eu/siacs/conversations/ui/ConversationFragment.java @@ -27,6 +27,7 @@ import android.os.SystemClock; import android.support.v13.view.inputmethod.InputConnectionCompat; import android.support.v13.view.inputmethod.InputContentInfoCompat; import android.text.Editable; +import android.text.TextUtils; import android.util.Log; import android.view.ContextMenu; import android.view.ContextMenu.ContextMenuInfo; @@ -1995,6 +1996,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke final String nick = extras.getString(ConversationsActivity.EXTRA_NICK); final boolean asQuote = extras.getBoolean(ConversationsActivity.EXTRA_AS_QUOTE); final boolean pm = extras.getBoolean(ConversationsActivity.EXTRA_IS_PRIVATE_MESSAGE, false); + final boolean doNotAppend = extras.getBoolean(ConversationsActivity.EXTRA_DO_NOT_APPEND, false); final List uris = extractUris(extras); if (uris != null && uris.size() > 0) { final List cleanedUris = cleanUris(new ArrayList<>(uris)); @@ -2021,7 +2023,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke if (text != null && asQuote) { quoteText(text); } else { - appendText(text); + appendText(text, doNotAppend); } } final Message message = downloadUuid == null ? null : conversation.findMessageWithFileAndUuid(downloadUuid); @@ -2545,11 +2547,16 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke builder.create().show(); } - public void appendText(String text) { + public void appendText(String text, final boolean doNotAppend) { if (text == null) { return; } - String previous = this.binding.textinput.getText().toString(); + final Editable editable = this.binding.textinput.getText(); + String previous = editable == null ? "" : editable.toString(); + if (doNotAppend && !TextUtils.isEmpty(previous)) { + Toast.makeText(getActivity(),R.string.already_drafting_message, Toast.LENGTH_LONG).show(); + return; + } if (UIHelper.isLastLineQuote(previous)) { text = '\n' + text; } else if (previous.length() != 0 && !Character.isWhitespace(previous.charAt(previous.length() - 1))) { diff --git a/src/main/java/eu/siacs/conversations/ui/ConversationsActivity.java b/src/main/java/eu/siacs/conversations/ui/ConversationsActivity.java index 666026e5f76bdb60092e0a020103453e88a275b0..354a06e32e1402a91d3061558d5eabe7bb4b6e4f 100644 --- a/src/main/java/eu/siacs/conversations/ui/ConversationsActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/ConversationsActivity.java @@ -92,6 +92,7 @@ public class ConversationsActivity extends XmppActivity implements OnConversatio public static final String EXTRA_AS_QUOTE = "as_quote"; public static final String EXTRA_NICK = "nick"; public static final String EXTRA_IS_PRIVATE_MESSAGE = "pm"; + public static final String EXTRA_DO_NOT_APPEND = "do_not_append"; private static List VIEW_AND_SHARE_ACTIONS = Arrays.asList( ACTION_VIEW_CONVERSATION, diff --git a/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java b/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java index e2905987ae84abac387946f2b088dd293a52fc0e..be6338562ae2495337a28256a1bb76bf08ce048e 100644 --- a/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java @@ -487,7 +487,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne contact.setServerName(invite.getName()); } if (contact.isSelf()) { - switchToConversation(contact, null); + switchToConversation(contact); return true; } else if (contact.showInRoster()) { throw new EnterJidDialog.JidError(getString(R.string.contact_already_exists)); @@ -496,7 +496,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite != null && invite.hasFingerprints()) { xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); } - switchToConversation(contact, invite == null ? null : invite.getBody()); + switchToConversationDoNotAppend(contact, invite == null ? null : invite.getBody()); return true; } }); @@ -543,11 +543,14 @@ public class StartConversationActivity extends XmppActivity implements XmppConne return xmppConnectionService.findAccountByJid(jid); } - protected void switchToConversation(Contact contact, String body) { - Conversation conversation = xmppConnectionService - .findOrCreateConversation(contact.getAccount(), - contact.getJid(), false, true); - switchToConversation(conversation, body); + protected void switchToConversation(Contact contact) { + Conversation conversation = xmppConnectionService.findOrCreateConversation(contact.getAccount(), contact.getJid(), false, true); + switchToConversation(conversation); + } + + protected void switchToConversationDoNotAppend(Contact contact, String body) { + Conversation conversation = xmppConnectionService.findOrCreateConversation(contact.getAccount(), contact.getJid(), false, true); + switchToConversationDoNotAppend(conversation, body); } @Override @@ -777,7 +780,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite.isAction(XmppUri.ACTION_JOIN)) { Conversation muc = xmppConnectionService.findFirstMuc(invite.getJid()); if (muc != null) { - switchToConversation(muc, invite.getBody()); + switchToConversationDoNotAppend(muc, invite.getBody()); return true; } else { showJoinConferenceDialog(invite.getJid().asBareJid().toString()); @@ -799,7 +802,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (invite.account != null) { xmppConnectionService.getShortcutService().report(contact); } - switchToConversation(contact, invite.getBody()); + switchToConversationDoNotAppend(contact, invite.getBody()); } return true; } else { @@ -827,7 +830,7 @@ public class StartConversationActivity extends XmppActivity implements XmppConne if (isTrustedSource.isChecked() && invite.hasFingerprints()) { xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); } - switchToConversation(contact, invite.getBody()); + switchToConversationDoNotAppend(contact, invite.getBody()); }); builder.setNegativeButton(R.string.cancel, (dialog, which) -> StartConversationActivity.this.finish()); AlertDialog dialog = builder.create(); diff --git a/src/main/java/eu/siacs/conversations/ui/XmppActivity.java b/src/main/java/eu/siacs/conversations/ui/XmppActivity.java index 82d3316c6acfdfe3630ff5579ded0df1f106206d..ccc7f9e5c0117f63a9dbc609a05a76f02783f09c 100644 --- a/src/main/java/eu/siacs/conversations/ui/XmppActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/XmppActivity.java @@ -453,22 +453,26 @@ public abstract class XmppActivity extends ActionBarActivity { } public void switchToConversationAndQuote(Conversation conversation, String text) { - switchToConversation(conversation, text, true, null, false); + switchToConversation(conversation, text, true, null, false, false); } public void switchToConversation(Conversation conversation, String text) { - switchToConversation(conversation, text, false, null, false); + switchToConversation(conversation, text, false, null, false, false); + } + + public void switchToConversationDoNotAppend(Conversation conversation, String text) { + switchToConversation(conversation, text, false, null, false, true); } public void highlightInMuc(Conversation conversation, String nick) { - switchToConversation(conversation, null, false, nick, false); + switchToConversation(conversation, null, false, nick, false, false); } public void privateMsgInMuc(Conversation conversation, String nick) { - switchToConversation(conversation, null, false, nick, true); + switchToConversation(conversation, null, false, nick, true, false); } - private void switchToConversation(Conversation conversation, String text, boolean asQuote, String nick, boolean pm) { + private void switchToConversation(Conversation conversation, String text, boolean asQuote, String nick, boolean pm, boolean doNotAppend) { Intent intent = new Intent(this, ConversationsActivity.class); intent.setAction(ConversationsActivity.ACTION_VIEW_CONVERSATION); intent.putExtra(ConversationsActivity.EXTRA_CONVERSATION, conversation.getUuid()); @@ -482,6 +486,9 @@ public abstract class XmppActivity extends ActionBarActivity { intent.putExtra(ConversationsActivity.EXTRA_NICK, nick); intent.putExtra(ConversationsActivity.EXTRA_IS_PRIVATE_MESSAGE, pm); } + if (doNotAppend) { + intent.putExtra(ConversationsActivity.EXTRA_DO_NOT_APPEND, true); + } intent.setFlags(intent.getFlags() | Intent.FLAG_ACTIVITY_CLEAR_TOP); startActivity(intent); finish(); diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 7876525ba1c4f1fa26f6aab523a0b3d52997254d..20e3357a2a2348343fd3072a705fee6c269f43ec 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -746,4 +746,5 @@ Medium (360p) High (720p) cancelled + You are already drafting a message.