Mime type and size checks

2024-06-01 18:29:42 +12:00 · 2022-05-09 10:23:21 -04:00 · 2022-05-09 10:23:21 -04:00 · 8f3e242fda
parent fc1d59dcce
commit 8f3e242fda
2 changed files with 20 additions and 2 deletions
--- a/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt
+++ b/app/src/main/java/io/heckel/ntfy/ui/DetailSettingsActivity.kt
@ -284,6 +284,16 @@ class DetailSettingsActivity : AppCompatActivity() {
                lifecycleScope.launch(Dispatchers.IO) {
                    val outputUri = createUri() ?: return@launch
                    try {
+                        // Early size & mime type check
+                        val mimeType = resolver.getType(inputUri)
+                        if (!supportedImage(mimeType)) {
+                            throw IOException("unknown image type or not supported")
+                        }
+                        val stat = fileStat(requireContext(), inputUri) // May throw
+                        if (stat.size > SUBSCRIPTION_ICON_MAX_SIZE_BYTES) {
+                            throw IOException("image too large, max supported is ${SUBSCRIPTION_ICON_MAX_SIZE_BYTES/1024/1024}MB")
+                        }
+
                        // Write to cache storage
                        val inputStream = resolver.openInputStream(inputUri) ?: throw IOException("Couldn't open content URI for reading")
                        val outputStream = resolver.openOutputStream(outputUri) ?: throw IOException("Couldn't open content URI for writing")
@ -291,8 +301,13 @@ class DetailSettingsActivity : AppCompatActivity() {
                            it.copyTo(outputStream)
                        }

-                        // Read image & display "remove" preference
+                        // Read image, check dimensions
                        val bitmap = outputUri.readBitmapFromUri(requireContext())
+                        if (bitmap.width > SUBSCRIPTION_ICON_MAX_WIDTH || bitmap.height > SUBSCRIPTION_ICON_MAX_HEIGHT) {
+                            throw IOException("image exceeds max dimensions of ${SUBSCRIPTION_ICON_MAX_WIDTH}x${SUBSCRIPTION_ICON_MAX_HEIGHT}")
+                        }
+
+                        // Display "remove" preference
                        iconRemovePref.icon = bitmap.toDrawable(resources)
                        iconRemovePref.isVisible = true
                        iconSetPref.isVisible = false
@ -351,5 +366,8 @@ class DetailSettingsActivity : AppCompatActivity() {
    companion object {
        private const val TAG = "NtfyDetailSettingsActiv"
        private const val SUBSCRIPTION_ICONS = "subscriptionIcons"
+        private const val SUBSCRIPTION_ICON_MAX_SIZE_BYTES = 4194304
+        private const val SUBSCRIPTION_ICON_MAX_WIDTH = 2048
+        private const val SUBSCRIPTION_ICON_MAX_HEIGHT = 2048
    }
 }
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@ -350,7 +350,7 @@
    <string name="detail_settings_appearance_icon_remove_summary">Icon displayed in notifications for this topic</string>
    <string name="detail_settings_appearance_icon_error_saving">Unable to save icon: %1$s</string>
    <string name="detail_settings_global_setting_title">Use global setting</string>
-    <string name="detail_settings_global_setting_suffix">global</string>
+    <string name="detail_settings_global_setting_suffix">using global setting</string>

    <!-- User add/edit dialog -->
    <string name="user_dialog_title_add">Add user</string>