commit 17314deba4ef021723dbb67d3e31af33790a5147
Author: Jan Henning <jh+bugzi...@buttercookie.de>
Date: Wed Aug 22 16:50:04 2018 +0000
Bug 1484472 - Avoid FileUriExposedException in
ExternalIntentDuringPrivateBrowsingPromptFragment. r=jchen
The fragment is also used to handle intents launched through GeckoAppShell.
openUriExternal(), such as e.g. when launching downloaded files from
about:downloads.
The synchronous code path when not in private browsing is already covered
by the
code added in bug 1450449, but the async path through the fragment when in
private browsing needs to be handled separately.
Differential Revision: https://phabricator.services.mozilla.com/D3916
--HG--
extra : moz-landing-system : lando
---
.../ExternalIntentDuringPrivateBrowsingPromptFragment.java | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git
a/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java
b/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java
index b4d1e13d9698..6dd8ae92c854 100644
---
a/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java
+++
b/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java
@@ -17,6 +17,7 @@ import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.os.Bundle;
+import android.os.StrictMode;
import android.support.v4.app.DialogFragment;
import android.support.v4.app.FragmentManager;
import android.support.v7.app.AlertDialog;
@@ -25,9 +26,9 @@ import android.util.Log;
import java.util.List;
/**
- * A DialogFragment to contain a dialog that appears when the user clicks an
Intent:// URI during private browsing. The
- * dialog appears to notify the user that a clicked link will open in an
external application, potentially leaking their
- * browsing history.
+ * A DialogFragment to contain a dialog that appears when the user clicks an
Intent:// URI or
+ * launches a file during private browsing. The dialog appears to notify the
user that a clicked
+ * link will open in an external application, potentially leaking their
browsing history.
*/
public class ExternalIntentDuringPrivateBrowsingPromptFragment extends
DialogFragment {
private static final String LOGTAG =
ExternalIntentDuringPrivateBrowsingPromptFragment.class.getSimpleName();
@@ -50,7 +51,13 @@ public class
ExternalIntentDuringPrivateBrowsingPromptFragment extends DialogFra
.setTitle(intent.getDataString())
.setPositiveButton(R.string.button_yes, new
DialogInterface.OnClickListener() {
public void onClick(final DialogInterface dialog, final
int id) {
+ // Bug 1450449 - Downloaded files are already in a
public directory and
+ // aren't really exclusively owned by Firefox, so
there's no real benefit
+ // to using content:// URIs here.
+ StrictMode.VmPolicy prevPolicy =
StrictMode.getVmPolicy();
+ StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX);
context.startActivity(intent);
+ StrictMode.setVmPolicy(prevPolicy);
}
})
.setNegativeButton(R.string.button_no, null /* we do nothing
if the user rejects */ );
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
