Merge pull request #3064 from nextcloud/fileUtilFixes

File util fixes

app/src/main/java/com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt

@@ -126,7 +126,9 @@ class UploadAndShareFilesWorker(val context: Context, workerParameters: WorkerPa
 
             initNotificationSetup()
 
-            if (file != null && file.length() > CHUNK_UPLOAD_THRESHOLD_SIZE) {
+            if (file == null) {
+                uploadSuccess = false
+            } else if (file.length() > CHUNK_UPLOAD_THRESHOLD_SIZE) {
                 Log.d(TAG, "starting chunked upload because size is " + file.length())
 
                 initNotificationWithPercentage()

app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt

@@ -112,9 +112,15 @@ object FileUtils {
     }
 
     @Suppress("NestedBlockDepth")
-    fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File {
+    fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File? {
         val cachedFile = File(context.cacheDir, filename)
 
+        if (!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)) {
+            Log.w(TAG, "cachedFile was not created in cacheDir. Aborting for security reasons.")
+            cachedFile.delete()
+            return null
+        }
+
         if (cachedFile.exists()) {
             Log.d(TAG, "file is already in cache")
         } else {
@@ -149,11 +155,13 @@ object FileUtils {
         // if it was no content uri, read filename from path
         if (filename == null) {
             filename = uri.path
-            val lastIndexOfSlash = filename!!.lastIndexOf('/')
-            if (lastIndexOfSlash != -1) {
-                filename = filename.substring(lastIndexOfSlash + 1)
-            }
         }
+
+        val lastIndexOfSlash = filename!!.lastIndexOf('/')
+        if (lastIndexOfSlash != -1) {
+            filename = filename.substring(lastIndexOfSlash + 1)
+        }
+
         return filename
     }