Explicit (fake) Intent is used to avoid security flaws (#873)

federicoiosue · Oct 31, 2022 · b5d15f1 · b5d15f1
1 parent 26259d8
commit b5d15f1
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/...es/src/main/java/it/feio/android/omninotes/helpers/notifications/NotificationsHelper.java b/...es/src/main/java/it/feio/android/omninotes/helpers/notifications/NotificationsHelper.java
@@ -35,6 +35,7 @@
 import androidx.core.app.NotificationCompat;
 import androidx.core.app.NotificationCompat.Builder;
 import com.pixplicity.easyprefs.library.Prefs;
+import it.feio.android.omninotes.MainActivity;
 import it.feio.android.omninotes.R;
 import lombok.NonNull;
 
@@ -191,13 +192,14 @@ public NotificationsHelper show() {
   }
 
   public NotificationsHelper show(long id) {
-    Notification mNotification = mBuilder.build();
+    var mNotification = mBuilder.build();
     if (mNotification.contentIntent == null) {
       var pIntentFlags = PendingIntent.FLAG_UPDATE_CURRENT;
       if (android.os.Build.VERSION.SDK_INT >= 23) {
-       pIntentFlags = pIntentFlags | PendingIntent.FLAG_IMMUTABLE;
+        pIntentFlags = pIntentFlags | PendingIntent.FLAG_IMMUTABLE;
       }
-      var pendingIntent = PendingIntent.getActivity(mContext, 0, new Intent(), pIntentFlags);
+      var emptyExplicitIntent = new Intent(mContext, MainActivity.class);
+      var pendingIntent = PendingIntent.getActivity(mContext, 0, emptyExplicitIntent, pIntentFlags);
       mBuilder.setContentIntent(pendingIntent);
     }
     mNotificationManager.notify(String.valueOf(id), 0, mBuilder.build());