Merge pull request #70 from pingping-jiang6141/master

漏洞修改

Author: yltwust

Engine/AndroidManifest.xml

@@ -60,7 +60,8 @@
         <!-- push -->
         <service
             android:name="org.zywx.wbpalmstar.platform.push.PushService"
-           android:process=":push"
+            android:process=":push"
+            android:exported="false"
             android:enabled="true" />
 
         <receiver
@@ -71,7 +72,7 @@
         </receiver>
 
         <receiver
-            android:name="org.zywx.wbpalmstar.platform.push.PushRecieveMsgReceiver">
+            android:name="org.zywx.wbpalmstar.platform.push.PushRecieveMsgReceiver" android:exported="false">
             <intent-filter>
                 <action android:name="org.zywx.push.receive" />
             </intent-filter>

Engine/src/org/zywx/wbpalmstar/base/FileHelper.java

@@ -24,10 +24,12 @@
 import java.io.*;
 
 public class FileHelper {
+	public static final String SDCARD = Environment
+			.getExternalStorageDirectory().getPath();
 
 	public static String getSDcardPath() {
 		if (Environment.getExternalStorageState().equals(Environment.MEDIA_MOUNTED)) {
-			return "/sdcard/";
+			return SDCARD + "/";
 		}
 		return null;
 	}

Engine/src/org/zywx/wbpalmstar/engine/EBrowserActivity.java

@@ -31,6 +31,7 @@
 import android.os.*;
 import android.os.Process;
 import android.support.v4.app.FragmentActivity;
+import android.support.v4.content.LocalBroadcastManager;
 import android.view.KeyEvent;
 import android.view.View;
 import android.view.Window;
@@ -232,6 +233,8 @@ public final boolean customViewShown() {
 	}
 
 	public void setContentViewVisible(){
+		final LocalBroadcastManager broadcastManager = LocalBroadcastManager
+				.getInstance(this);
 		mEHandler.postDelayed(new Runnable() {
 			@Override
 			public void run() {
@@ -240,7 +243,7 @@ public void run() {
 					public void run() {
 						getWindow().setBackgroundDrawable(new ColorDrawable(0xFFFFFFFF));
 						Intent intent=new Intent(LoadingActivity.BROADCAST_ACTION);
-						sendBroadcast(intent);
+						broadcastManager.sendBroadcast(intent);
 					}
 				});
 			}
@@ -415,34 +418,33 @@ public void handleIntent(Intent intent){
 	    if(intent == null){
 	        return;
 	    }
-        Intent firstIntent = getIntent();
-        int type = 0;
         try {
-            type = intent.getIntExtra("ntype", 0);
-        }catch (Exception e){
+			Intent firstIntent = getIntent();
+			int type = intent.getIntExtra("ntype", 0);;
+			switch (type) {
+			case ENotification.F_TYPE_PUSH:
+			    if (null != mBrowser) {
+			        String data = intent.getStringExtra("data");
+					String pushMessage = intent.getStringExtra("message");
+			        firstIntent.putExtra("data", data);
+					firstIntent.putExtra("message", pushMessage);
+			        mBrowser.pushNotify();
+			    }
+			    break;
+			case ENotification.F_TYPE_USER:
 
-        }
-        switch (type) {
-        case ENotification.F_TYPE_PUSH:
-            if (null != mBrowser) {
-                String data = intent.getStringExtra("data");
-				String pushMessage = intent.getStringExtra("message");
-                firstIntent.putExtra("data", data);
-				firstIntent.putExtra("message", pushMessage);
-                mBrowser.pushNotify();
-            }
-            break;
-        case ENotification.F_TYPE_USER:
-
-            break;
-        case ENotification.F_TYPE_SYS:
-
-            break;
-        default:
-            getIntentData(intent);
-            firstIntent.putExtras(intent);
-            break;
-        }
+			    break;
+			case ENotification.F_TYPE_SYS:
+
+			    break;
+			default:
+			    getIntentData(intent);
+			    firstIntent.putExtras(intent);
+			    break;
+			}
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
 	}
 
 	public final void exitApp(boolean showDilog) {
@@ -800,18 +802,22 @@ public void handleMessage(Message msg) {
 				initEngine(msg);
 				break;
 			case F_MSG_LOAD_DELAY:
-				Intent intent = getIntent();
-				int type = intent.getIntExtra("ntype", 0);
-				switch (type) {
-				case ENotification.F_TYPE_PUSH:
-					mBrowser.setFromPush(true);
-					break;
-				case ENotification.F_TYPE_USER:
-					// onNewIntent(intent);
+				try {
+					Intent intent = getIntent();
+					int type = intent.getIntExtra("ntype", 0);
+					switch (type) {
+					case ENotification.F_TYPE_PUSH:
+						mBrowser.setFromPush(true);
+						break;
+					case ENotification.F_TYPE_USER:
+						// onNewIntent(intent);
+						break;
+					}
+					mBrowser.start();
 					break;
+				} catch (Exception e) {
+					e.printStackTrace();
 				}
-				mBrowser.start();
-				break;
 			case F_MSG_LOAD_HIDE_SH:
 				mScreen.setVisibility(View.VISIBLE);
 				setContentViewVisible();

Engine/src/org/zywx/wbpalmstar/engine/EBrowserWidget.java

@@ -82,7 +82,7 @@ public EBrowserWidget(Context context, WWidgetData inWidget,
 		setAlwaysDrawnWithCacheEnabled(false);
 		EUtil.viewBaseSetting(this);
 		mPres = mContext.getSharedPreferences("saveData",
-                Context.MODE_WORLD_READABLE);
+                Context.MODE_PRIVATE);
 		mPushNotifyWindName = mPres.getString(BConstant.F_PUSH_WIN_NAME, "");
 		mPushNotifyFunctionName = mPres.getString(BConstant.F_PUSH_NOTI_FUN_NAME, "");
 	}

Engine/src/org/zywx/wbpalmstar/engine/LoadingActivity.java

@@ -9,6 +9,7 @@
 import android.graphics.Bitmap;
 import android.os.Bundle;
 import android.os.Handler;
+import android.support.v4.content.LocalBroadcastManager;
 import android.util.DisplayMetrics;
 import android.util.TypedValue;
 import android.view.Gravity;
@@ -40,10 +41,13 @@ public class LoadingActivity extends Activity {
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
-        Intent intent=getIntent();
-        if (intent!=null) {
-            isTemp = intent.getBooleanExtra("isTemp", false);
-        }
+        try {
+			Intent intent=getIntent();
+			if (intent!=null) {
+			    isTemp = intent.getBooleanExtra("isTemp", false);
+			}
+		} catch (Exception exception) {
+		}
         FrameLayout rootLayout=new FrameLayout(this);
         FrameLayout.LayoutParams layoutParams=new FrameLayout.LayoutParams(FrameLayout.LayoutParams.MATCH_PARENT, FrameLayout.LayoutParams.MATCH_PARENT);
         rootLayout.setLayoutParams(layoutParams);
@@ -74,7 +78,8 @@ public void run() {
         mBroadcastReceiver = new MyBroadcastReceiver();
               IntentFilter intentFilter = new IntentFilter();
                intentFilter.addAction(BROADCAST_ACTION);
-        registerReceiver(mBroadcastReceiver, intentFilter);
+		LocalBroadcastManager.getInstance(this).registerReceiver(
+				mBroadcastReceiver, intentFilter);
         if (EBrowserActivity.develop) {
             TextView worn = new TextView(this);
             worn.setText(EUExUtil.getString("platform_only_test"));
@@ -118,7 +123,8 @@ public void onBackPressed() {
     @Override
     protected void onDestroy() {
         super.onDestroy();
-        unregisterReceiver(mBroadcastReceiver);
+		LocalBroadcastManager.getInstance(this).unregisterReceiver(
+				mBroadcastReceiver);
     }
 
     private class MyBroadcastReceiver extends BroadcastReceiver {

Engine/src/org/zywx/wbpalmstar/engine/TempActivity.java

@@ -8,6 +8,7 @@
 import android.graphics.Bitmap;
 import android.os.Bundle;
 import android.os.Handler;
+import android.support.v4.content.LocalBroadcastManager;
 import android.util.DisplayMetrics;
 import android.util.TypedValue;
 import android.view.Gravity;
@@ -67,10 +68,13 @@ protected void onCreate(Bundle savedInstanceState) {
             rootLayout.addView(worn);
         }
         setContentView(rootLayout);
-        Intent intent=getIntent();
-        if (intent!=null){
-            isTemp=intent.getBooleanExtra("isTemp",false);
-        }
+        try {
+			Intent intent=getIntent();
+			if (intent!=null){
+			    isTemp=intent.getBooleanExtra("isTemp",false);
+			}
+		} catch (Exception exception) {
+		}
 //        mHandler.postDelayed(new Runnable() {
 //            @Override
 //            public void run() {
@@ -84,7 +88,8 @@ protected void onCreate(Bundle savedInstanceState) {
           mBroadcastReceiver = new MyBroadcastReceiver();
               IntentFilter intentFilter = new IntentFilter();
                intentFilter.addAction(BROADCAST_ACTION);
-        registerReceiver(mBroadcastReceiver, intentFilter);
+		LocalBroadcastManager.getInstance(this).registerReceiver(
+				mBroadcastReceiver, intentFilter);
 		try {
 			getWindow().clearFlags(
 					WindowManager.LayoutParams.class.getField(
@@ -110,7 +115,8 @@ public void onBackPressed() {
     @Override
     protected void onDestroy() {
         super.onDestroy();
-        unregisterReceiver(mBroadcastReceiver);
+		LocalBroadcastManager.getInstance(this).unregisterReceiver(
+				mBroadcastReceiver);
     }
 
     private class MyBroadcastReceiver extends BroadcastReceiver {

Engine/src/org/zywx/wbpalmstar/engine/universalex/EUExWidget.java

@@ -746,7 +746,7 @@ public void run() {
 
 	public void getPushState(String[] parm) {
 		SharedPreferences sp = mContext.getSharedPreferences("saveData",
-				Context.MODE_WORLD_READABLE);
+				Context.MODE_PRIVATE);
 		String pushMes = sp.getString("pushMes", "0");
 		String localPushMes = sp.getString("localPushMes", pushMes);
 		jsCallback(function_getPushState, 0, EUExCallback.F_C_INT,
@@ -759,13 +759,16 @@ public void getPushInfo(String[] parm) {
 			type = parm[0];
 		}
 		String userInfo = null;
-		if (PUSH_MSG_ALL.equals(type)) {
-			// 获取推送消息所有内容
-			userInfo = ((EBrowserActivity) mContext).getIntent()
-					.getStringExtra(BUNDLE_MESSAGE);
-		} else {
-			userInfo = ((EBrowserActivity) mContext).getIntent()
-					.getStringExtra(BUNDLE_DATA);
+		try {
+			if (PUSH_MSG_ALL.equals(type)) {
+				// 获取推送消息所有内容
+				userInfo = ((EBrowserActivity) mContext).getIntent()
+						.getStringExtra(BUNDLE_MESSAGE);
+			} else {
+				userInfo = ((EBrowserActivity) mContext).getIntent()
+						.getStringExtra(BUNDLE_DATA);
+			}
+		} catch (Exception e) {
 		}
 		((WidgetOneApplication) mContext.getApplicationContext()).getPushInfo(
 				userInfo, System.currentTimeMillis() + "");

Engine/src/org/zywx/wbpalmstar/platform/myspace/MySpaceView.java

@@ -125,7 +125,7 @@ public void run() {
 	}
 
 	private void initParams() {
-		sp = getContext().getSharedPreferences(USER_SP_NAME, Context.MODE_WORLD_READABLE);
+		sp = getContext().getSharedPreferences(USER_SP_NAME, Context.MODE_PRIVATE);
 		lastUpdateRecmdDay = sp.getInt(USER_SP_LAST_UPDATE_RECMD_APPS_TIME, 0);
 		currentLoginInfo = getLoginInfo();
 		newLoginInfo = new LoginInfo();

Engine/src/org/zywx/wbpalmstar/platform/push/mqttpush/MQTTService.java

@@ -587,6 +587,7 @@ public void publishArrived(String topic, byte[] payloadbytes, int qos,
 				if (json.has("mdm") && json.getString("mdm") != null) {
 					Intent intent = new Intent();
 					intent.setAction(ACTION_MDM);
+					intent.setPackage(_context.getPackageName());
 					intent.putExtra("mdmtoken", json.getString("mdm"));
 					_context.sendBroadcast(intent);
 

Engine/src/org/zywx/wbpalmstar/platform/push/report/PushReportAgent.java

@@ -161,23 +161,25 @@ public static void reportPush(String pushInfo, String occuredAt,
 		PushReportUtility.log("reportPush===" + pushInfo + " eventType==="
 				+ eventType);
 		String msgId = parsePushInfo2MsgId(pushInfo);
-		List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
-		nameValuePairs
-				.add(new BasicNameValuePair(KEY_PUSH_REPORT_MSGID, msgId));
-		nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_SOFTTOKEN,
-				softToken));
-		nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_EVENTTYPE,
-				eventType));
-		nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_OCCUREDAT,
-				occuredAt));
-		if (eventType.equals(PushReportConstants.EVENT_TYPE_OPEN)) {
-			PushReportThread.getPushReportThread(context, sAgent,
-					TYPE_PUSH_REPORT_OPEN, nameValuePairs).start();
-			Log.i("push", "EVENT_TYPE_OPEN");
-		} else if (eventType.equals(PushReportConstants.EVENT_TYPE_ARRIVED)) {
-			PushReportThread.getPushReportThread(context, sAgent,
-					TYPE_PUSH_REPORT_ARRIVED, nameValuePairs).start();
-			Log.i("push", "EVENT_TYPE_ARRIVED");
+		if (msgId != null) {
+			List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
+			nameValuePairs
+			.add(new BasicNameValuePair(KEY_PUSH_REPORT_MSGID, msgId));
+			nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_SOFTTOKEN,
+					softToken));
+			nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_EVENTTYPE,
+					eventType));
+			nameValuePairs.add(new BasicNameValuePair(KEY_PUSH_REPORT_OCCUREDAT,
+					occuredAt));
+			if (eventType.equals(PushReportConstants.EVENT_TYPE_OPEN)) {
+				PushReportThread.getPushReportThread(context, sAgent,
+						TYPE_PUSH_REPORT_OPEN, nameValuePairs).start();
+				Log.i("push", "EVENT_TYPE_OPEN");
+			} else if (eventType.equals(PushReportConstants.EVENT_TYPE_ARRIVED)) {
+				PushReportThread.getPushReportThread(context, sAgent,
+						TYPE_PUSH_REPORT_ARRIVED, nameValuePairs).start();
+				Log.i("push", "EVENT_TYPE_ARRIVED");
+			}
 		}
 	}