From 59c4102ba387c8a4104923eba9c90124c3e9e481 Mon Sep 17 00:00:00 2001
From: Soren Stoutner <soren@stoutner.com>
Date: Thu, 10 Nov 2022 14:30:47 -0700
Subject: [PATCH] Restrict the File Provider to a subfolder of the cache
directory. https://redmine.stoutner.com/issues/779
---
.../activities/ImportExportActivity.java | 37 +++++++++++++++++--
app/src/main/res/values-de/strings.xml | 2 +-
app/src/main/res/values-es/strings.xml | 2 +-
app/src/main/res/values-fr/strings.xml | 2 +-
app/src/main/res/values-it/strings.xml | 2 +-
app/src/main/res/values-pt-rBR/strings.xml | 2 +-
app/src/main/res/values-ru/strings.xml | 7 +++-
app/src/main/res/values-tr/strings.xml | 2 +-
app/src/main/res/values/strings.xml | 5 ++-
app/src/main/res/xml/file_provider_paths.xml | 2 +-
10 files changed, 49 insertions(+), 14 deletions(-)
diff --git a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java
index 7c347a44..4c48b426 100644
--- a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java
+++ b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright © 2018-2022 Soren Stoutner <soren@stoutner.com>.
+ * Copyright 2018-2022 Soren Stoutner <soren@stoutner.com>.
*
* This file is part of Privacy Browser Android <https://www.stoutner.com/privacy-browser-android>.
*
@@ -105,6 +105,7 @@ public class ImportExportActivity extends AppCompatActivity {
Button importExportButton;
// Define the class variables.
+ private File fileProviderDirectory;
private boolean openKeychainInstalled;
private File temporaryPgpEncryptedImportFile;
private File temporaryPreEncryptedExportFile;
@@ -499,6 +500,13 @@ public class ImportExportActivity extends AppCompatActivity {
//noinspection ResultOfMethodCallIgnored
temporaryPgpEncryptedImportFile.delete();
}
+
+ // Delete the file provider directory if it exists.
+ if (fileProviderDirectory.exists()) {
+ //noinspection ResultOfMethodCallIgnored
+ fileProviderDirectory.delete();
+ }
+
break;
case OPENPGP_EXPORT_RESULT_CODE:
@@ -507,6 +515,13 @@ public class ImportExportActivity extends AppCompatActivity {
//noinspection ResultOfMethodCallIgnored
temporaryPreEncryptedExportFile.delete();
}
+
+ // Delete the file provider directory if it exists.
+ if (fileProviderDirectory.exists()) {
+ //noinspection ResultOfMethodCallIgnored
+ fileProviderDirectory.delete();
+ }
+
break;
}
}
@@ -657,8 +672,15 @@ public class ImportExportActivity extends AppCompatActivity {
case OPENPGP_ENCRYPTION:
try {
+ // Get a handle for the file provider directory.
+ fileProviderDirectory = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.file_provider_directory));
+
+ // Create the file provider directory. Any errors will be handled by the catch statement below.
+ //noinspection ResultOfMethodCallIgnored
+ fileProviderDirectory.mkdir();
+
// Set the temporary PGP encrypted import file.
- temporaryPgpEncryptedImportFile = File.createTempFile("temporary_pgp_encrypted_import_file", null, getApplicationContext().getCacheDir());
+ temporaryPgpEncryptedImportFile = File.createTempFile("temporary_pgp_encrypted_import_file", null, fileProviderDirectory);
// Create a temporary PGP encrypted import file output stream.
FileOutputStream temporaryPgpEncryptedImportFileOutputStream = new FileOutputStream(temporaryPgpEncryptedImportFile);
@@ -858,8 +880,15 @@ public class ImportExportActivity extends AppCompatActivity {
case OPENPGP_ENCRYPTION:
try {
+ // Get a handle for the file provider directory.
+ fileProviderDirectory = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.file_provider_directory));
+
+ // Create the file provider directory. Any errors will be handled by the catch statement below.
+ //noinspection ResultOfMethodCallIgnored
+ fileProviderDirectory.mkdir();
+
// Set the temporary pre-encrypted export file.
- temporaryPreEncryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs");
+ temporaryPreEncryptedExportFile = new File(fileProviderDirectory + "/" + getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs");
// Delete the temporary pre-encrypted export file if it already exists.
if (temporaryPreEncryptedExportFile.exists()) {
@@ -932,4 +961,4 @@ public class ImportExportActivity extends AppCompatActivity {
// Restart Privacy Browser after 150 milliseconds to allow enough time for the preferences to be saved.
restartHandler.postDelayed(restartRunnable, 150);
}
-}
\ No newline at end of file
+}
diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml
index f0e0c5eb..336b27b0 100644
--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@@ -193,7 +193,7 @@
<string name="mht_checkbox_explanation">Manchmal müssen MIME-gekapselte HTML-Web-Archive (MHT) manuell festgelegt werden, um korrekt geöffnet zu werden.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">URL speichern</string>
<string name="save_archive">Archiv speichern</string>
<string name="save_text">Text speichern</string>
diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
index a304733f..628fe9b0 100644
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -189,7 +189,7 @@
<string name="mht_checkbox_explanation">A veces se necesita especificar manualmente los archivos web MIME Encapsulated HTML (MHT) para que se abran correctamente.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">Guardar URL</string>
<string name="save_archive">Guardar archivo</string>
<string name="save_text">Guardar texto</string>
diff --git a/app/src/main/res/values-fr/strings.xml b/app/src/main/res/values-fr/strings.xml
index 5f9cdc6f..6a42d9a5 100644
--- a/app/src/main/res/values-fr/strings.xml
+++ b/app/src/main/res/values-fr/strings.xml
@@ -190,7 +190,7 @@
<string name="mht_checkbox_explanation">Parfois, les archives web MHT (MIME Encapsulated HTML) doivent être spécifiées manuellement pour être ouvertes correctement.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">Enregistrer l\'URL</string>
<string name="save_archive">Enregistrer l\'archive</string>
<string name="save_text">Sauvegarder le texte</string>
diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml
index d601ddbf..be1697eb 100644
--- a/app/src/main/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@@ -189,7 +189,7 @@
<string name="mht_checkbox_explanation">Talvolta gli archivi web del tipo MIME Encapsulated HTML (MHT) devono essere specificati manualmente per essere aperti correttamente.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">Salva URL</string>
<string name="save_archive">Salva Archivio</string>
<string name="save_text">Salva Testo</string>
diff --git a/app/src/main/res/values-pt-rBR/strings.xml b/app/src/main/res/values-pt-rBR/strings.xml
index 4dac8dc4..e5217f01 100644
--- a/app/src/main/res/values-pt-rBR/strings.xml
+++ b/app/src/main/res/values-pt-rBR/strings.xml
@@ -187,7 +187,7 @@
<string name="mht_checkbox_explanation">Ãs vezes, os arquivos da web MIME Encapsulated HTML (MHT) precisam ser especificados manualmente para serem abertos corretamente.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">Salvar URL</string>
<string name="save_archive">Salvar Arquivo</string>
<string name="save_text">Salvar Texto</string>
diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml
index 3afebf9e..31755ca0 100644
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@@ -116,6 +116,7 @@
<string name="settings">ÐаÑÑÑойки</string>
<string name="import_export">ÐмпоÑÑ/ÐкÑпоÑÑ</string>
<string name="logcat">Logcat</string>
+ <string name="webview_devtools">ÐнÑÑÑÑменÑÑ ÑазÑабоÑÑика WebView</string>
<string name="guide">Ð ÑководÑÑво</string>
<string name="about">Ð Privacy Browser</string>
@@ -186,7 +187,7 @@
<string name="mht_checkbox_explanation">Ðногда Ð´Ð»Ñ ÐºÐ¾ÑÑекÑного оÑкÑÑÑÐ¸Ñ Ð²ÐµÐ±-аÑÑ
ивов MIME Encapsulated HTML (MHT) необÑ
одимо ÑказаÑÑ Ð²ÑÑÑнÑÑ.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_url">СоÑ
ÑаниÑÑ URL</string>
<string name="save_archive">СоÑ
ÑаниÑÑ Ð°ÑÑ
ив</string>
<string name="save_text">СоÑ
ÑаниÑÑ ÑекÑÑ</string>
@@ -198,6 +199,8 @@
<string name="invalid_url">непÑавилÑнÑй URL</string>
<string name="saving_file">СоÑ
Ñанение Ñайла:</string>
<string name="processing_image">ÐбÑабоÑка изобÑажениÑ⦠:</string>
+ <string name="error_saving_file">ÐÑибка ÑоÑ
ÑÐ°Ð½ÐµÐ½Ð¸Ñ %1$s: \u0020 %2$s</string>
+ <string name="unknown_error">ÐеизвеÑÑÐ½Ð°Ñ Ð¾Ñибка</string>
<!-- View Source. -->
<string name="request_headers">Ðаголовки запÑоÑа</string>
@@ -560,6 +563,8 @@
<string name="swipe_to_refresh">ÐоÑÑнÑÑÑ Ð´Ð»Ñ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ</string>
<string name="swipe_to_refresh_summary">ÐекоÑоÑÑе веб-ÑайÑÑ Ð¼Ð¾Ð³ÑÑ ÑабоÑаÑÑ Ð½ÐµÐºÐ¾ÑÑекÑно пÑи вклÑÑении данной опÑии.</string>
<string name="download_with_external_app">ÐагÑÑзка во внеÑнем пÑиложении</string>
+ <string name="download_with_external_app_summary">ÐнеÑние пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð½Ðµ бÑдÑÑ ÑÑиÑÑваÑÑ Ð½Ð°ÑÑÑойки пÑокÑи Privacy Browser и не бÑдÑÑ Ð¸Ð¼ÐµÑÑ Ð´Ð¾ÑÑÑпа к cookie
+ (ÑÑо ознаÑаеÑ, ÑÑо ÑайлÑ, загÑÑженнÑе Ñ ÑайÑов, Ð´Ð»Ñ ÐºÐ¾ÑоÑÑÑ
ÑÑебÑеÑÑÑ Ð°Ð²ÑоÑизаÑиÑ, вÑÑд ли бÑдÑÑ ÑабоÑаÑÑ).</string>
<string name="scroll_app_bar">ÐÑокÑÑÑиваÑÑ Ð¿Ð°Ð½ÐµÐ»Ñ Ð¿ÑиложениÑ</string>
<string name="scroll_app_bar_summary">ÐÑокÑÑÑÐ¸Ð²Ð°ÐµÑ Ð¿Ð°Ð½ÐµÐ»Ñ Ð¿ÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð²Ð²ÐµÑÑ
Ñ ÑкÑана пÑи пÑокÑÑÑке WebView вниз.</string>
<string name="bottom_app_bar">ÐижнÑÑ Ð¿Ð°Ð½ÐµÐ»Ñ Ð¿ÑиложениÑ</string>
diff --git a/app/src/main/res/values-tr/strings.xml b/app/src/main/res/values-tr/strings.xml
index 90a66064..ee192741 100644
--- a/app/src/main/res/values-tr/strings.xml
+++ b/app/src/main/res/values-tr/strings.xml
@@ -173,7 +173,7 @@
<string name="next">Sonraki</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_image">Resmi kaydet</string>
<string name="file_name">Dosya adı</string>
<string name="unknown_size">Bilinmeyen boyut</string>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 1e30a7a8..6f0a5d8f 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -25,6 +25,7 @@
<!-- Providers. -->
<string name="file_provider" translatable="false">com.stoutner.privacybrowser.fileprovider.standard</string>
+ <string name="file_provider_directory" translatable="false">file_provider</string>
<!-- Activities. -->
<string name="privacy_browser">Privacy Browser</string>
@@ -195,7 +196,7 @@
<string name="mht_checkbox_explanation">Sometimes MIME Encapsulated HTML (MHT) web archives need to be manually specified to be opened correctly.</string>
<!-- Save Dialog. Android removes double spaces, but extra spaces can be manually specified with the Unicode `\u0020` formatting.
- The `%1$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
+ The `%*$s` code inserts variables into the displayed text and should be preserved in translation. <https://developer.android.com/reference/kotlin/java/util/Formatter> -->
<string name="save_dialog" translatable="false">Save Dialog</string> <!-- This string is used to tag the save dialog. It is never displayed to the user. -->
<string name="save_url">Save URL</string>
<string name="save_archive">Save Archive</string>
@@ -209,7 +210,7 @@
<string name="saving_file">Saving file:</string>
<string name="saved">%1$s saved.</string>
<string name="processing_image">Processing image⦠:</string>
- <string name="error_saving_file">Error saving %1$s: \u0020 %2$s</string> -->
+ <string name="error_saving_file">Error saving %1$s: \u0020 %2$s</string>
<string name="unknown_error">Unknown error</string>
<!-- View Source. -->
diff --git a/app/src/main/res/xml/file_provider_paths.xml b/app/src/main/res/xml/file_provider_paths.xml
index ffbe1760..d3786604 100644
--- a/app/src/main/res/xml/file_provider_paths.xml
+++ b/app/src/main/res/xml/file_provider_paths.xml
@@ -21,5 +21,5 @@
<paths>
<cache-path
name="private-cache-directory"
- path="." />
+ path="file_provider" />
</paths>
--
2.47.2