Make PendingIntents immutable

Good practice for security

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>

src/main/java/com/owncloud/android/files/services/FileDownloader.java

@@ -579,7 +579,7 @@ public class FileDownloader extends Service
         showDetailsIntent.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
 
         mNotificationBuilder.setContentIntent(PendingIntent.getActivity(this, (int) System.currentTimeMillis(),
-                showDetailsIntent, 0));
+                                                                        showDetailsIntent, PendingIntent.FLAG_IMMUTABLE));
 
 
         if (mNotificationManager == null) {
@@ -659,7 +659,7 @@ public class FileDownloader extends Service
                 // TODO put something smart in showDetailsIntent
                 Intent showDetailsIntent = new Intent();
                 mNotificationBuilder.setContentIntent(PendingIntent.getActivity(this, (int) System.currentTimeMillis(),
-                        showDetailsIntent, 0));
+                                                                                showDetailsIntent, PendingIntent.FLAG_IMMUTABLE));
             }
 
             mNotificationBuilder.setContentText(ErrorMessageAdapter.getErrorCauseMessage(downloadResult,
@@ -689,8 +689,12 @@ public class FileDownloader extends Service
         updateAccountCredentials.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
         updateAccountCredentials.addFlags(Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
         updateAccountCredentials.addFlags(Intent.FLAG_FROM_BACKGROUND);
-        mNotificationBuilder.setContentIntent(PendingIntent.getActivity(this, (int) System.currentTimeMillis(),
-                updateAccountCredentials, PendingIntent.FLAG_ONE_SHOT));
+        mNotificationBuilder.setContentIntent(
+            PendingIntent.getActivity(this,
+                                      (int) System.currentTimeMillis(),
+                                      updateAccountCredentials,
+                                      PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_IMMUTABLE)
+                                             );
     }
 
 

src/main/java/com/owncloud/android/syncadapter/FileSyncAdapter.java

@@ -34,9 +34,7 @@ import android.content.Intent;
 import android.content.SyncResult;
 import android.os.Bundle;
 
-import com.nextcloud.client.account.User;
 import com.nextcloud.client.account.UserAccountManager;
-import com.owncloud.android.MainApp;
 import com.owncloud.android.R;
 import com.owncloud.android.authentication.AuthenticatorActivity;
 import com.owncloud.android.datamodel.FileDataStorageManager;
@@ -436,8 +434,8 @@ public class FileSyncAdapter extends AbstractOwnCloudSyncAdapter {
             // TODO put something smart in the contentIntent below
             notificationBuilder
                 .setContentIntent(PendingIntent.getActivity(
-                    getContext(), (int) System.currentTimeMillis(), new Intent(), 0
-                ))
+                    getContext(), (int) System.currentTimeMillis(), new Intent(), PendingIntent.FLAG_IMMUTABLE
+                                                           ))
                 .setContentTitle(i18n(R.string.sync_fail_in_favourites_ticker))
                 .setContentText(getQuantityString(
                     R.plurals.sync_fail_in_favourites_content,
@@ -454,8 +452,8 @@ public class FileSyncAdapter extends AbstractOwnCloudSyncAdapter {
             // TODO put something smart in the contentIntent below
             notificationBuilder
                 .setContentIntent(PendingIntent.getActivity(
-                    getContext(), (int) System.currentTimeMillis(), new Intent(), 0
-                ))
+                    getContext(), (int) System.currentTimeMillis(), new Intent(), PendingIntent.FLAG_IMMUTABLE
+                                                           ))
                 .setContentTitle(i18n(R.string.sync_conflicts_in_favourites_ticker))
                 .setContentText(i18n(R.string.sync_conflicts_in_favourites_ticker, mConflictsFound));
 
@@ -491,8 +489,8 @@ public class FileSyncAdapter extends AbstractOwnCloudSyncAdapter {
 
         notificationBuilder
             .setContentIntent(PendingIntent.getActivity(
-                getContext(), (int) System.currentTimeMillis(), explanationIntent, 0
-            ))
+                getContext(), (int) System.currentTimeMillis(), explanationIntent, PendingIntent.FLAG_IMMUTABLE
+                                                       ))
             .setContentTitle(i18n(R.string.sync_foreign_files_forgotten_ticker))
             .setContentText(getQuantityString(
                     R.plurals.sync_foreign_files_forgotten_content,