From c3fda41224d859631d5d0135544ccada2615d6fe Mon Sep 17 00:00:00 2001
From: John Preston <johnprestonmail@gmail.com>
Date: Tue, 20 Aug 2024 17:21:11 +0200
Subject: [PATCH] Check for local URLs more strictly.

---
 Telegram/SourceFiles/boxes/send_files_box.cpp |  3 ++-
 Telegram/SourceFiles/core/file_utilities.h    |  6 ++++-
 Telegram/SourceFiles/core/mime_type.cpp       | 13 ++++++++++-
 Telegram/SourceFiles/core/mime_type.h         |  1 +
 .../SourceFiles/history/history_widget.cpp    |  2 +-
 .../platform/mac/file_utilities_mac.mm        |  4 ++++
 .../storage/storage_media_prepare.cpp         | 23 +++++++++----------
 7 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/Telegram/SourceFiles/boxes/send_files_box.cpp b/Telegram/SourceFiles/boxes/send_files_box.cpp
index 0eade94ca..b613b4db9 100644
--- a/Telegram/SourceFiles/boxes/send_files_box.cpp
+++ b/Telegram/SourceFiles/boxes/send_files_box.cpp
@@ -32,6 +32,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 #include "boxes/premium_limits_box.h"
 #include "boxes/premium_preview_box.h"
 #include "boxes/send_credits_box.h"
+#include "platform/platform_file_utilities.h"
 #include "ui/effects/scroll_content_shadow.h"
 #include "ui/widgets/fields/number_input.h"
 #include "ui/widgets/checkbox.h"
@@ -70,7 +71,7 @@ constexpr auto kMaxMessageLength = 4096;
 using Ui::SendFilesWay;
 
 [[nodiscard]] inline bool CanAddUrls(const QList<QUrl> &urls) {
-	return !urls.isEmpty() && ranges::all_of(urls, &QUrl::isLocalFile);
+	return !urls.isEmpty() && ranges::all_of(urls, Core::UrlIsLocal);
 }
 
 [[nodiscard]] bool CanAddFiles(not_null<const QMimeData*> data) {
diff --git a/Telegram/SourceFiles/core/file_utilities.h b/Telegram/SourceFiles/core/file_utilities.h
index 815b89772..e3efd5960 100644
--- a/Telegram/SourceFiles/core/file_utilities.h
+++ b/Telegram/SourceFiles/core/file_utilities.h
@@ -7,6 +7,10 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 */
 #pragma once
 
+namespace Core {
+bool UrlIsLocal(const QUrl &url);
+} // namespace Core
+
 namespace Main {
 class Session;
 } // namespace Main
@@ -45,7 +49,7 @@ void ShowInFolder(const QString &filepath);
 namespace internal {
 
 inline QString UrlToLocalDefault(const QUrl &url) {
-	return url.toLocalFile();
+	return Core::UrlIsLocal(url) ? url.toLocalFile() : QString();
 }
 
 void UnsafeOpenUrlDefault(const QString &url);
diff --git a/Telegram/SourceFiles/core/mime_type.cpp b/Telegram/SourceFiles/core/mime_type.cpp
index 5e15fd4e3..2748f7628 100644
--- a/Telegram/SourceFiles/core/mime_type.cpp
+++ b/Telegram/SourceFiles/core/mime_type.cpp
@@ -226,13 +226,24 @@ bool CanSendFiles(not_null<const QMimeData*> data) {
 	if (data->hasImage()) {
 		return true;
 	} else if (const auto urls = ReadMimeUrls(data); !urls.empty()) {
-		if (ranges::all_of(urls, &QUrl::isLocalFile)) {
+		if (ranges::all_of(urls, UrlIsLocal)) {
 			return true;
 		}
 	}
 	return false;
 }
 
+bool UrlIsLocal(const QUrl &url) {
+	if (!url.isLocalFile()) {
+		return false;
+	}
+	const auto result = url.toLocalFile();
+	if (result.startsWith("//")) {
+		return false;
+	}
+	return !result.isEmpty();
+}
+
 QString FileExtension(const QString &filepath) {
 	const auto reversed = ranges::views::reverse(filepath);
 	const auto last = ranges::find_first_of(reversed, ".\\/");
diff --git a/Telegram/SourceFiles/core/mime_type.h b/Telegram/SourceFiles/core/mime_type.h
index ebf4db64b..57793a4b0 100644
--- a/Telegram/SourceFiles/core/mime_type.h
+++ b/Telegram/SourceFiles/core/mime_type.h
@@ -68,6 +68,7 @@ struct MimeImageData {
 [[nodiscard]] QString ReadMimeText(not_null<const QMimeData*> data);
 [[nodiscard]] QList<QUrl> ReadMimeUrls(not_null<const QMimeData*> data);
 [[nodiscard]] bool CanSendFiles(not_null<const QMimeData*> data);
+[[nodiscard]] bool UrlIsLocal(const QUrl &url);
 
 enum class NameType : uchar {
 	Unknown,
diff --git a/Telegram/SourceFiles/history/history_widget.cpp b/Telegram/SourceFiles/history/history_widget.cpp
index 2b3696f35..6a7fbf53b 100644
--- a/Telegram/SourceFiles/history/history_widget.cpp
+++ b/Telegram/SourceFiles/history/history_widget.cpp
@@ -5769,7 +5769,7 @@ bool HistoryWidget::canSendFiles(not_null<const QMimeData*> data) const {
 	} else if (data->hasImage()) {
 		return true;
 	} else if (const auto urls = Core::ReadMimeUrls(data); !urls.empty()) {
-		if (ranges::all_of(urls, &QUrl::isLocalFile)) {
+		if (ranges::all_of(urls, Core::UrlIsLocal)) {
 			return true;
 		}
 	}
diff --git a/Telegram/SourceFiles/platform/mac/file_utilities_mac.mm b/Telegram/SourceFiles/platform/mac/file_utilities_mac.mm
index 1447454de..a41b55f1c 100644
--- a/Telegram/SourceFiles/platform/mac/file_utilities_mac.mm
+++ b/Telegram/SourceFiles/platform/mac/file_utilities_mac.mm
@@ -8,6 +8,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 #include "platform/mac/file_utilities_mac.h"
 
 #include "base/platform/mac/base_utilities_mac.h"
+#include "core/mime_type.h"
 #include "lang/lang_keys.h"
 #include "styles/style_window.h"
 
@@ -379,6 +380,9 @@ namespace Platform {
 namespace File {
 
 QString UrlToLocal(const QUrl &url) {
+	if (!Core::UrlIsLocal(url)) {
+		return QString();
+	}
 	auto result = url.toLocalFile();
 	if (result.startsWith(u"/.file/id="_q)) {
 		NSString *nsurl = [[[NSURL URLWithString: [NSString stringWithUTF8String: (u"file://"_q + result).toUtf8().constData()]] filePathURL] path];
diff --git a/Telegram/SourceFiles/storage/storage_media_prepare.cpp b/Telegram/SourceFiles/storage/storage_media_prepare.cpp
index 36fa14097..5578d1d09 100644
--- a/Telegram/SourceFiles/storage/storage_media_prepare.cpp
+++ b/Telegram/SourceFiles/storage/storage_media_prepare.cpp
@@ -83,10 +83,9 @@ bool ValidatePhotoEditorMediaDragData(not_null<const QMimeData*> data) {
 	}
 
 	if (!urls.isEmpty()) {
-		const auto url = urls.front();
-		if (url.isLocalFile()) {
-			using namespace Core;
-			const auto file = Platform::File::UrlToLocal(url);
+		using namespace Core;
+		const auto file = Platform::File::UrlToLocal(urls.front());
+		if (!file.isEmpty()) {
 			const auto info = QFileInfo(file);
 			return FileIsImage(file, MimeTypeForFile(info).name())
 				&& QImageReader(file).canRead();
@@ -107,10 +106,10 @@ bool ValidateEditMediaDragData(
 	}
 
 	if (albumType == Ui::AlbumType::PhotoVideo && !urls.isEmpty()) {
-		const auto url = urls.front();
-		if (url.isLocalFile()) {
-			using namespace Core;
-			const auto info = QFileInfo(Platform::File::UrlToLocal(url));
+		using namespace Core;
+		const auto file = Platform::File::UrlToLocal(urls.front());
+		if (!file.isEmpty()) {
+			const auto info = QFileInfo(file);
 			return IsMimeAcceptedForPhotoVideoAlbum(MimeTypeForFile(info).name());
 		}
 	}
@@ -134,10 +133,10 @@ MimeDataState ComputeMimeDataState(const QMimeData *data) {
 
 	auto allAreSmallImages = true;
 	for (const auto &url : urls) {
-		if (!url.isLocalFile()) {
+		const auto file = Platform::File::UrlToLocal(url);
+		if (file.isEmpty()) {
 			return MimeDataState::None;
 		}
-		const auto file = Platform::File::UrlToLocal(url);
 
 		const auto info = QFileInfo(file);
 		if (info.isDir()) {
@@ -171,13 +170,13 @@ PreparedList PrepareMediaList(
 	auto locals = QStringList();
 	locals.reserve(files.size());
 	for (const auto &url : files) {
-		if (!url.isLocalFile()) {
+		locals.push_back(Platform::File::UrlToLocal(url));
+		if (locals.back().isEmpty()) {
 			return {
 				PreparedList::Error::NonLocalUrl,
 				url.toDisplayString()
 			};
 		}
-		locals.push_back(Platform::File::UrlToLocal(url));
 	}
 	return PrepareMediaList(locals, previewWidth, premium);
 }