Commit 2c8d51a3 authored by Toni Beier's avatar Toni Beier

Fix: Opal download handle security errors

parent 8b32899b
......@@ -3,17 +3,21 @@
*/
package de.bps.asist.module.olat;
import android.Manifest;
import android.annotation.SuppressLint;
import android.app.DownloadManager;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.net.Uri;
import android.os.Bundle;
import android.os.Environment;
import android.os.Handler;
import android.os.Message;
import android.provider.MediaStore;
import android.support.v4.app.ActivityCompat;
import android.support.v4.content.ContextCompat;
import android.util.Log;
import android.view.KeyEvent;
import android.view.LayoutInflater;
......@@ -296,25 +300,32 @@ public class OlatFragment extends AbstractASiSTFragment {
public void onDownloadStart(String url, String userAgent, String contentDisposition, String mimetype, long contentLength) {
Uri downloadUri = Uri.parse(url);
if (this.isHostAllowed(downloadUri)) {
String downloadFileName = guessFileName(url, contentDisposition, mimetype);
try {
String downloadFileName = guessFileName(url, contentDisposition, mimetype);
DownloadManager.Request downloadRequest = new DownloadManager.Request(Uri.parse(url));
downloadRequest.setMimeType(mimetype);
downloadRequest.setTitle(downloadFileName);
downloadRequest.setDescription(this.context.getString(R.string.module_olat_download_description) + " " + downloadFileName + ".");
DownloadManager.Request downloadRequest = new DownloadManager.Request(Uri.parse(url));
downloadRequest.setMimeType(mimetype);
downloadRequest.setTitle(downloadFileName);
downloadRequest.setDescription(this.context.getString(R.string.module_olat_download_description) + " " + downloadFileName + ".");
downloadRequest.addRequestHeader(COOKIE_HEADER, CookieManager.getInstance().getCookie(url));
downloadRequest.addRequestHeader(USER_AGENT_HEADER, userAgent);
downloadRequest.addRequestHeader(COOKIE_HEADER, CookieManager.getInstance().getCookie(url));
downloadRequest.addRequestHeader(USER_AGENT_HEADER, userAgent);
downloadRequest.setDestinationInExternalPublicDir(Environment.DIRECTORY_DOWNLOADS, downloadFileName);
downloadRequest.setDestinationInExternalPublicDir(Environment.DIRECTORY_DOWNLOADS, downloadFileName);
downloadRequest.setNotificationVisibility(DownloadManager.Request.VISIBILITY_VISIBLE | DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED);
downloadRequest.allowScanningByMediaScanner();
downloadRequest.setNotificationVisibility(DownloadManager.Request.VISIBILITY_VISIBLE | DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED);
downloadRequest.allowScanningByMediaScanner();
DownloadManager downloadManager = (DownloadManager) this.context.getSystemService(Context.DOWNLOAD_SERVICE);
downloadManager.enqueue(downloadRequest);
DownloadManager downloadManager = (DownloadManager) this.context.getSystemService(Context.DOWNLOAD_SERVICE);
downloadManager.enqueue(downloadRequest);
} catch (SecurityException exception) {
Toast.makeText(this.context, getString(R.string.module_olat_download_security_error), Toast.LENGTH_LONG).show();
Log.e("olat", exception.getClass().getSimpleName() + " while Download", exception);
} catch (Throwable throwable) {
Log.e("olat", "Unexpected error while downloading " + downloadUri.toString() + ".", throwable);
}
} else {
Toast.makeText(this.context, getString( R.string.module_olat_download_blocking, downloadUri.getHost()), Toast.LENGTH_LONG).show();
Toast.makeText(this.context, getString(R.string.module_olat_download_blocking, downloadUri.getHost()), Toast.LENGTH_LONG).show();
}
}
......
......@@ -203,6 +203,7 @@
<string name="module_olat_name">OPAL</string>
<string name="module_olat_download_description">Downloading</string>
<string name="module_olat_download_blocking">Downloading from %1$s is not allowed.</string>
<string name="module_olat_download_security_error">Download aborted.\nPlease allow to save files on the internal memory.</string>
<!-- Impressum Module -->
<string name="module_impressum_name">Legal Notice</string>
......
......@@ -205,6 +205,7 @@
<string name="module_olat_name">OPAL</string>
<string name="module_olat_download_description">Download gestartet.</string>
<string name="module_olat_download_blocking">Downloaden von %1$s ist nicht erlaubt.</string>
<string name="module_olat_download_security_error">Download abgebrochen.\nBitte gewähren Sie Zugriff auf den internen Speicher.</string>
<!-- Impressum Module -->
<string name="module_impressum_name">Impressum</string>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment