Commit 2c8d51a3 authored by Toni Beier's avatar Toni Beier

Fix: Opal download handle security errors

parent 8b32899b
...@@ -3,17 +3,21 @@ ...@@ -3,17 +3,21 @@
*/ */
package de.bps.asist.module.olat; package de.bps.asist.module.olat;
import android.Manifest;
import android.annotation.SuppressLint; import android.annotation.SuppressLint;
import android.app.DownloadManager; import android.app.DownloadManager;
import android.content.Context; import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.SharedPreferences; import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.net.Uri; import android.net.Uri;
import android.os.Bundle; import android.os.Bundle;
import android.os.Environment; import android.os.Environment;
import android.os.Handler; import android.os.Handler;
import android.os.Message; import android.os.Message;
import android.provider.MediaStore; import android.provider.MediaStore;
import android.support.v4.app.ActivityCompat;
import android.support.v4.content.ContextCompat;
import android.util.Log; import android.util.Log;
import android.view.KeyEvent; import android.view.KeyEvent;
import android.view.LayoutInflater; import android.view.LayoutInflater;
...@@ -296,25 +300,32 @@ public class OlatFragment extends AbstractASiSTFragment { ...@@ -296,25 +300,32 @@ public class OlatFragment extends AbstractASiSTFragment {
public void onDownloadStart(String url, String userAgent, String contentDisposition, String mimetype, long contentLength) { public void onDownloadStart(String url, String userAgent, String contentDisposition, String mimetype, long contentLength) {
Uri downloadUri = Uri.parse(url); Uri downloadUri = Uri.parse(url);
if (this.isHostAllowed(downloadUri)) { if (this.isHostAllowed(downloadUri)) {
String downloadFileName = guessFileName(url, contentDisposition, mimetype); try {
String downloadFileName = guessFileName(url, contentDisposition, mimetype);
DownloadManager.Request downloadRequest = new DownloadManager.Request(Uri.parse(url)); DownloadManager.Request downloadRequest = new DownloadManager.Request(Uri.parse(url));
downloadRequest.setMimeType(mimetype); downloadRequest.setMimeType(mimetype);
downloadRequest.setTitle(downloadFileName); downloadRequest.setTitle(downloadFileName);
downloadRequest.setDescription(this.context.getString(R.string.module_olat_download_description) + " " + downloadFileName + "."); downloadRequest.setDescription(this.context.getString(R.string.module_olat_download_description) + " " + downloadFileName + ".");
downloadRequest.addRequestHeader(COOKIE_HEADER, CookieManager.getInstance().getCookie(url)); downloadRequest.addRequestHeader(COOKIE_HEADER, CookieManager.getInstance().getCookie(url));
downloadRequest.addRequestHeader(USER_AGENT_HEADER, userAgent); downloadRequest.addRequestHeader(USER_AGENT_HEADER, userAgent);
downloadRequest.setDestinationInExternalPublicDir(Environment.DIRECTORY_DOWNLOADS, downloadFileName); downloadRequest.setDestinationInExternalPublicDir(Environment.DIRECTORY_DOWNLOADS, downloadFileName);
downloadRequest.setNotificationVisibility(DownloadManager.Request.VISIBILITY_VISIBLE | DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED); downloadRequest.setNotificationVisibility(DownloadManager.Request.VISIBILITY_VISIBLE | DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED);
downloadRequest.allowScanningByMediaScanner(); downloadRequest.allowScanningByMediaScanner();
DownloadManager downloadManager = (DownloadManager) this.context.getSystemService(Context.DOWNLOAD_SERVICE); DownloadManager downloadManager = (DownloadManager) this.context.getSystemService(Context.DOWNLOAD_SERVICE);
downloadManager.enqueue(downloadRequest); downloadManager.enqueue(downloadRequest);
} catch (SecurityException exception) {
Toast.makeText(this.context, getString(R.string.module_olat_download_security_error), Toast.LENGTH_LONG).show();
Log.e("olat", exception.getClass().getSimpleName() + " while Download", exception);
} catch (Throwable throwable) {
Log.e("olat", "Unexpected error while downloading " + downloadUri.toString() + ".", throwable);
}
} else { } else {
Toast.makeText(this.context, getString( R.string.module_olat_download_blocking, downloadUri.getHost()), Toast.LENGTH_LONG).show(); Toast.makeText(this.context, getString(R.string.module_olat_download_blocking, downloadUri.getHost()), Toast.LENGTH_LONG).show();
} }
} }
......
...@@ -203,6 +203,7 @@ ...@@ -203,6 +203,7 @@
<string name="module_olat_name">OPAL</string> <string name="module_olat_name">OPAL</string>
<string name="module_olat_download_description">Downloading</string> <string name="module_olat_download_description">Downloading</string>
<string name="module_olat_download_blocking">Downloading from %1$s is not allowed.</string> <string name="module_olat_download_blocking">Downloading from %1$s is not allowed.</string>
<string name="module_olat_download_security_error">Download aborted.\nPlease allow to save files on the internal memory.</string>
<!-- Impressum Module --> <!-- Impressum Module -->
<string name="module_impressum_name">Legal Notice</string> <string name="module_impressum_name">Legal Notice</string>
......
...@@ -205,6 +205,7 @@ ...@@ -205,6 +205,7 @@
<string name="module_olat_name">OPAL</string> <string name="module_olat_name">OPAL</string>
<string name="module_olat_download_description">Download gestartet.</string> <string name="module_olat_download_description">Download gestartet.</string>
<string name="module_olat_download_blocking">Downloaden von %1$s ist nicht erlaubt.</string> <string name="module_olat_download_blocking">Downloaden von %1$s ist nicht erlaubt.</string>
<string name="module_olat_download_security_error">Download abgebrochen.\nBitte gewähren Sie Zugriff auf den internen Speicher.</string>
<!-- Impressum Module --> <!-- Impressum Module -->
<string name="module_impressum_name">Impressum</string> <string name="module_impressum_name">Impressum</string>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment