From b201f147aca39dccdfdbaa9561f5afdd3c23fa16 Mon Sep 17 00:00:00 2001
From: Alexander Sytnyk <asytnyk0@gmail.com>
Date: Wed, 7 Oct 2020 14:23:34 +0300
Subject: [PATCH] #9621 Add validation for the online tracking link

---
 .../main/java/net/osmand/util/Algorithms.java | 16 ++++++++++++++
 .../plus/monitoring/LiveMonitoringHelper.java | 16 +++++++++-----
 .../SettingsMonitoringActivity.java           | 21 ++++++++++++++++---
 3 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/OsmAnd-java/src/main/java/net/osmand/util/Algorithms.java b/OsmAnd-java/src/main/java/net/osmand/util/Algorithms.java
index ea2869aaa3..a1e721ac21 100644
--- a/OsmAnd-java/src/main/java/net/osmand/util/Algorithms.java
+++ b/OsmAnd-java/src/main/java/net/osmand/util/Algorithms.java
@@ -942,4 +942,20 @@ public class Algorithms {
 		}
 		return res;
 	}
+
+	public static boolean isValidMessageFormat(CharSequence sequence) {
+		if (!isEmpty(sequence)) {
+			int counter = 0;
+			for (int i = 0; i < sequence.length(); i++) {
+				char ch = sequence.charAt(i);
+				if (ch == '{') {
+					counter++;
+				} else if (ch == '}') {
+					counter--;
+				}
+			}
+			return counter == 0;
+		}
+		return false;
+	}
 }
\ No newline at end of file
diff --git a/OsmAnd/src/net/osmand/plus/monitoring/LiveMonitoringHelper.java b/OsmAnd/src/net/osmand/plus/monitoring/LiveMonitoringHelper.java
index 169507b35a..9ec8a3081c 100644
--- a/OsmAnd/src/net/osmand/plus/monitoring/LiveMonitoringHelper.java
+++ b/OsmAnd/src/net/osmand/plus/monitoring/LiveMonitoringHelper.java
@@ -131,7 +131,14 @@ public class LiveMonitoringHelper {
 	}
 
 	public void sendData(LiveMonitoringData data) {
-		String urlStr = getLiveUrl(data);
+		String baseUrl = app.getSettings().LIVE_MONITORING_URL.get();
+		String urlStr;
+		try {
+			urlStr = getLiveUrl(baseUrl, data);
+		} catch (IllegalArgumentException e) {
+			log.error("Could not construct live url from base url: " + baseUrl, e);
+			return;
+		}
 		try {
 			// Parse the URL and let the URI constructor handle proper encoding of special characters such as spaces
 			URL url = new URL(urlStr);
@@ -172,12 +179,11 @@ public class LiveMonitoringHelper {
 		}
 	}
 
-	private String getLiveUrl(LiveMonitoringData data) {
-		String st = app.getSettings().LIVE_MONITORING_URL.get();
+	private String getLiveUrl(String baseUrl, LiveMonitoringData data) {
 		List<String> prm = new ArrayList<String>();
 		int maxLen = 0;
 		for (int i = 0; i < 7; i++) {
-			boolean b = st.contains("{"+i+"}");
+			boolean b = baseUrl.contains("{"+i+"}");
 			if(b) {
 				maxLen = i;
 			}
@@ -210,6 +216,6 @@ public class LiveMonitoringHelper {
 				break;
 			}
 		}
-		return MessageFormat.format(st, prm.toArray());
+		return MessageFormat.format(baseUrl, prm.toArray());
 	}
 }
diff --git a/OsmAnd/src/net/osmand/plus/monitoring/SettingsMonitoringActivity.java b/OsmAnd/src/net/osmand/plus/monitoring/SettingsMonitoringActivity.java
index d048bbedd5..7ace6377ad 100644
--- a/OsmAnd/src/net/osmand/plus/monitoring/SettingsMonitoringActivity.java
+++ b/OsmAnd/src/net/osmand/plus/monitoring/SettingsMonitoringActivity.java
@@ -8,6 +8,7 @@ import android.graphics.Typeface;
 import android.graphics.drawable.Drawable;
 import android.os.Bundle;
 import android.preference.CheckBoxPreference;
+import android.preference.EditTextPreference;
 import android.preference.ListPreference;
 import android.preference.Preference;
 import android.preference.Preference.OnPreferenceClickListener;
@@ -23,11 +24,11 @@ import android.view.Window;
 import android.widget.ArrayAdapter;
 import android.widget.ImageView;
 import android.widget.TextView;
+import android.widget.Toast;
 
 import androidx.annotation.NonNull;
 import androidx.appcompat.app.AlertDialog;
 
-import net.osmand.plus.settings.backend.ApplicationMode;
 import net.osmand.plus.OsmAndFormatter;
 import net.osmand.plus.OsmAndTaskManager.OsmAndTaskRunnable;
 import net.osmand.plus.OsmandApplication;
@@ -35,6 +36,8 @@ import net.osmand.plus.R;
 import net.osmand.plus.UiUtilities;
 import net.osmand.plus.activities.SavingTrackHelper;
 import net.osmand.plus.activities.SettingsBaseActivity;
+import net.osmand.plus.settings.backend.ApplicationMode;
+import net.osmand.util.Algorithms;
 
 import java.util.Map;
 
@@ -172,8 +175,20 @@ public class SettingsMonitoringActivity extends SettingsBaseActivity {
 		cat.setTitle(R.string.live_monitoring_m);
 		grp.addPreference(cat);
 
-		cat.addPreference(createEditTextPreference(settings.LIVE_MONITORING_URL, R.string.live_monitoring_url,
-				R.string.live_monitoring_url_descr));
+		EditTextPreference urlPreference = createEditTextPreference(settings.LIVE_MONITORING_URL, R.string.live_monitoring_url,
+				R.string.live_monitoring_url_descr);
+		urlPreference.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
+			@Override
+			public boolean onPreferenceChange(Preference preference, Object newValue) {
+				if (Algorithms.isValidMessageFormat((String) newValue)) {
+					return SettingsMonitoringActivity.super.onPreferenceChange(preference, newValue);
+				} else {
+					Toast.makeText(SettingsMonitoringActivity.this, R.string.wrong_format, Toast.LENGTH_SHORT).show();
+					return false;
+				}
+			}
+		});
+		cat.addPreference(urlPreference);
 		final CheckBoxPreference liveMonitoring = createCheckBoxPreference(settings.LIVE_MONITORING, R.string.live_monitoring_m,
 				R.string.live_monitoring_m_descr);
 		cat.addPreference(liveMonitoring);