From 4250cd499cb20b314e8abea2c16b6c4419557d58 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Tue, 14 Jul 2020 11:56:47 +0530 Subject: Properly guard against invalid renaming (#929) --- CHANGELOG.md | 1 + .../pwdstore/crypto/PasswordCreationActivity.kt | 15 ++++++++---- .../main/res/layout/password_creation_activity.xml | 27 ++++++++++++++-------- app/src/main/res/values/strings.xml | 2 ++ 4 files changed, 31 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9691e18..729e66cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file. - A brand new icon to go with our biggest update ever! - Light theme is now a consistent white across the board with ample contrast - XkPassword generator is now easier to use with less configuration options +- Edit screen now has better protection and guidance for invalid names ### Fixed diff --git a/app/src/main/java/com/zeapo/pwdstore/crypto/PasswordCreationActivity.kt b/app/src/main/java/com/zeapo/pwdstore/crypto/PasswordCreationActivity.kt index 15e9cf08..286f2951 100644 --- a/app/src/main/java/com/zeapo/pwdstore/crypto/PasswordCreationActivity.kt +++ b/app/src/main/java/com/zeapo/pwdstore/crypto/PasswordCreationActivity.kt @@ -89,7 +89,7 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB ) } - category.apply { + directoryInputLayout.apply { if (suggestedName != null || suggestedPass != null || shouldGeneratePassword) { isEnabled = true } else { @@ -100,7 +100,7 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB if (path.isEmpty() && !isEnabled) visibility = View.GONE else { - setText(path) + directory.setText(path) oldCategory = path } } @@ -213,6 +213,9 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB if (editName.isEmpty()) { snackbar(message = resources.getString(R.string.file_toast_text)) return@with + } else if (editName.contains('/')) { + snackbar(message = resources.getString(R.string.invalid_filename_text)) + return@with } if (editPass.isEmpty() && editExtra.isEmpty()) { @@ -239,8 +242,8 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB val path = when { // If we allowed the user to edit the relative path, we have to consider it here instead // of fullPath. - category.isEnabled -> { - val editRelativePath = category.text.toString().trim() + directoryInputLayout.isEnabled -> { + val editRelativePath = directory.text.toString().trim() if (editRelativePath.isEmpty()) { snackbar(message = resources.getString(R.string.path_toast_text)) return @@ -272,6 +275,7 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB snackbar(message = getString(R.string.message_error_destination_outside_repo)) return@executeApiAsync } + try { file.outputStream().use { it.write(outputStream.toByteArray()) @@ -287,6 +291,7 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB finish() } .show() + return@executeApiAsync } val returnIntent = Intent() @@ -317,7 +322,7 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB } } - if (category.isVisible && category.isEnabled && oldFileName != null) { + if (directoryInputLayout.isVisible && directoryInputLayout.isEnabled && oldFileName != null) { val oldFile = File("$repoPath/${oldCategory?.trim('/')}/$oldFileName.gpg") if (oldFile.path != file.path && !oldFile.delete()) { setResult(RESULT_CANCELED) diff --git a/app/src/main/res/layout/password_creation_activity.xml b/app/src/main/res/layout/password_creation_activity.xml index 80e79604..9440d128 100644 --- a/app/src/main/res/layout/password_creation_activity.xml +++ b/app/src/main/res/layout/password_creation_activity.xml @@ -12,17 +12,26 @@ android:padding="@dimen/activity_horizontal_margin" tools:context="com.zeapo.pwdstore.crypto.PasswordCreationActivity"> - + app:layout_constraintTop_toTopOf="parent"> + + + + app:layout_constraintTop_toBottomOf="@id/directory_input_layout"> Improve reliability in Chrome Requires activating an accessibility service and may affect overall Chrome performance Exporting passwords… + File name must not contain \'/\', set directory above + Directory -- cgit v1.2.3