Apk.isMediaInstalled() needs to check using sanitized file names

The install process automatically sanitizes filenames to avoid exploits that put attack code in the filename. Media files are also installed using this logic, so the installed check needs to use sanitized file names to be accurate.
2026-06-20 13:49:47 -04:00 · 2017-07-07 00:02:39 +02:00
parent c5a1b11315
commit 7dbf03c435
2 changed files with 3 additions and 3 deletions
--- a/app/src/test/java/org/fdroid/fdroid/data/SanitizedFileTest.java
+++ b/app/src/test/java/org/fdroid/fdroid/data/SanitizedFileTest.java
@@ -37,11 +37,11 @@ public class SanitizedFileTest {

        assertEquals("/tmp/blah/safe", safeSanitized.getAbsolutePath());
        assertEquals("/tmp/blah/safe-and_bleh.boo", nonEvilSanitized.getAbsolutePath());
-        assertEquals("/tmp/blah/rmetcshadow", evilSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/rm etcshadow", evilSanitized.getAbsolutePath());

        assertEquals("safe", safeSanitized.getName());
        assertEquals("safe-and_bleh.boo", nonEvilSanitized.getName());
-        assertEquals("rmetcshadow", evilSanitized.getName());
+        assertEquals("rm etcshadow", evilSanitized.getName());

    }