diff options
author | Marc Blank <mblank@google.com> | 2011-09-20 15:17:08 -0700 |
---|---|---|
committer | Marc Blank <mblank@google.com> | 2011-09-21 11:03:04 -0700 |
commit | 5870214d6c4991dd0a863bcd097860ddd896cab6 (patch) | |
tree | c79f459c3d7dad9402a8304930ee38a1a7d8e4af | |
parent | a552c03ddc12121e59d1fb88138d34290b032077 (diff) | |
download | android_packages_apps_Exchange-5870214d6c4991dd0a863bcd097860ddd896cab6.tar.gz android_packages_apps_Exchange-5870214d6c4991dd0a863bcd097860ddd896cab6.tar.bz2 android_packages_apps_Exchange-5870214d6c4991dd0a863bcd097860ddd896cab6.zip |
Remove illegal characters from EAS 2.5 attachment file names
* For some reason, EAS 2.5 sends us partially encoded file names,
which we use to specify attachments to be loaded.
* It turns out that these file names aren't properly encoded for
EAS's use in the GetAttachment command; some additional characters
must be escaped using %nn.
* We now check for EAS 2.5 and escape illegal characters
Bug: 5341416
Change-Id: Ie112359e139581c8ae31e40869b2fa0e568d7f65
3 files changed, 285 insertions, 1 deletions
diff --git a/src/com/android/exchange/adapter/AttachmentLoader.java b/src/com/android/exchange/adapter/AttachmentLoader.java index 38b77d20..1d79267f 100644 --- a/src/com/android/exchange/adapter/AttachmentLoader.java +++ b/src/com/android/exchange/adapter/AttachmentLoader.java @@ -31,6 +31,8 @@ import com.android.exchange.EasResponse; import com.android.exchange.EasSyncService; import com.android.exchange.ExchangeService; import com.android.exchange.PartRequest; +import com.android.exchange.utility.UriCodec; +import com.google.common.annotations.VisibleForTesting; import org.apache.http.HttpStatus; @@ -136,6 +138,26 @@ public class AttachmentLoader { } } + @VisibleForTesting + static String encodeForExchange2003(String str) { + AttachmentNameEncoder enc = new AttachmentNameEncoder(); + StringBuilder sb = new StringBuilder(str.length() + 16); + enc.appendPartiallyEncoded(sb, str); + return sb.toString(); + } + + /** + * Encoder for Exchange 2003 attachment names. They come from the server partially encoded, + * but there are still possible characters that need to be encoded (Why, MSFT, why?) + */ + private static class AttachmentNameEncoder extends UriCodec { + @Override protected boolean isRetained(char c) { + // These four characters are commonly received in EAS 2.5 attachment names and are + // valid (verified by testing); we won't encode them + return c == '_' || c == ':' || c == '/' || c == '.'; + } + } + /** * Loads an attachment, based on the PartRequest passed in the constructor * @throws IOException @@ -159,7 +181,13 @@ public class AttachmentLoader { s.end().end().done(); // ITEMS_FETCH, ITEMS_ITEMS resp = mService.sendHttpClientPost("ItemOperations", s.toByteArray()); } else { - String cmd = "GetAttachment&AttachmentName=" + mAttachment.mLocation; + String location = mAttachment.mLocation; + // For Exchange 2003 (EAS 2.5), we have to look for illegal characters in the file name + // that EAS sent to us! + if (mService.mProtocolVersionDouble < Eas.SUPPORTED_PROTOCOL_EX2007_DOUBLE) { + location = encodeForExchange2003(location); + } + String cmd = "GetAttachment&AttachmentName=" + location; resp = mService.sendHttpClientPost(cmd, null, EasSyncService.COMMAND_TIMEOUT); } diff --git a/src/com/android/exchange/utility/UriCodec.java b/src/com/android/exchange/utility/UriCodec.java new file mode 100644 index 00000000..d8811c61 --- /dev/null +++ b/src/com/android/exchange/utility/UriCodec.java @@ -0,0 +1,216 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.exchange.utility; + +import java.io.ByteArrayOutputStream; +import java.net.URISyntaxException; +import java.nio.charset.Charset; +import java.nio.charset.Charsets; + +// Note: This class copied verbatim from libcore.net + +/** + * Encodes and decodes {@code application/x-www-form-urlencoded} content. + * Subclasses define exactly which characters are legal. + * + * <p>By default, UTF-8 is used to encode escaped characters. A single input + * character like "\u0080" may be encoded to multiple octets like %C2%80. + */ +public abstract class UriCodec { + + /** + * Returns true if {@code c} does not need to be escaped. + */ + protected abstract boolean isRetained(char c); + + /** + * Throws if {@code s} is invalid according to this encoder. + */ + public final String validate(String uri, int start, int end, String name) + throws URISyntaxException { + for (int i = start; i < end; ) { + char ch = uri.charAt(i); + if ((ch >= 'a' && ch <= 'z') + || (ch >= 'A' && ch <= 'Z') + || (ch >= '0' && ch <= '9') + || isRetained(ch)) { + i++; + } else if (ch == '%') { + if (i + 2 >= end) { + throw new URISyntaxException(uri, "Incomplete % sequence in " + name, i); + } + int d1 = hexToInt(uri.charAt(i + 1)); + int d2 = hexToInt(uri.charAt(i + 2)); + if (d1 == -1 || d2 == -1) { + throw new URISyntaxException(uri, "Invalid % sequence: " + + uri.substring(i, i + 3) + " in " + name, i); + } + i += 3; + } else { + throw new URISyntaxException(uri, "Illegal character in " + name, i); + } + } + return uri.substring(start, end); + } + + /** + * Throws if {@code s} contains characters that are not letters, digits or + * in {@code legal}. + */ + public static void validateSimple(String s, String legal) + throws URISyntaxException { + for (int i = 0; i < s.length(); i++) { + char ch = s.charAt(i); + if (!((ch >= 'a' && ch <= 'z') + || (ch >= 'A' && ch <= 'Z') + || (ch >= '0' && ch <= '9') + || legal.indexOf(ch) > -1)) { + throw new URISyntaxException(s, "Illegal character", i); + } + } + } + + /** + * Encodes {@code s} and appends the result to {@code builder}. + * + * @param isPartiallyEncoded true to fix input that has already been + * partially or fully encoded. For example, input of "hello%20world" is + * unchanged with isPartiallyEncoded=true but would be double-escaped to + * "hello%2520world" otherwise. + */ + private void appendEncoded(StringBuilder builder, String s, Charset charset, + boolean isPartiallyEncoded) { + if (s == null) { + throw new NullPointerException(); + } + + int escapeStart = -1; + for (int i = 0; i < s.length(); i++) { + char c = s.charAt(i); + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || isRetained(c) + || (c == '%' && isPartiallyEncoded)) { + if (escapeStart != -1) { + appendHex(builder, s.substring(escapeStart, i), charset); + escapeStart = -1; + } + if (c == '%' && isPartiallyEncoded) { + // this is an encoded 3-character sequence like "%20" + builder.append(s, i, i + 3); + i += 2; + } else if (c == ' ') { + builder.append('+'); + } else { + builder.append(c); + } + } else if (escapeStart == -1) { + escapeStart = i; + } + } + if (escapeStart != -1) { + appendHex(builder, s.substring(escapeStart, s.length()), charset); + } + } + + public final String encode(String s, Charset charset) { + // Guess a bit larger for encoded form + StringBuilder builder = new StringBuilder(s.length() + 16); + appendEncoded(builder, s, charset, false); + return builder.toString(); + } + + public final void appendEncoded(StringBuilder builder, String s) { + appendEncoded(builder, s, Charsets.UTF_8, false); + } + + public final void appendPartiallyEncoded(StringBuilder builder, String s) { + appendEncoded(builder, s, Charsets.UTF_8, true); + } + + /** + * @param convertPlus true to convert '+' to ' '. + */ + public static String decode(String s, boolean convertPlus, Charset charset) { + if (s.indexOf('%') == -1 && (!convertPlus || s.indexOf('+') == -1)) { + return s; + } + + StringBuilder result = new StringBuilder(s.length()); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + for (int i = 0; i < s.length();) { + char c = s.charAt(i); + if (c == '%') { + do { + if (i + 2 >= s.length()) { + throw new IllegalArgumentException("Incomplete % sequence at: " + i); + } + int d1 = hexToInt(s.charAt(i + 1)); + int d2 = hexToInt(s.charAt(i + 2)); + if (d1 == -1 || d2 == -1) { + throw new IllegalArgumentException("Invalid % sequence " + + s.substring(i, i + 3) + " at " + i); + } + out.write((byte) ((d1 << 4) + d2)); + i += 3; + } while (i < s.length() && s.charAt(i) == '%'); + result.append(new String(out.toByteArray(), charset)); + out.reset(); + } else { + if (convertPlus && c == '+') { + c = ' '; + } + result.append(c); + i++; + } + } + return result.toString(); + } + + /** + * Like {@link Character#digit}, but without support for non-ASCII + * characters. + */ + private static int hexToInt(char c) { + if ('0' <= c && c <= '9') { + return c - '0'; + } else if ('a' <= c && c <= 'f') { + return 10 + (c - 'a'); + } else if ('A' <= c && c <= 'F') { + return 10 + (c - 'A'); + } else { + return -1; + } + } + + public static String decode(String s) { + return decode(s, false, Charsets.UTF_8); + } + + private static void appendHex(StringBuilder builder, String s, Charset charset) { + for (byte b : s.getBytes(charset)) { + appendHex(builder, b); + } + } + + private static void appendHex(StringBuilder sb, byte b) { + sb.append('%'); + sb.append(Byte.toHexString(b, true)); + } +} diff --git a/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java b/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java new file mode 100644 index 00000000..2e16ac82 --- /dev/null +++ b/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java @@ -0,0 +1,40 @@ +/* Copyright (C) 2011 The Android Open Source Project. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * You can run this entire test case with: + * runtest -c com.android.exchange.adapter.AttachmentLoaderTests exchange + */ +package com.android.exchange.adapter; + +import android.test.AndroidTestCase; +import android.test.suitebuilder.annotation.SmallTest; + +@SmallTest +public class AttachmentLoaderTests extends AndroidTestCase { + private static final String TEST_LOCATION = + "Inbox/FW:%204G%20Netbook%20|%20Now%20Available%20for%20Order.EML/image012.jpg"; + + public void testEncodeForExchange2003() { + assertEquals("abc", AttachmentLoader.encodeForExchange2003("abc")); + // We don't encode the four characters after abc + assertEquals("abc_:/.", AttachmentLoader.encodeForExchange2003("abc_:/.")); + // We don't re-encode escaped characters + assertEquals("%20%33", AttachmentLoader.encodeForExchange2003("%20%33")); + // Test with the location that failed in use + assertEquals(TEST_LOCATION.replace("|", "%7C"), + AttachmentLoader.encodeForExchange2003(TEST_LOCATION)); + } +} |