Created
April 9, 2014 20:15
-
-
Save Thorsten1976/10309867 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From fe5886ca195b78f8bcbfac5a356fd2d464ec6c40 Mon Sep 17 00:00:00 2001 | |
| From: Thorsten Giesecke <thorsten@giesecke.org> | |
| Date: Tue, 8 Apr 2014 01:10:40 +0200 | |
| Subject: [PATCH] Vulnerability fix for | |
| http://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf | |
| (introduced with Kitkat) | |
| --- | |
| TV-Browser/proguard-project.txt | 3 +++ | |
| .../org/tvbrowser/settings/TvbPreferencesActivity.java | 18 ++++++++++++++++-- | |
| 2 files changed, 19 insertions(+), 2 deletions(-) | |
| diff --git a/TV-Browser/proguard-project.txt b/TV-Browser/proguard-project.txt | |
| index f2fe155..dc6a916 100644 | |
| --- a/TV-Browser/proguard-project.txt | |
| +++ b/TV-Browser/proguard-project.txt | |
| @@ -18,3 +18,6 @@ | |
| #-keepclassmembers class fqcn.of.javascript.interface.for.webview { | |
| # public *; | |
| #} | |
| + | |
| +# required for PreferenceActivity#isValidFragment(String) | |
| +-keep public class org.tvbrowser.settings.TvbPreferenceFragment | |
| \ No newline at end of file | |
| diff --git a/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java b/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java | |
| index 6526e0d..311c541 100644 | |
| --- a/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java | |
| +++ b/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java | |
| @@ -20,10 +20,13 @@ import java.util.List; | |
| import org.tvbrowser.tvbrowser.R; | |
| +import android.annotation.TargetApi; | |
| import android.content.Context; | |
| import android.content.SharedPreferences; | |
| +import android.os.Build; | |
| import android.os.Bundle; | |
| import android.preference.PreferenceActivity; | |
| +import android.util.Log; | |
| public class TvbPreferencesActivity extends PreferenceActivity { | |
| @Override | |
| @@ -34,8 +37,19 @@ public class TvbPreferencesActivity extends PreferenceActivity { | |
| super.onCreate(savedInstanceState); | |
| } | |
| - | |
| - @Override | |
| + | |
| + /** | |
| + * Vulnerability fix as mentioned here: | |
| + * http://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf | |
| + */ | |
| + @Override | |
| + @TargetApi(Build.VERSION_CODES.KITKAT) | |
| + protected boolean isValidFragment(final String fragmentName) { | |
| + return "org.tvbrowser.settings.TvbPreferenceFragment".equals(fragmentName) || | |
| + super.isValidFragment(fragmentName); | |
| + } | |
| + | |
| + @Override | |
| public void onBuildHeaders(List<Header> target) { | |
| loadHeadersFromResource(R.xml.tvbrowser_preferences_header, target); | |
| -- | |
| 1.8.5.2.msysgit.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment