[#557]完善解决对webview选择文件的返回值做校验 (#586)

Author: fengxiaochuan-xiaomi

core/runtime/android/widgets/src/main/java/org/hapjs/widgets/view/NestedWebView.java

@@ -1375,18 +1375,48 @@ private Uri[] blockPrivatePaths(Uri[] resultList) {
                     String dataData = "/data/data/" + mContext.getPackageName();
                     String dataUser = dataData;
                     File dataDir = ContextCompat.getDataDir(mContext);
+                    String filePath = "";
+                    try {
+                        filePath = new File(path).getCanonicalPath();
+                    } catch (IOException e) {
+                        Log.e(TAG, "blockPrivatePaths: ", e);
+                        return new Uri[0];
+                    }
+                    String externalData = "/sdcard/Android/data/" + mContext.getPackageName();
                     if (dataDir != null) {
                         dataUser = dataDir.getPath();
                     }
-                    if (!TextUtils.isEmpty(path) && (path.startsWith(dataData) || path.startsWith(dataUser))) {
-                        return new Uri[0];
+                    if (!TextUtils.isEmpty(filePath)) {
+                        if (filePath.startsWith(dataData) || filePath.startsWith(dataUser)) {
+                            return new Uri[0];
+                        }
+                        if (filePath.toLowerCase().startsWith(externalData.toLowerCase())) {
+                            return new Uri[0];
+                        }
+                        File[] externalFilesDirs = mContext.getExternalFilesDirs(null);
+                        if (checkPath(filePath, externalFilesDirs)) return new Uri[0];
+                        File[] externalCacheDirs = mContext.getExternalCacheDirs();
+                        if (checkPath(filePath, externalCacheDirs)) return new Uri[0];
+                        File[] externalMediaDirs = mContext.getExternalMediaDirs();
+                        if (checkPath(filePath, externalMediaDirs)) return new Uri[0];
                     }
                 }
             }
         }
         return resultList;
     }
 
+    private boolean checkPath(String path, File[] files) {
+        if (files != null) {
+            for (File file : files) {
+                if (path.toLowerCase().startsWith(file.getAbsolutePath().toLowerCase())) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     private void resolveLowApiResult() {
         final HybridView hybridView =
                 getComponent() != null ? getComponent().getHybridView() : null;
@@ -1423,6 +1453,16 @@ && getComponent().getCallback() != null) {
                                         mCacheVideoFile = null;
                                     }
                                     result = tmpResults;
+                                } else {
+                                    //photo or video sometimes go here
+                                    if ((mCachePhotoFile == null || !mCachePhotoFile.exists() || mCachePhotoFile.length() == 0) && (mCacheVideoFile == null || !mCacheVideoFile.exists() || mCacheVideoFile.length() == 0)) {
+                                        //not check photo or video
+                                        Uri[] results = new Uri[]{result};
+                                        Uri[] resultsAfterCheck = blockPrivatePaths(results);
+                                        if (resultsAfterCheck.length == 0) {
+                                            result = null;
+                                        }
+                                    }
                                 }
                             }
                             if (null != mSingleFileCallback) {