author Michael Kaply <mozilla@kaply.com>

Mon, 17 Apr 2017 13:11:43 -0500

changeset 563754 04a40c6c968d9d6686ff1b365498ff7238f10e36

parent 563747 3b2c978a36850a7efb0a69ce2d4a926ee54409ed

child 624567 4b15ea0e25cfbd58721d61e0ed30ac8dcea6c24b

push id 54410

push user mozilla@kaply.com

push date Mon, 17 Apr 2017 18:31:47 +0000

reviewers nalexander

bugs 1357121

milestone 55.0a1

mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java file | annotate | diff | comparison | revisions
--- a/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
+++ b/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
@@ -873,17 +873,17 @@ public class Distribution {
     private URI getReferredDistribution(ReferrerDescriptor descriptor) {
         final String content = descriptor.content;
         if (content == null) {
             return null;
         }
 
         // We restrict here to avoid injection attacks. After all,
         // we're downloading a distribution payload based on intent input.
-        if (!content.matches("^[a-zA-Z0-9]+$")) {
+        if (!content.matches("^[a-zA-Z0-9_-]+$")) {
             Log.e(LOGTAG, "Invalid referrer content: " + content);
             Telemetry.addToHistogram(HISTOGRAM_REFERRER_INVALID, 1);
             return null;
         }
 
         try {
             return new URI(FETCH_PROTOCOL, FETCH_HOSTNAME, FETCH_PATH + content + FETCH_EXTENSION, null);
         } catch (URISyntaxException e) {
author	Michael Kaply <mozilla@kaply.com>
	Mon, 17 Apr 2017 13:11:43 -0500
changeset 563754	04a40c6c968d9d6686ff1b365498ff7238f10e36
parent 563747	3b2c978a36850a7efb0a69ce2d4a926ee54409ed
child 624567	4b15ea0e25cfbd58721d61e0ed30ac8dcea6c24b
push id	54410
push user	mozilla@kaply.com
push date	Mon, 17 Apr 2017 18:31:47 +0000
reviewers	nalexander
bugs	1357121
milestone	55.0a1