Do not trust external documents from secret chats.
GitOrigin-RevId: e0341ce1e2017c6d0b8ac44e18fc9e03de65ccbe
This commit is contained in:
parent
cfc9cc5f28
commit
b75c532f2d
@ -215,6 +215,7 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
|
|||||||
bool is_web = false;
|
bool is_web = false;
|
||||||
bool is_web_no_proxy = false;
|
bool is_web_no_proxy = false;
|
||||||
string url;
|
string url;
|
||||||
|
FileLocationSource source = FileLocationSource::FromServer;
|
||||||
if (remote_document.document != nullptr) {
|
if (remote_document.document != nullptr) {
|
||||||
auto document = std::move(remote_document.document);
|
auto document = std::move(remote_document.document);
|
||||||
|
|
||||||
@ -225,6 +226,15 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
|
|||||||
mime_type = std::move(document->mime_type_);
|
mime_type = std::move(document->mime_type_);
|
||||||
file_reference = document->file_reference_.as_slice().str();
|
file_reference = document->file_reference_.as_slice().str();
|
||||||
|
|
||||||
|
if (owner_dialog_id.get_type() == DialogType::SecretChat) {
|
||||||
|
// secret_api::decryptedMessageMediaExternalDocument
|
||||||
|
if (document_type != Document::Type::Sticker) {
|
||||||
|
LOG(ERROR) << "Receive " << document_type << " in " << owner_dialog_id;
|
||||||
|
return {};
|
||||||
|
}
|
||||||
|
source = FileLocationSource::FromUser;
|
||||||
|
}
|
||||||
|
|
||||||
if (document_type != Document::Type::VoiceNote) {
|
if (document_type != Document::Type::VoiceNote) {
|
||||||
for (auto &thumb : document->thumbs_) {
|
for (auto &thumb : document->thumbs_) {
|
||||||
auto photo_size = get_photo_size(td_->file_manager_.get(), {FileType::Thumbnail, 0}, id, access_hash,
|
auto photo_size = get_photo_size(td_->file_manager_.get(), {FileType::Thumbnail, 0}, id, access_hash,
|
||||||
@ -302,7 +312,7 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG(DEBUG) << "Receive document with id = " << id << " of type " << static_cast<int32>(document_type);
|
LOG(DEBUG) << "Receive document with id = " << id << " of type " << document_type;
|
||||||
if (!is_web && !DcId::is_valid(dc_id)) {
|
if (!is_web && !DcId::is_valid(dc_id)) {
|
||||||
LOG(ERROR) << "Wrong dc_id = " << dc_id;
|
LOG(ERROR) << "Wrong dc_id = " << dc_id;
|
||||||
return {};
|
return {};
|
||||||
@ -321,14 +331,14 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
|
|||||||
FileId file_id;
|
FileId file_id;
|
||||||
if (!is_web) {
|
if (!is_web) {
|
||||||
file_id = td_->file_manager_->register_remote(
|
file_id = td_->file_manager_->register_remote(
|
||||||
FullRemoteFileLocation(file_type, id, access_hash, DcId::internal(dc_id), std::move(file_reference)),
|
FullRemoteFileLocation(file_type, id, access_hash, DcId::internal(dc_id), std::move(file_reference)), source,
|
||||||
FileLocationSource::FromServer, owner_dialog_id, size, 0, suggested_file_name);
|
owner_dialog_id, size, 0, suggested_file_name);
|
||||||
if (!encryption_key.empty()) {
|
if (!encryption_key.empty()) {
|
||||||
td_->file_manager_->set_encryption_key(file_id, std::move(encryption_key));
|
td_->file_manager_->set_encryption_key(file_id, std::move(encryption_key));
|
||||||
}
|
}
|
||||||
} else if (!is_web_no_proxy) {
|
} else if (!is_web_no_proxy) {
|
||||||
file_id = td_->file_manager_->register_remote(FullRemoteFileLocation(file_type, url, access_hash),
|
file_id = td_->file_manager_->register_remote(FullRemoteFileLocation(file_type, url, access_hash), source,
|
||||||
FileLocationSource::FromServer, owner_dialog_id, 0, size, file_name);
|
owner_dialog_id, 0, size, file_name);
|
||||||
} else {
|
} else {
|
||||||
auto r_file_id = td_->file_manager_->from_persistent_id(url, file_type);
|
auto r_file_id = td_->file_manager_->from_persistent_id(url, file_type);
|
||||||
if (r_file_id.is_error()) {
|
if (r_file_id.is_error()) {
|
||||||
|
@ -134,9 +134,11 @@ static FileId register_photo(FileManager *file_manager, const PhotoSizeSource &s
|
|||||||
<< "]. Id: (" << id << ", " << access_hash << ")";
|
<< "]. Id: (" << id << ", " << access_hash << ")";
|
||||||
auto suggested_name = PSTRING() << static_cast<uint64>(volume_id) << "_" << static_cast<uint64>(local_id)
|
auto suggested_name = PSTRING() << static_cast<uint64>(volume_id) << "_" << static_cast<uint64>(local_id)
|
||||||
<< (is_webp ? ".webp" : (is_png ? ".png" : ".jpg"));
|
<< (is_webp ? ".webp" : (is_png ? ".png" : ".jpg"));
|
||||||
|
auto file_location_source = owner_dialog_id.get_type() == DialogType::SecretChat ? FileLocationSource::FromUser
|
||||||
|
: FileLocationSource::FromServer;
|
||||||
return file_manager->register_remote(
|
return file_manager->register_remote(
|
||||||
FullRemoteFileLocation(source, id, access_hash, local_id, volume_id, dc_id, std::move(file_reference)),
|
FullRemoteFileLocation(source, id, access_hash, local_id, volume_id, dc_id, std::move(file_reference)),
|
||||||
FileLocationSource::FromServer, owner_dialog_id, file_size, 0, std::move(suggested_name));
|
file_location_source, owner_dialog_id, file_size, 0, std::move(suggested_name));
|
||||||
}
|
}
|
||||||
|
|
||||||
ProfilePhoto get_profile_photo(FileManager *file_manager, UserId user_id, int64 user_access_hash,
|
ProfilePhoto get_profile_photo(FileManager *file_manager, UserId user_id, int64 user_access_hash,
|
||||||
|
@ -1646,7 +1646,6 @@ SecretInputMedia StickersManager::get_secret_input_media(FileId sticker_file_id,
|
|||||||
return {};
|
return {};
|
||||||
}
|
}
|
||||||
|
|
||||||
vector<tl_object_ptr<secret_api::DocumentAttribute>> attributes;
|
|
||||||
tl_object_ptr<secret_api::InputStickerSet> input_sticker_set = make_tl_object<secret_api::inputStickerSetEmpty>();
|
tl_object_ptr<secret_api::InputStickerSet> input_sticker_set = make_tl_object<secret_api::inputStickerSetEmpty>();
|
||||||
if (sticker->set_id) {
|
if (sticker->set_id) {
|
||||||
const StickerSet *sticker_set = get_sticker_set(sticker->set_id);
|
const StickerSet *sticker_set = get_sticker_set(sticker->set_id);
|
||||||
@ -1657,12 +1656,13 @@ SecretInputMedia StickersManager::get_secret_input_media(FileId sticker_file_id,
|
|||||||
// TODO load sticker set
|
// TODO load sticker set
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
attributes.push_back(
|
|
||||||
make_tl_object<secret_api::documentAttributeSticker>(sticker->alt, std::move(input_sticker_set)));
|
|
||||||
|
|
||||||
if (sticker->dimensions.width != 0 && sticker->dimensions.height != 0) {
|
vector<tl_object_ptr<secret_api::DocumentAttribute>> attributes;
|
||||||
attributes.push_back(
|
attributes.push_back(
|
||||||
make_tl_object<secret_api::documentAttributeImageSize>(sticker->dimensions.width, sticker->dimensions.height));
|
secret_api::make_object<secret_api::documentAttributeSticker>(sticker->alt, std::move(input_sticker_set)));
|
||||||
|
if (sticker->dimensions.width != 0 && sticker->dimensions.height != 0) {
|
||||||
|
attributes.push_back(secret_api::make_object<secret_api::documentAttributeImageSize>(sticker->dimensions.width,
|
||||||
|
sticker->dimensions.height));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (file_view.is_encrypted_secret()) {
|
if (file_view.is_encrypted_secret()) {
|
||||||
|
Loading…
Reference in New Issue
Block a user