From 9604fb9bd038cef44cd45c604b085e9dd415b1e0 Mon Sep 17 00:00:00 2001
From: Julian Sparber <julian@sparber.net>
Date: Tue, 13 Sep 2022 22:37:39 +0200
Subject: [PATCH] room-history: Remove open action for files

Some files could contain malicious code. E.g. htm/html files can contain
an explode to take over a web browser. This makes it a little bit harder
to open a file by mistake.

Note: this resolves a security issue that was identified by the security
audit.

Part-of: <https://gitlab.gnome.org/GNOME/fractal/-/merge_requests/1153>
---
 data/resources/ui/content-message-file.ui | 25 +++------
 src/session/room/event_actions.rs         | 63 +----------------------
 2 files changed, 7 insertions(+), 81 deletions(-)

diff --git a/data/resources/ui/content-message-file.ui b/data/resources/ui/content-message-file.ui
index afba9c9d..c0e0db26 100644
--- a/data/resources/ui/content-message-file.ui
+++ b/data/resources/ui/content-message-file.ui
@@ -13,28 +13,15 @@
           </object>
         </child>
         <child>
-          <object class="GtkBox">
-              <property name="visible" bind-source="ContentMessageFile" bind-property="compact" bind-flags="sync-create | invert-boolean"/>
-              <child>
-                <object class="GtkButton" id="open">
-                  <property name="icon-name">document-open-symbolic</property>
-                  <property name="tooltip-text" translatable="yes">Open</property>
-                  <property name="action-name">event.file-open</property>
-                </object>
-              </child>
-              <child>
-                <object class="GtkButton" id="save">
-                  <property name="icon-name">document-save-symbolic</property>
-                  <property name="tooltip-text" translatable="yes">Save</property>
-                  <property name="action-name">event.file-save</property>
-                </object>
-              </child>
-              <style>
-                <class name="linked"/>
-              </style>
+          <object class="GtkButton" id="save">
+            <property name="visible" bind-source="ContentMessageFile" bind-property="compact" bind-flags="sync-create | invert-boolean"/>
+            <property name="icon-name">document-save-symbolic</property>
+            <property name="tooltip-text" translatable="yes">Save</property>
+            <property name="action-name">event.file-save</property>
           </object>
         </child>
       </object>
     </child>
   </template>
 </interface>
+
diff --git a/src/session/room/event_actions.rs b/src/session/room/event_actions.rs
index e3169925..2e750c4a 100644
--- a/src/session/room/event_actions.rs
+++ b/src/session/room/event_actions.rs
@@ -10,9 +10,7 @@ use crate::{
         event_source_dialog::EventSourceDialog,
         room::{Event, RoomAction, SupportedEvent},
     },
-    spawn, spawn_tokio, toast,
-    utils::cache_dir,
-    UserFacingError, Window,
+    spawn, spawn_tokio, toast, UserFacingError, Window,
 };
 
 // This is only save because the trait `EventActions` can
@@ -184,15 +182,6 @@ where
                             widget.save_event_file(event);
                             })
                         );
-
-                        // Open message's file
-                        gtk_macros::action!(
-                            &action_group,
-                            "file-open",
-                            clone!(@weak self as widget, @weak event => move |_, _| {
-                            widget.open_event_file(event);
-                            })
-                        );
                     }
                     MessageType::Emote(message) => {
                         gtk_macros::action!(
@@ -290,54 +279,4 @@ where
             })
         );
     }
-
-    /// Open the file in `event`.
-    ///
-    /// See [`SupportedEvent::get_media_content()`] for compatible events.
-    /// Panics on an incompatible event.
-    fn open_event_file(&self, event: SupportedEvent) {
-        spawn!(
-            glib::PRIORITY_LOW,
-            clone!(@weak self as obj => async move {
-                let (uid, filename, data) = match event.get_media_content().await {
-                    Ok(res) => res,
-                    Err(err) => {
-                        error!("Could not get file: {}", err);
-                        toast!(obj, err.to_user_facing());
-
-                        return;
-                    }
-                };
-
-                let mut path = cache_dir();
-                path.push(uid);
-                if !path.exists() {
-                    let dir = gio::File::for_path(path.clone());
-                    dir.make_directory_with_parents(gio::Cancellable::NONE)
-                        .unwrap();
-                }
-
-                path.push(filename);
-                let file = gio::File::for_path(path);
-
-                file.replace_contents(
-                    &data,
-                    None,
-                    false,
-                    gio::FileCreateFlags::REPLACE_DESTINATION,
-                    gio::Cancellable::NONE,
-                )
-                .unwrap();
-
-                if let Err(error) = gio::AppInfo::launch_default_for_uri_future(
-                    &file.uri(),
-                    gio::AppLaunchContext::NONE,
-                )
-                .await
-                {
-                    error!("Error opening file '{}': {}", file.uri(), error);
-                }
-            })
-        );
-    }
 }