Commit graph

6154 commits

Author SHA1 Message Date
Daniel Gultsch 7177c523a1 Do not insert text shared over XMPP uri when already drafting message
XMPP uris in the style of `xmpp:test@domain.tld?body=Something` can be used to
directly share a message with a specific contact. Previously the text was
always appended to the message currently in draft. The message was never send
automatically. Essentially those links where treated like normal text share
intents (for example when sharing a URL from the browser) but without the
contact selection.

There is a concern (CVE-2018-18467) that when this URI is invoked automatically
and the user is currently drafting a long message to that particular contact
the text could be inserted in the draft field (input box) without the user
noticing.

To circumvent that the text shared over XMPP uris that contain a particular
contact is now appended only if the draft box is currently empty.

Sharing text normally (**with** manual contact selection) is still treated the
same; meaning the shared text will be appended to the current draft. This is
intended behaviour to make the
'Hey I have this cool link here;' *open browser*, *share link* - secenario
work.
2018-10-19 15:39:31 +02:00
Daniel Gultsch 71bbd379e9 removed unused paramater 'newTask' from switchToConversation api 2018-10-19 15:18:36 +02:00
Daniel Gultsch 5e764216ef version bump to 2.3.4 + changelog 2018-10-17 23:09:25 +02:00
Daniel Gultsch 7ff5aa3006 removed unused resources 2018-10-17 23:02:02 +02:00
Daniel Gultsch 304ad9aab9 pulled translations from transifex 2018-10-17 23:01:34 +02:00
Daniel Gultsch 4f12cf06ed revert back to 16 byte IVs for omemo since ChatSecure doesn’t support 12 byte 2018-10-17 20:46:57 +02:00
Daniel Gultsch 9048075aaa version bump to 2.3.3 + changelog 2018-10-16 12:40:24 +02:00
Daniel Gultsch 5f8184fe8e only store non hardcoded resolver result in db 2018-10-16 12:23:27 +02:00
Daniel Gultsch 2edab21423 render 'read up to this point' in 1:1 when followed by date bubble
fixes #3237
2018-10-16 12:18:28 +02:00
Daniel Gultsch 995f95ce99 pulled translations from transifex 2018-10-14 22:08:07 +02:00
Daniel Gultsch 2e2914ee78 fixed NPE after attempt to store user@ip style jid resolver result 2018-10-13 16:13:33 +02:00
Daniel Gultsch dd1d1858d0 fixed cache cleaning cleaning all confercenes instead of where contact is. closes #3229 2018-10-12 16:13:37 +02:00
Daniel Gultsch 63f4625266 version bump to 2.3.2 + changelog 2018-10-11 15:46:57 +02:00
Daniel Gultsch a08da684e1 pulled translations from transifex 2018-10-11 15:46:43 +02:00
Daniel Gultsch 7734047698 pulled translations from transifex 2018-10-11 05:14:11 +02:00
Daniel Gultsch 5718d552ed do not show 'open website' button after info has changed
fixes #3220
2018-10-11 05:06:46 +02:00
Daniel Gultsch 409bf3c0cb use bouncycastle provider up to api 27
apparently using conscrypt on Android below version 7? throws an exception when using 16 byte IVs.
so we now use BC when ever possible (excluding api 28)

we don’t know why Conscrypt behaves differently on various android versions
2018-10-11 04:36:37 +02:00
Daniel Gultsch 7c5af89c89 offer either 'cancel download' or 'delete file' but not both
fixes #3221
2018-10-11 04:33:14 +02:00
Licaon_Kter 58c6dbbbbe Lower foreground service notification priority (#3223)
...so no useless icon is shown on the status bar on Android 7 and older (as it was up to 2.2.9)
2018-10-11 02:44:17 +02:00
Daniel Gultsch 57fe153ef1 make 'cancelled' work for jingle ft 2018-10-08 10:31:41 +02:00
Daniel Gultsch bdb8d98eb1 show snackbar for remote server timeout in mucs 2018-10-08 10:31:11 +02:00
Daniel Gultsch de0741bdf7 show cancelled instead of delivery failed if user requested to abort transfer 2018-10-07 14:59:08 +02:00
Daniel Gultsch 284861de65 Do not attempt to draw overlay on null bitmap 2018-10-07 13:44:20 +02:00
Daniel Gultsch 3dceb9d3ad refactor video qualtiy selector; less technical descriptions; code cleanup 2018-10-07 13:09:13 +02:00
Daniel Gultsch 84f7aeaea0 Merge branch 'video-selector' of https://github.com/licaon-kter/Conversations into licaon-kter-video-selector 2018-10-07 09:51:14 +02:00
Licaon_Kter 02be93ae66
Fix leftover string 2018-10-07 01:36:47 +00:00
licaon-kter a6fef8101b Fix selector, limit formats to 360 & 720 per CTS 2018-10-07 04:25:16 +03:00
Daniel Gultsch f23311ab3f PRNG fixes were a nop ever since we switched to 4.4+ 2018-10-06 19:34:20 +02:00
Daniel Gultsch 521bb7846c catch exception if Conscrypt could not be initialized and use tls 1.2 2018-10-06 19:33:38 +02:00
Daniel Gultsch d02b1237f7 pulled translations from transifex 2018-10-06 18:46:07 +02:00
Daniel Gultsch 10bfa00580 switch Android-Cropper library to come from jitpacked github to update to support library 28 2018-10-06 17:04:50 +02:00
Daniel Gultsch 8980a0c631 make jids appear as monospace in dialogs 2018-10-06 17:03:12 +02:00
licaon-kter fcccf545ba Add video compression selector 2018-10-06 17:15:32 +03:00
Daniel Gultsch fd165e5106 add confirmation dialog for deleting files
fixes #3202, closes #3193, closes #3214
2018-10-06 14:59:28 +02:00
Daniel Gultsch 7aa8aba5c0 code cleanup / reformat in ShareViaAccount 2018-10-06 12:48:39 +02:00
Daniel Gultsch b27fa6d206 version bump to 2.3.1 + changelog 2018-10-05 12:56:19 +02:00
Daniel Gultsch f2f44c7478 pulled translations from transifex 2018-10-05 10:05:35 +02:00
ChaosKid42 cd13f438c0 add recordings directory to file_paths.xml for sharing recordings in (#3216)
case ONLY_INTERNAL_STORAGE = true
2018-10-05 09:51:37 +02:00
Daniel Gultsch a6ced5bee8 pulled translations from transifex 2018-10-04 22:44:54 +02:00
Daniel Gultsch ce46b36c33 go back to 16 byte IVs for OMEMO
clients like Dino can’t handle 12 byte IVs
2018-10-04 22:32:42 +02:00
Daniel Gultsch 0e3be466ad fixed regression introduce in earlier commit. don’t use conscrypt on older devices 2018-10-04 19:21:23 +02:00
Daniel Gultsch bfa63e13c5 added a few TODOs in regards to the handling of inactive devices 2018-10-04 18:48:45 +02:00
Daniel Gultsch 04ac2264e8 Do weOwnFile security check only when attaching
The general security check is recommend so a third party can not ask us to send an internal file. But we don’t need to do this for files we attach ourself from within Conversations
2018-10-04 17:17:20 +02:00
Daniel Gultsch 657b1cae9d use fab.hide() and fab.show() - this will animate the process 2018-10-04 16:46:35 +02:00
Daniel Gultsch 390175e5b3 use short read timeout when waiting for first stream open. disable read timeout aftwards 2018-10-04 11:20:02 +02:00
Daniel Gultsch a34033dea3 run through sendMessage() procedure instead of taking shortcut after returning from TrustKeys
The shortcut didn’t take care of message edits and some other things
2018-10-03 23:23:47 +02:00
Daniel Gultsch 23282484d6 prevent race condition when fetching device ids 2018-10-03 22:03:47 +02:00
Daniel Gultsch f608fb349a refactored file encryption to give access to inner stream
Conscrypt on some plattforms doesn’t like when we close the CipherInputStream. Therefor we refactor the api to give us access to the inner stream so we can close that independently.
2018-10-03 18:14:45 +02:00
Daniel Gultsch 4c08ba8d03 use 12 byte IV for omemo and http upload 2018-10-03 17:44:48 +02:00
Daniel Gultsch 9ca636589c remove more legacy otr decryption code 2018-10-03 12:50:54 +02:00