Add ".download" for .lnk and .scf file names.

This is a workaround for some windows shell vulnerabilities. See http://www.defensecode.com/whitepapers/ Stealing-Windows-Credentials-Using-Google-Chrome.pdf
2018-03-06 19:04:47 +03:00 · 2018-03-06 19:04:47 +03:00 · dcf70b2847
commit dcf70b2847
parent cb5ba7edda
3 changed files with 37 additions and 4 deletions
--- a/Telegram/SourceFiles/data/data_document.cpp
+++ b/Telegram/SourceFiles/data/data_document.cpp
@ -65,7 +65,13 @@ bool fileIsImage(const QString &name, const QString &mime) {
 	return false;
 }

-QString saveFileName(const QString &title, const QString &filter, const QString &prefix, QString name, bool savingAs, const QDir &dir) {
+QString FileNameUnsafe(
+		const QString &title,
+		const QString &filter,
+		const QString &prefix,
+		QString name,
+		bool savingAs,
+		const QDir &dir) {
 #ifdef Q_OS_WIN
 	name = name.replace(QRegularExpression(qsl("[\\\\\\/\\:\\*\\?\\\"\\<\\>\\|]")), qsl("_"));
 #elif defined Q_OS_MAC
@ -152,6 +158,33 @@ QString saveFileName(const QString &title, const QString &filter, const QString
 	return name;
 }

+QString FileNameForSave(
+		const QString &title,
+		const QString &filter,
+		const QString &prefix,
+		QString name,
+		bool savingAs,
+		const QDir &dir) {
+	const auto result = FileNameUnsafe(
+		title,
+		filter,
+		prefix,
+		name,
+		savingAs,
+		dir);
+#ifdef Q_OS_WIN
+	const auto lower = result.trimmed().toLower();
+	const auto kBadExtensions = { qstr(".lnk"), qstr(".scf") };
+	const auto kMaskExtension = qsl(".download");
+	for (const auto extension : kBadExtensions) {
+		if (lower.endsWith(extension)) {
+			return result + kMaskExtension;
+		}
+	}
+#endif // Q_OS_WIN
+	return result;
+}
+
 QString documentSaveFilename(const DocumentData *data, bool forceSavingAs = false, const QString already = QString(), const QDir &dir = QDir()) {
 	auto alreadySavingFilename = data->loadingFilePath();
 	if (!alreadySavingFilename.isEmpty()) {
@ -195,7 +228,7 @@ QString documentSaveFilename(const DocumentData *data, bool forceSavingAs = fals
 		prefix = qsl("doc");
 	}

-	return saveFileName(caption, filter, prefix, name, forceSavingAs, dir);
+	return FileNameForSave(caption, filter, prefix, name, forceSavingAs, dir);
 }

 void DocumentOpenClickHandler::doOpen(
--- a/Telegram/SourceFiles/data/data_document.h
+++ b/Telegram/SourceFiles/data/data_document.h
@ -288,7 +288,7 @@ protected:

 };

-QString saveFileName(
+QString FileNameForSave(
 	const QString &title,
 	const QString &filter,
 	const QString &prefix,
--- a/Telegram/SourceFiles/mediaview.cpp
+++ b/Telegram/SourceFiles/mediaview.cpp
@ -821,7 +821,7 @@ void MediaView::onSaveAs() {
 			}

 			psBringToBack(this);
-			file = saveFileName(lang(lng_save_file), filter, qsl("doc"), name, true, alreadyDir);
+			file = FileNameForSave(lang(lng_save_file), filter, qsl("doc"), name, true, alreadyDir);
 			psShowOverAll(this);
 			if (!file.isEmpty() && file != location.name()) {
 				if (_doc->data().isEmpty()) {