Skip to content

Commit

Permalink
Push: Do not allow app data to override service fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@mar-v-in @YT-Advanced
mar-v-in authored and YT-Advanced committed May 5, 2024
1 parent d2169ad commit bc0e469
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions play-services-core/src/main/java/org/microg/gms/gcm/McsService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicInteger;

import javax.net.ssl.SSLContext;
Expand Down Expand Up @@ -560,6 +561,10 @@ private void handleAppMessage(DataMessageStanza msg) {
intent.addFlags(Intent.FLAG_EXCLUDE_STOPPED_PACKAGES);
}
for (AppData appData : msg.app_data) {
if (appData.key == null) continue;
String key = appData.key.toLowerCase(Locale.US);
// Some keys are exclusively set by the client and not the app.
if (key.equals(EXTRA_FROM) || (key.startsWith("google.") && !key.startsWith("google.c."))) continue;
intent.putExtra(appData.key, appData.value_);
}

Expand Down

0 comments on commit bc0e469

Please sign in to comment.