From 577efb76a41a7685689f0b0c337f10034484f6c1 Mon Sep 17 00:00:00 2001
From: Anthony Restaino <anthonyrestaino11@gmail.com>
Date: Thu, 15 Oct 2015 22:11:24 -0400
Subject: [PATCH] Fixed security vulnerability in the intent selector

---
 .../java/acr/browser/lightning/utils/IntentUtils.java    | 9 +++++++--
 .../acr/browser/lightning/view/LightningWebClient.java   | 5 +++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/src/main/java/acr/browser/lightning/utils/IntentUtils.java b/app/src/main/java/acr/browser/lightning/utils/IntentUtils.java
index 21e6791..91944c7 100644
--- a/app/src/main/java/acr/browser/lightning/utils/IntentUtils.java
+++ b/app/src/main/java/acr/browser/lightning/utils/IntentUtils.java
@@ -7,6 +7,7 @@ import android.content.IntentFilter;
 import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
 import android.net.Uri;
+import android.os.Build;
 import android.util.Log;
 import android.webkit.WebView;
 
@@ -39,6 +40,12 @@ public class IntentUtils {
             return false;
         }
 
+        intent.addCategory(Intent.CATEGORY_BROWSABLE);
+        intent.setComponent(null);
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH_MR1) {
+            intent.setSelector(null);
+        }
+
         if (mActivity.getPackageManager().resolveActivity(intent, 0) == null) {
             String packagename = intent.getPackage();
             if (packagename != null) {
@@ -51,8 +58,6 @@ public class IntentUtils {
                 return false;
             }
         }
-        intent.addCategory(Intent.CATEGORY_BROWSABLE);
-        intent.setComponent(null);
         if (tab != null) {
             intent.putExtra(mActivity.getPackageName() + ".Origin", 1);
         }
diff --git a/app/src/main/java/acr/browser/lightning/view/LightningWebClient.java b/app/src/main/java/acr/browser/lightning/view/LightningWebClient.java
index f814f01..b27d524 100644
--- a/app/src/main/java/acr/browser/lightning/view/LightningWebClient.java
+++ b/app/src/main/java/acr/browser/lightning/view/LightningWebClient.java
@@ -293,6 +293,11 @@ class LightningWebClient extends WebViewClient {
                 return false;
             }
             if (intent != null) {
+                intent.addCategory(Intent.CATEGORY_BROWSABLE);
+                intent.setComponent(null);
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH_MR1) {
+                    intent.setSelector(null);
+                }
                 try {
                     mActivity.startActivity(intent);
                 } catch (ActivityNotFoundException e) {