diff options
author | Kitsune Ral <Kitsune-Ral@users.sf.net> | 2019-03-23 20:43:02 +0900 |
---|---|---|
committer | Kitsune Ral <Kitsune-Ral@users.sf.net> | 2019-03-23 20:43:02 +0900 |
commit | 23352250c9b9f9fa7d1d46294f8c1a7de1e19f61 (patch) | |
tree | 21e5cf416346489f4ea2928785030c14a984a9f6 /lib/events/eventcontent.cpp | |
parent | 19b94c0643b6f1f1f4fa327e50b69fb11675cf21 (diff) | |
download | libquotient-23352250c9b9f9fa7d1d46294f8c1a7de1e19f61.tar.gz libquotient-23352250c9b9f9fa7d1d46294f8c1a7de1e19f61.zip |
Room::downloadFile(): Tighten URL validations
Check the URL before passing over to Connection::downloadFile(), not only the file name.
Diffstat (limited to 'lib/events/eventcontent.cpp')
-rw-r--r-- | lib/events/eventcontent.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/events/eventcontent.cpp b/lib/events/eventcontent.cpp index 9a5e872c..77f756cd 100644 --- a/lib/events/eventcontent.cpp +++ b/lib/events/eventcontent.cpp @@ -50,6 +50,12 @@ FileInfo::FileInfo(const QUrl& u, const QJsonObject& infoJson, mimeType = QMimeDatabase().mimeTypeForData(QByteArray()); } +bool FileInfo::isValid() const +{ + return url.scheme() == "mxc" + && (url.authority() + url.path()).count('/') == 1; +} + void FileInfo::fillInfoJson(QJsonObject* infoJson) const { Q_ASSERT(infoJson); |