From 23352250c9b9f9fa7d1d46294f8c1a7de1e19f61 Mon Sep 17 00:00:00 2001
From: Kitsune Ral <Kitsune-Ral@users.sf.net>
Date: Sat, 23 Mar 2019 20:43:02 +0900
Subject: Room::downloadFile(): Tighten URL validations

Check the URL before passing over to Connection::downloadFile(), not only the file name.
---
 lib/events/eventcontent.cpp | 6 ++++++
 lib/events/eventcontent.h   | 2 ++
 2 files changed, 8 insertions(+)

(limited to 'lib/events')

diff --git a/lib/events/eventcontent.cpp b/lib/events/eventcontent.cpp
index 9a5e872c..77f756cd 100644
--- a/lib/events/eventcontent.cpp
+++ b/lib/events/eventcontent.cpp
@@ -50,6 +50,12 @@ FileInfo::FileInfo(const QUrl& u, const QJsonObject& infoJson,
         mimeType = QMimeDatabase().mimeTypeForData(QByteArray());
 }
 
+bool FileInfo::isValid() const
+{
+    return url.scheme() == "mxc"
+            && (url.authority() + url.path()).count('/') == 1;
+}
+
 void FileInfo::fillInfoJson(QJsonObject* infoJson) const
 {
     Q_ASSERT(infoJson);
diff --git a/lib/events/eventcontent.h b/lib/events/eventcontent.h
index 0588c0e2..ab31a75d 100644
--- a/lib/events/eventcontent.h
+++ b/lib/events/eventcontent.h
@@ -94,6 +94,8 @@ namespace QMatrixClient
                 FileInfo(const QUrl& u, const QJsonObject& infoJson,
                          const QString& originalFilename = {});
 
+                bool isValid() const;
+
                 void fillInfoJson(QJsonObject* infoJson) const;
 
                 /**
-- 
cgit v1.2.3