Avoid destination's file outside repository (#861)

app/src/main/java/com/zeapo/pwdstore/PasswordStore.kt

@@ -66,6 +66,7 @@ import com.zeapo.pwdstore.utils.PasswordRepository.Companion.initialize
 import com.zeapo.pwdstore.utils.PasswordRepository.Companion.isInitialized
 import com.zeapo.pwdstore.utils.PasswordRepository.PasswordSortOrder.Companion.getSortOrder
 import com.zeapo.pwdstore.utils.commitChange
+import com.zeapo.pwdstore.utils.isInsideRepository
 import com.zeapo.pwdstore.utils.listFilesRecursively
 import com.zeapo.pwdstore.utils.requestInputFocusOnView
 import kotlinx.coroutines.Dispatchers
@@ -666,15 +667,11 @@ class PasswordStore : AppCompatActivity(R.layout.activity_pwdstore) {
         }.launch(intent)
     }
 
-    private fun isInsideRepository(file: File): Boolean {
-        return file.canonicalPath.contains(getRepositoryDirectory(this).canonicalPath)
-    }
-
     enum class CategoryRenameError(val resource: Int) {
         None(0),
         EmptyField(R.string.message_category_error_empty_field),
         CategoryExists(R.string.message_category_error_category_exists),
-        DestinationOutsideRepo(R.string.message_category_error_destination_outside_repo),
+        DestinationOutsideRepo(R.string.message_error_destination_outside_repo),
     }
 
     /**

app/src/main/java/com/zeapo/pwdstore/crypto/PasswordCreationActivity.kt

@@ -18,6 +18,7 @@ import androidx.lifecycle.lifecycleScope
 import com.github.ajalt.timberkt.e
 import com.google.android.material.dialog.MaterialAlertDialogBuilder
 import com.zeapo.pwdstore.PasswordEntry
+import com.zeapo.pwdstore.utils.isInsideRepository
 import com.zeapo.pwdstore.R
 import com.zeapo.pwdstore.autofill.oreo.AutofillPreferences
 import com.zeapo.pwdstore.autofill.oreo.DirectoryStructure
@@ -235,6 +236,11 @@ class PasswordCreationActivity : BasePgpActivity(), OpenPgpServiceConnection.OnB
                                 snackbar(message = getString(R.string.password_creation_duplicate_error))
                                 return@executeApiAsync
                             }
+
+                            if (!isInsideRepository(file)) {
+                                snackbar(message = getString(R.string.message_error_destination_outside_repo))
+                                return@executeApiAsync
+                            }
                             try {
                                 file.outputStream().use {
                                     it.write(outputStream.toByteArray())

app/src/main/java/com/zeapo/pwdstore/utils/Extensions.kt

@@ -23,6 +23,7 @@ import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKey
 import com.github.ajalt.timberkt.d
 import com.google.android.material.snackbar.Snackbar
+import com.zeapo.pwdstore.PasswordStore
 import com.zeapo.pwdstore.git.GitAsyncTask
 import com.zeapo.pwdstore.git.GitOperation
 import com.zeapo.pwdstore.utils.PasswordRepository.Companion.getRepositoryDirectory
@@ -123,3 +124,7 @@ fun <T : View> AlertDialog.requestInputFocusOnView(@IdRes id: Int) {
 val Context.autofillManager: AutofillManager?
     @RequiresApi(Build.VERSION_CODES.O)
     get() = getSystemService()
+
+fun Activity.isInsideRepository(file: File): Boolean {
+    return file.canonicalPath.contains(getRepositoryDirectory(this).canonicalPath)
+}

app/src/main/res/values/strings.xml

@@ -327,7 +327,7 @@
     <string name="title_rename_folder">Rename folder</string>
     <string name="message_category_error_empty_field">Category name can\'t be empty</string>
     <string name="message_category_error_category_exists">Category name already exists</string>
-    <string name="message_category_error_destination_outside_repo">Destination must be within the repository</string>
+    <string name="message_error_destination_outside_repo">Destination must be within the repository</string>
     <string name="message_rename_folder">Enter destination for %1$s</string>
     <string name="button_create">Create</string>
     <string name="pref_search_on_start">Open search on start</string>