From 8f3e242fda3e4a0e250e22dc19f3b287975ad117 Mon Sep 17 00:00:00 2001 From: Philipp Heckel Date: Mon, 9 May 2022 10:23:21 -0400 Subject: [PATCH] Mime type and size checks --- .../heckel/ntfy/ui/DetailSettingsActivity.kt | 20 ++++++++++++++++++- app/src/main/res/values/strings.xml | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt b/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt index 8ead31a..f4c39e8 100644 --- a/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt +++ b/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt @@ -284,6 +284,16 @@ class DetailSettingsActivity : AppCompatActivity() { lifecycleScope.launch(Dispatchers.IO) { val outputUri = createUri() ?: return@launch try { + // Early size & mime type check + val mimeType = resolver.getType(inputUri) + if (!supportedImage(mimeType)) { + throw IOException("unknown image type or not supported") + } + val stat = fileStat(requireContext(), inputUri) // May throw + if (stat.size > SUBSCRIPTION_ICON_MAX_SIZE_BYTES) { + throw IOException("image too large, max supported is ${SUBSCRIPTION_ICON_MAX_SIZE_BYTES/1024/1024}MB") + } + // Write to cache storage val inputStream = resolver.openInputStream(inputUri) ?: throw IOException("Couldn't open content URI for reading") val outputStream = resolver.openOutputStream(outputUri) ?: throw IOException("Couldn't open content URI for writing") @@ -291,8 +301,13 @@ class DetailSettingsActivity : AppCompatActivity() { it.copyTo(outputStream) } - // Read image & display "remove" preference + // Read image, check dimensions val bitmap = outputUri.readBitmapFromUri(requireContext()) + if (bitmap.width > SUBSCRIPTION_ICON_MAX_WIDTH || bitmap.height > SUBSCRIPTION_ICON_MAX_HEIGHT) { + throw IOException("image exceeds max dimensions of ${SUBSCRIPTION_ICON_MAX_WIDTH}x${SUBSCRIPTION_ICON_MAX_HEIGHT}") + } + + // Display "remove" preference iconRemovePref.icon = bitmap.toDrawable(resources) iconRemovePref.isVisible = true iconSetPref.isVisible = false @@ -351,5 +366,8 @@ class DetailSettingsActivity : AppCompatActivity() { companion object { private const val TAG = "NtfyDetailSettingsActiv" private const val SUBSCRIPTION_ICONS = "subscriptionIcons" + private const val SUBSCRIPTION_ICON_MAX_SIZE_BYTES = 4194304 + private const val SUBSCRIPTION_ICON_MAX_WIDTH = 2048 + private const val SUBSCRIPTION_ICON_MAX_HEIGHT = 2048 } } diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index faeadae..54993a1 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -350,7 +350,7 @@ Icon displayed in notifications for this topic Unable to save icon: %1$s Use global setting - global + using global setting Add user