Room::downloadFile(): Tighten URL validations

Check the URL before passing over to Connection::downloadFile(), not only the file name.

3 files changed, 16 insertions, 1 deletions

diff --git a/lib/events/eventcontent.cpp b/lib/events/eventcontent.cpp
index 9a5e872c..77f756cd 100644
--- a/lib/events/eventcontent.cpp
+++ b/lib/events/eventcontent.cpp
@@ -50,6 +50,12 @@ FileInfo::FileInfo(const QUrl& u, const QJsonObject& infoJson,
         mimeType = QMimeDatabase().mimeTypeForData(QByteArray());
 }
 
+bool FileInfo::isValid() const
+{
+    return url.scheme() == "mxc"
+            && (url.authority() + url.path()).count('/') == 1;
+}
+
 void FileInfo::fillInfoJson(QJsonObject* infoJson) const
 {
     Q_ASSERT(infoJson);
diff --git a/lib/events/eventcontent.h b/lib/events/eventcontent.h
index 0588c0e2..ab31a75d 100644
--- a/lib/events/eventcontent.h
+++ b/lib/events/eventcontent.h
@@ -94,6 +94,8 @@ namespace QMatrixClient
                 FileInfo(const QUrl& u, const QJsonObject& infoJson,
                          const QString& originalFilename = {});
 
+                bool isValid() const;
+
                 void fillInfoJson(QJsonObject* infoJson) const;
 
                 /**
diff --git a/lib/room.cpp b/lib/room.cpp
index 7494917d..ce7bae04 100644
--- a/lib/room.cpp
+++ b/lib/room.cpp
@@ -1785,7 +1785,14 @@ void Room::downloadFile(const QString& eventId, const QUrl& localFilename)
         Q_ASSERT(false);
         return;
     }
-    const auto fileUrl = event->content()->fileInfo()->url;
+    const auto* const fileInfo = event->content()->fileInfo();
+    if (!fileInfo->isValid())
+    {
+        qCWarning(MAIN) << "Event" << eventId
+                        << "has an empty or malformed mxc URL; won't download";
+        return;
+    }
+    const auto fileUrl = fileInfo->url;
     auto filePath = localFilename.toLocalFile();
     if (filePath.isEmpty())
     {