From 1ea2a05ccced2932c5bd4e31b52094e9c2677b54 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 7 Jan 2025 08:32:51 +0100 Subject: [PATCH 1/5] Removed file provider workaround to fix security issue Refs CanHub/Android-Image-Cropper#644 --- .../main/kotlin/com/canhub/cropper/BitmapUtils.kt | 14 ++------------ .../kotlin/com/canhub/cropper/CropFileProvider.kt | 5 +++-- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt b/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt index 6e1b7b51..548efb5f 100644 --- a/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt +++ b/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt @@ -457,18 +457,8 @@ internal object BitmapUtils { } // We have this because of a HUAWEI path bug when we use getUriForFile if (SDK_INT >= 29) { - try { - val file = File.createTempFile( - "cropped", - ext, - context.getExternalFilesDir(Environment.DIRECTORY_PICTURES), - ) - getUriForFile(context, file) - } catch (e: Exception) { - Log.e("AIC", "${e.message}") - val file = File.createTempFile("cropped", ext, context.cacheDir) - getUriForFile(context, file) - } + val file = File.createTempFile("cropped", ext, context.cacheDir) + getUriForFile(context, file) } else { Uri.fromFile(File.createTempFile("cropped", ext, context.cacheDir)) } diff --git a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt index f366a48d..cdae4953 100644 --- a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt +++ b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt @@ -7,6 +7,7 @@ import androidx.core.content.FileProvider * * See https://developer.android.com/guide/topics/manifest/provider-element.html for details. */ -class CropFileProvider : FileProvider() { - // This class intentionally left blank. +class CropFileProvider() : FileProvider(R.xml.library_file_paths) { + // This class intentionally left blank. + // https://android-review.googlesource.com/c/platform/frameworks/support/+/1978527 } From 277e073dcd8a37b655ed934254f50b9bbf791bea Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 7 Jan 2025 08:34:13 +0100 Subject: [PATCH 2/5] Renamed library_file_paths.xml to prevent name clashes Refs CanHub/Android-Image-Cropper#644 --- cropper/src/main/AndroidManifest.xml | 2 +- cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt | 2 +- .../{library_file_paths.xml => cropper_library_file_paths.xml} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename cropper/src/main/res/xml/{library_file_paths.xml => cropper_library_file_paths.xml} (100%) diff --git a/cropper/src/main/AndroidManifest.xml b/cropper/src/main/AndroidManifest.xml index 9759ca9c..2717f951 100644 --- a/cropper/src/main/AndroidManifest.xml +++ b/cropper/src/main/AndroidManifest.xml @@ -17,7 +17,7 @@ android:grantUriPermissions="true"> + android:resource="@xml/cropper_library_file_paths"/> Date: Tue, 7 Jan 2025 08:59:13 +0100 Subject: [PATCH 3/5] Fixed lint error --- cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt b/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt index 548efb5f..fed7e8c2 100644 --- a/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt +++ b/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt @@ -11,7 +11,6 @@ import android.graphics.Rect import android.graphics.RectF import android.net.Uri import android.os.Build.VERSION.SDK_INT -import android.os.Environment import android.util.Log import android.util.Pair import androidx.exifinterface.media.ExifInterface From 48cd6a053b3c99a12461f741003ecd6c043b1ee8 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 7 Jan 2025 09:06:58 +0100 Subject: [PATCH 4/5] Fixed indentation --- .../src/main/kotlin/com/canhub/cropper/CropFileProvider.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt index 2a0a7fe1..aa72c9cc 100644 --- a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt +++ b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt @@ -8,6 +8,6 @@ import androidx.core.content.FileProvider * See https://developer.android.com/guide/topics/manifest/provider-element.html for details. */ class CropFileProvider() : FileProvider(R.xml.cropper_library_file_paths) { - // This class intentionally left blank. - // https://android-review.googlesource.com/c/platform/frameworks/support/+/1978527 + // This class intentionally left blank. + // https://android-review.googlesource.com/c/platform/frameworks/support/+/1978527 } From 643b2864682a38a9ceec53085a435924ff4e7bef Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 7 Jan 2025 09:24:47 +0100 Subject: [PATCH 5/5] Fixed another lint error --- cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt index aa72c9cc..bf8eff6c 100644 --- a/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt +++ b/cropper/src/main/kotlin/com/canhub/cropper/CropFileProvider.kt @@ -7,7 +7,7 @@ import androidx.core.content.FileProvider * * See https://developer.android.com/guide/topics/manifest/provider-element.html for details. */ -class CropFileProvider() : FileProvider(R.xml.cropper_library_file_paths) { +class CropFileProvider : FileProvider(R.xml.cropper_library_file_paths) { // This class intentionally left blank. // https://android-review.googlesource.com/c/platform/frameworks/support/+/1978527 }