search

TeamAmaze / AmazeFileManager

Material design file manager for Android
https://teamamaze.xyz
GNU General Public License v3.0
5.25k stars 1.56k forks source link

Opening file from SMB server leaks smb login password in the file path and fails to open file #2721

Open undefs opened 3 years ago

undefs commented 3 years ago

Describe the bug Say I'm opening a file in default browser from smb server folder. Normally opening a file with simple tap produces path like this 127.0.0.1:PORT/path, which works as expected. But if I open a file using "Open with" menu, it produces a path like this content://com.amaze...etc.../USERNAME:PASSWORD@IP/path , which leaks credentials to third party apps (eg: browser). As a result, file fails to open.

To Reproduce Steps to reproduce the behavior:

  1. Open any folder from smb connection.
  2. Click menu icon of a file.
  3. Click 'Open With' option and select file format.
  4. Select an App to open the file.

Smartphone:

gargamel17 commented 1 year ago

Hello, the problem is still present. Any status update about it ? Thanks

TranceLove commented 1 year ago

@gargamel17 I think PR #3661 will be targeting it too. Regressions brought by this refactoring is forcing me to fix this too 🥲