ignore data uri after aesgcm uri

This commit is contained in:
Daniel Gultsch 2017-12-09 14:45:54 +01:00
parent efd8876001
commit d349f634d0
2 changed files with 13 additions and 8 deletions

View file

@ -724,17 +724,22 @@ public class Message extends AbstractEntity {
public synchronized boolean treatAsDownloadable() {
if (treatAsDownloadable == null) {
if (body.trim().contains(" ")) {
treatAsDownloadable = false;
}
try {
final URL url = new URL(body);
final String[] lines = body.split("\n");
for(String line : lines) {
if (line.contains("\\s+")) {
treatAsDownloadable = false;
return treatAsDownloadable;
}
}
final URL url = new URL(lines[0]);
final String ref = url.getRef();
final String protocol = url.getProtocol();
final boolean encrypted = ref != null && AesGcmURLStreamHandler.IV_KEY.matcher(ref).matches();
treatAsDownloadable = (AesGcmURLStreamHandler.PROTOCOL_NAME.equalsIgnoreCase(protocol) && encrypted)
|| (("http".equalsIgnoreCase(protocol) || "https".equalsIgnoreCase(protocol)) && (oob || encrypted));
final boolean followedByDataUri = lines.length == 2 && lines[1].startsWith("data:");
final boolean validAesGcm = AesGcmURLStreamHandler.PROTOCOL_NAME.equalsIgnoreCase(protocol) && encrypted && (lines.length == 1 || followedByDataUri);
final boolean validOob = ("http".equalsIgnoreCase(protocol) || "https".equalsIgnoreCase(protocol)) && (oob || encrypted) && lines.length == 1;
treatAsDownloadable = validAesGcm || validOob;
} catch (MalformedURLException e) {
treatAsDownloadable = false;
}

View file

@ -72,7 +72,7 @@ public class HttpDownloadConnection implements Transferable {
if (message.hasFileOnRemoteHost()) {
mUrl = CryptoHelper.toHttpsUrl(message.getFileParams().url);
} else {
mUrl = CryptoHelper.toHttpsUrl(new URL(message.getBody()));
mUrl = CryptoHelper.toHttpsUrl(new URL(message.getBody().split("\n")[0]));
}
String[] parts = mUrl.getPath().toLowerCase().split("\\.");
String lastPart = parts.length >= 1 ? parts[parts.length - 1] : null;