From 3d31c0dc6447ada5a52e717a03d9d3baab6866f5 Mon Sep 17 00:00:00 2001
From: M66B <marcel@faircode.eu>
Date: Fri, 4 Jul 2014 11:47:31 +0200
Subject: [PATCH] Only allow file name for EXPORT intent

Allowing a file name for the IMPORT intent is a security risk

Refs #1784
---
 src/biz/bokhorst/xprivacy/ActivityShare.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/biz/bokhorst/xprivacy/ActivityShare.java b/src/biz/bokhorst/xprivacy/ActivityShare.java
index ff37070eb..838754d14 100644
--- a/src/biz/bokhorst/xprivacy/ActivityShare.java
+++ b/src/biz/bokhorst/xprivacy/ActivityShare.java
@@ -94,7 +94,7 @@ public class ActivityShare extends ActivityBase {
 	private boolean mAbort = false;
 	private int mProgressCurrent;
 	private int mProgressWidth = 0;
-	private String mFileName;
+	private String mFileName = null;
 	private boolean mInteractive = false;
 
 	private static final int STATE_WAITING = 0;
@@ -153,7 +153,8 @@ protected void onCreate(Bundle savedInstanceState) {
 		final int[] uids = (extras != null && extras.containsKey(cUidList) ? extras.getIntArray(cUidList) : new int[0]);
 		final String restrictionName = (extras != null ? extras.getString(cRestriction) : null);
 		int choice = (extras != null && extras.containsKey(cChoice) ? extras.getInt(cChoice) : -1);
-		mFileName = (extras != null && extras.containsKey(cFileName) ? extras.getString(cFileName) : null);
+		if (action.equals(ACTION_EXPORT))
+			mFileName = (extras != null && extras.containsKey(cFileName) ? extras.getString(cFileName) : null);
 
 		// License check
 		if (action.equals(ACTION_IMPORT) || action.equals(ACTION_EXPORT)