Fix an issue that download filename from content disposition is not sanitized

chrome/android/java/src/org/chromium/chrome/browser/download/ChromeDownloadDelegate.java

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chrome.browser.download;
 
 import android.Manifest.permission;
 import android.app.Activity;
 import android.app.DownloadManager;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.net.Uri;
 import android.os.AsyncTask;
 import android.os.Environment;
 import android.support.v7.app.AlertDialog;
 import android.text.TextUtils;
 import android.util.Pair;
 import android.view.View;
 import android.webkit.MimeTypeMap;
-import android.webkit.URLUtil;
 import android.widget.TextView;
 
 import org.chromium.base.Log;
 import org.chromium.base.ThreadUtils;
-import org.chromium.base.VisibleForTesting;
 import org.chromium.base.annotations.CalledByNative;
 import org.chromium.chrome.R;
 import org.chromium.chrome.browser.infobar.InfoBarIdentifier;
 import org.chromium.chrome.browser.infobar.SimpleConfirmInfoBarBuilder;
 import org.chromium.chrome.browser.tab.EmptyTabObserver;
 import org.chromium.chrome.browser.tab.Tab;
 import org.chromium.chrome.browser.tabmodel.TabModelSelector;
 import org.chromium.content.browser.ContentViewDownloadDelegate;
 import org.chromium.content.browser.DownloadController;
 import org.chromium.content.browser.DownloadInfo;
@@ skipping 132 matching lines @@
             // If the intent is resolved to ourselves, we don't want to attempt to load the url
             // only to try and download it again.
             if (DownloadManagerService.openIntent(mContext, intent, false)) {
                 return;
             }
         }
         onDownloadStartNoStream(downloadInfo);
     }
 
     /**
-     * Decide the file name of the final download. The file extension is derived
-     * from the MIME type.
-     * @param url The full URL to the content that should be downloaded.
-     * @param mimeType The MIME type of the content reported by the server.
-     * @param contentDisposition Content-Disposition HTTP header, if present.
-     * @return The best guess of the file name for the downloaded object.
-     */
-    @VisibleForTesting
-    public static String fileName(String url, String mimeType, String contentDisposition) {
-        // URLUtil#guessFileName will prefer the MIME type extension over
-        // the file extension only if the latter is of a known MIME type.
-        // Therefore for things like "file.php" with Content-Type PDF, it will
-        // still generate file names like "file.php" instead of "file.pdf".
-        // If that's the case, rebuild the file extension from the MIME type.
-        String fileName = URLUtil.guessFileName(url, contentDisposition, mimeType);
-        int dotIndex = fileName.lastIndexOf('.');
-        if (mimeType != null
-                && !mimeType.isEmpty()
-                && dotIndex > 1  // at least one char before the '.'
-                && dotIndex < fileName.length()) { // '.' should not be the last char
-            MimeTypeMap mimeTypeMap = MimeTypeMap.getSingleton();
-
-            String fileRoot = fileName.substring(0, dotIndex);
-            String fileExtension = fileName.substring(dotIndex + 1);
-            String fileExtensionMimeType =
-                    mimeTypeMap.getMimeTypeFromExtension(fileExtension);
-
-            // If the file extension's official MIME type and {@code mimeType}
-            // are the same, simply use the file extension.
-            // If not, extension derived from {@code mimeType} is preferred.
-            if (mimeType.equals(fileExtensionMimeType)) {
-                fileName = fileRoot + "." + fileExtension;
-            } else {
-                String mimeExtension =
-                        mimeTypeMap.getExtensionFromMimeType(mimeType);
-
-                if (mimeExtension != null && !mimeExtension.equals(fileExtension)) {
-                    fileName = fileRoot + "." + mimeExtension;
-                }
-            }
-        }
-        return fileName;
-    }
-
-    /**
      * Notify the host application a download should be done, even if there is a
      * streaming viewer available for this type.
      *
      * @param downloadInfo Information about the download.
      */
     protected void onDownloadStartNoStream(final DownloadInfo downloadInfo) {
-        final String newMimeType = remapGenericMimeType(
-                downloadInfo.getMimeType(),
-                downloadInfo.getUrl(),
-                downloadInfo.getFileName());
-        final String fileName = TextUtils.isEmpty(downloadInfo.getFileName())
-                ? fileName(downloadInfo.getUrl(), newMimeType, downloadInfo.getContentDisposition())
-                : downloadInfo.getFileName();
+        final String fileName = downloadInfo.getFileName();
+        assert !TextUtils.isEmpty(fileName);
+        final String newMimeType =
+                remapGenericMimeType(downloadInfo.getMimeType(), downloadInfo.getUrl(), fileName);
         new AsyncTask<Void, Void, Object[]>() {
             @Override
             protected Object[] doInBackground(Void... params) {
                 // Check to see if we have an SDCard.
                 String status = Environment.getExternalStorageState();
                 Pair<String, String> result = getDownloadDirectoryNameAndFullPath();
                 String dirName = result.first;
                 String fullDirPath = result.second;
                 boolean fileExists = doesFileAlreadyExists(fullDirPath, fileName);
 
@@ skipping 431 matching lines @@
     private static native String nativeGetDownloadWarningText(String filename);
     private static native boolean nativeIsDownloadDangerous(String filename);
     private static native void nativeDangerousDownloadValidated(
             Object tab, int downloadId, boolean accept);
     private static native void nativeLaunchDownloadOverwriteInfoBar(ChromeDownloadDelegate delegate,
             Tab tab, DownloadInfo downloadInfo, String fileName, String dirName,
             String dirFullPath);
     private static native void nativeLaunchPermissionUpdateInfoBar(
             Tab tab, String permission, long callbackId);
 }